In the latest AEM version usage of admin resource resolver is deprecated. We have to use the system/service user to access the data.
You can manually create System user using aem crx explorer console and create a service mapping to access it in your application. But the process of creating system user and setting up the required permissions should be replicated across all the AEM instances, which is a additional burden and error prone. To overcome this ACS commons has provided a beautiful service (Ensure Service User )which can create the System user and set the permissions automatically based on OSGi configuration.
The Ensure Service User facilitates defining service users and their ACLs in OSGi configurations, and will intelligently ensure they exist on the target AEM instances.
Below is the example configuration
Principal Name : The service user name ,can be just the principal name, a relative path, or the absolute path where the user should be stored in the JCR. Service users will ONLY exist under /home/users/system. If a system user exists with the same principal name at a different location then a new user will not be created, pricncipalName cannot be same.
Operation : add OR remove
When set to true, the user creation and permissions update are performed whenever this bundle is loaded.
ACE's : List of ACE definitions(permissions) to be set for the service user
Format: type=allow;privileges=jcr:read,rep:write;path=/content/myapp
You can manually create System user using aem crx explorer console and create a service mapping to access it in your application. But the process of creating system user and setting up the required permissions should be replicated across all the AEM instances, which is a additional burden and error prone. To overcome this ACS commons has provided a beautiful service (Ensure Service User )which can create the System user and set the permissions automatically based on OSGi configuration.
The Ensure Service User facilitates defining service users and their ACLs in OSGi configurations, and will intelligently ensure they exist on the target AEM instances.
Below is the example configuration
Principal Name : The service user name ,can be just the principal name, a relative path, or the absolute path where the user should be stored in the JCR. Service users will ONLY exist under /home/users/system. If a system user exists with the same principal name at a different location then a new user will not be created, pricncipalName cannot be same.
Operation : add OR remove
- add ensures the existence of the service user and ACLs
- remove ensures that the service user and any ACLs are removed
When set to true, the user creation and permissions update are performed whenever this bundle is loaded.
ACE's : List of ACE definitions(permissions) to be set for the service user
Format: type=allow;privileges=jcr:read,rep:write;path=/content/myapp
- type:(Required) allow OR deny
- privileges: (Required) comma delimited list of valid JCR privileges
- path: (Required) absolute content path which the ACE will be applied
No comments:
Post a Comment