当我以编程方式在aem 6.2(6.1)中创建组和用户时,AccessDeniedException?

时间:2016-08-02 11:31:50

标签: java adobe aem sling aem-6

我想首先创建Group然后再创建User,然后我想使用getServiceResourceResolver(map)或loginService(“datawrite”,null)将用户添加到组。

我尝试了以下代码,并且在会话保存时遇到异常(adminSession.save()):

    public void addGroupUser(SlingHttpServletRequest request) {
        log.info("----------------------------------------> addGroupUser");
        String groupName = request.getParameter("groupName");
        String userName = request.getParameter("userName");
        String password = request.getParameter("password");

        Session adminSession = null;
        ResourceResolver adminResolver = null;
        try {
            Map<String, Object> authInfoParam = new HashMap<String, Object>();
            authInfoParam.put(ResourceResolverFactory.SUBSERVICE, "datawrite");
            adminResolver = resolverFactory.getServiceResourceResolver(authInfoParam);
            //adminResolver = resolverFactory.getAdministrativeResourceResolver(null); //deprecated method
            adminSession = slingRepository.loginService("datawrite", null);
            log.info("----------------------------------------> Session user id = {}",adminSession.getUserID());

            // Create UserManager Object
            final UserManager userManager = AccessControlUtil.getUserManager(adminSession);

            // Create a Group
            Group group= null;
            if (userManager.getAuthorizable(groupName) == null) {
                //adminResolver.refresh();
                group = userManager.createGroup(groupName,new SimplePrincipal(groupName),"/home/groups/test");

                ValueFactory valueFactory = adminSession.getValueFactory();
                Value groupNameValue = valueFactory.createValue(groupName, PropertyType.STRING);
                group.setProperty("./profile/givenName", groupNameValue);
                //adminResolver.commit();
                log.info("----------------------------------------> {} Group successfully created.",group.getID());
            } else {
                log.info("----------------------------------------> Group already exist..");
            }

            // Create a User
            User user = null;
            if (userManager.getAuthorizable(userName) == null) {
                //adminResolver.refresh();
                user=userManager.createUser(userName, password,new SimplePrincipal(userName),"/home/users/test");

                ValueFactory valueFactory = adminSession.getValueFactory();
                Value firstNameValue = valueFactory.createValue("Arpit", PropertyType.STRING);
                user.setProperty("./profile/givenName", firstNameValue);

                Value lastNameValue = valueFactory.createValue("Bora", PropertyType.STRING);
                user.setProperty("./profile/familyName", lastNameValue);

                Value emailValue = valueFactory.createValue("arpit.p.bora@gmail.com", PropertyType.STRING);
                user.setProperty("./profile/email", emailValue);
                //adminResolver.commit();
                log.info("----------------------------------------> {} User successfully created.",user.getID());
            } else {
                log.info("----------------------------------------> User already exist..");
            }

            // Add Users to Group
            Group addUserToGroup = (Group)(userManager.getAuthorizable(groupName));
            addUserToGroup.addMember(userManager.getAuthorizable(userName));
            adminSession.save();

        }catch (Exception e) {
            log.info("----------------------------------------> Not able to perform User Management..");
            log.info("----------------------------------------> Exception.." + e.getMessage());
        } finally {
            if (adminSession != null && adminSession.isLive()) {
                adminSession.logout();
            }
            if (adminResolver != null)
                adminResolver.close();
        }
    }

异常日志是:

    javax.jcr.AccessDeniedException: OakAccess0000: Access denied
    at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:231)
    at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:212)
    at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:670)
    at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:496)
    at org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.performVoid(SessionImpl.java:419)
    at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:274)
    at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:416)
    ...
Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakAccess0000: Access denied
    at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.checkPermissions(PermissionValidator.java:212)
    at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.childNodeAdded(PermissionValidator.java:150)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
    at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:32)
    at org.apache.jackrabbit.oak.spi.commit.CompositeEditor.childNodeAdded(CompositeEditor.java:108)
    ...

我在“Apache Sling Service用户映射器服务”中与系统用户进行“datawrite”服务映射,可在OSGI配置管理界面中进行配置。

1 个答案:

答案 0 :(得分:0)

代码现在正常工作 - 这是一个权限问题。我将“datawrite”系统用户添加到管理员组:

enter image description here

这样 - OAK例外不会发生,系统用户可以在 AEM 6.2 / 6.1 中创建组和用户。