AEM System User:
Till AEM 6 we have the liberty to use any user as service user, for invoking and executing any service. But from AEM 6.1 there was a slight change on how to define the ServiceUserMapping and how the service user or system user has to be created.
If we try to assign any arbitrary user as service user in AEM 6.1 we would face below error : org.apache.sling.api.resource.LoginException: Cannot derive user name for bundle ch.inside.cqblog-bundle [452] and sub service readService Note:- From AEM 6.1 service users can only be mapped to system users (jcr:primaryType = rep:SystemUser).
In AEM 6.1, you must create an AEM System User to successfully get a session using code such as:
Why System User ??
Use of admin session and admin resource resolver through ResourceresolverFactory is now deprecated, that’s why from AEM 6.1 Adobe forces developers to create system users and map them to Service User Mapper in Felix Console.
This code will not work in AEM 6.1 using a standard user.
If we try to assign any arbitrary user as service user in AEM 6.1 we would face below error : org.apache.sling.api.resource.LoginException: Cannot derive user name for bundle com.kishore.aem-bundle [452] and sub service readService Note:- From AEM 6.1 service users can only be mapped to system users (jcr:primaryType = rep:SystemUser).
To create a system user, perform these tasks:
Once created, you can extend permissions like a normal user using the AEM ACL functionality.
Sometimes we face below error, so I tried the other option to use the system user.
Error:Missing permission to create intermediate authorizable folders.
Other option for using system user to set properties to node.
Use in-built system user in OSGI configuration. In OSGI select Apache Sling Service User Mapper Service
Add new entry com.kishore.aem:writeService=oauthservice
Note: If we try to set properties under /etc, read&write permission to be set for oauthservice system user else resourceResolver.getResource will return null pointer exception.
Till AEM 6 we have the liberty to use any user as service user, for invoking and executing any service. But from AEM 6.1 there was a slight change on how to define the ServiceUserMapping and how the service user or system user has to be created.
If we try to assign any arbitrary user as service user in AEM 6.1 we would face below error : org.apache.sling.api.resource.LoginException: Cannot derive user name for bundle ch.inside.cqblog-bundle [452] and sub service readService Note:- From AEM 6.1 service users can only be mapped to system users (jcr:primaryType = rep:SystemUser).
In AEM 6.1, you must create an AEM System User to successfully get a session using code such as:
Why System User ??
Use of admin session and admin resource resolver through ResourceresolverFactory is now deprecated, that’s why from AEM 6.1 Adobe forces developers to create system users and map them to Service User Mapper in Felix Console.
- Prevent excessive use of administrative JCR Sessions and ResourceResolvers.
- Allow services access to ResourceResolvers and JCR Sessions without requiring to hard-code or configure passwords.
- Allow services to use service users and/or system user which are specially configured for service level access.
import javax.jcr.Session; import org.apache.sling.api.resource.ResourceResolver; import org.apache.sling.api.resource.ResourceResolverFactory; .... @Reference private ResourceResolverFactory factory; private ResourceResolver resourceResolver; private static Session adminSession; ... ... Map<String, Object> param = new HashMap<String, Object>(); param.put(ResourceResolverFactory.SUBSERVICE, "writeService"); try { resourceResolver = factory.getServiceResourceResolver(param); adminSession = resourceResolver.adaptTo(Session.class); ResourceResolver resourceResolver=null; resourceResolver = resolverFactory.getServiceResourceResolver(param); Resource pageResource = resourceResolver.getResource("/etc/cloudservices/salesforce/kishore/jcr:content"); Node configNode = pageResource.adaptTo(Node.class); configNode.setProperty("accesstoken", client.getAccessToken()); adminSession.save(); ... } catch (LoginException e) { ... }
This code will not work in AEM 6.1 using a standard user.
If we try to assign any arbitrary user as service user in AEM 6.1 we would face below error : org.apache.sling.api.resource.LoginException: Cannot derive user name for bundle com.kishore.aem-bundle [452] and sub service readService Note:- From AEM 6.1 service users can only be mapped to system users (jcr:primaryType = rep:SystemUser).
To create a system user, perform these tasks:
- Open http://localhost:4502/crx/explorer/index.jsp
- Login as admin
- Click User Administration
- Click Create System User
- Set the UserId
- Click Save
Sometimes we face below error, so I tried the other option to use the system user.
Error:Missing permission to create intermediate authorizable folders.
Other option for using system user to set properties to node.
Use in-built system user in OSGI configuration. In OSGI select Apache Sling Service User Mapper Service
Add new entry com.kishore.aem:writeService=oauthservice
- com.kishore.aem is bundle name
- writeService is sling subservice name
- oauthservice is systemuser available in AEM
Note: If we try to set properties under /etc, read&write permission to be set for oauthservice system user else resourceResolver.getResource will return null pointer exception.
Restart your AEM that error won't appear - "Error:Missing permission to create intermediate authorizable folders."
ReplyDelete