{"id":16456,"date":"2014-12-22T16:22:56","date_gmt":"2014-12-22T10:52:56","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=16456"},"modified":"2014-12-22T16:22:56","modified_gmt":"2014-12-22T10:52:56","slug":"access-content-repository-via-getserviceresourceresolver-in-aem6sling7","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/access-content-repository-via-getserviceresourceresolver-in-aem6sling7\/","title":{"rendered":"Access Content Repository via getServiceResourceResolver() in AEM6\/Sling7"},"content":{"rendered":"

JCR Sessions and Sling Based Authentication are always the important in code where someone\u00a0need to get an access of the Content Repository. But this same way to get an access over content repository was remains controversial due to its administrative privileges . So with the new AEM6 version below methods have been deprecated to get an access of admin sessions which can cause the security vulnerabilities :<\/p>\n

1) ResourceResolverFactory.getAdministrativeResourceResolver
\n2) ResourceProviderFactory.getAdministrativeResourceProvider
\n3) SlingRepository.loginAdministrative<\/p>\n

Latest release of Sling provide an alternative to access the repository without using admin session via Service Based Authentication. In Service Based authentication each service will bind to specific set of users which will have different access privileges. These users also refer as the service users. Below is the implementation steps of service based authentication .<\/p>\n

Step 1 : Create two users with different access privileges, gives one to read and other to read\/write.
\nStep 2 : Create two services which try to write some property inside node :<\/p>\n

WriteOpService<\/p>\n

[java]
\n@Service
\n@Component(immediate = true)
\npublic class WriteOpServiceImpl implements WriteOpService{
\n private final Logger logger = LoggerFactory.getLogger(WriteOpServiceImpl.class);
\n @Reference
\n private ResourceResolverFactory resolverFactory;
\n @Override
\n public void writePropToNode(String resourcePath) {
\n Map<String, Object> serviceParams = new HashMap<String, Object>();
\n serviceParams.put(ResourceResolverFactory.SUBSERVICE, "writeService");
\n ResourceResolver resolver = null;
\n try {
\n resolver = resolverFactory.getServiceResourceResolver(serviceParams);
\n logger.info(resolver.getUserID());
\n Resource res = resolver.getResource(resourcePath+"\/jcr:content");
\n logger.info("Path is ::: "+res.getPath());
\n ModifiableValueMap modMap = res.adaptTo(ModifiableValueMap.class);
\n if(modMap != null){
\n modMap.put("propname", "propValue");
\n resolver.commit();
\n logger.info("Successfully saved");
\n }
\n } catch (Exception e) {
\n logger.error("Exceptions is ::: ",e);
\n }finally{
\n if(resolver != null){
\n resolver.close();
\n }
\n }
\n }[\/java]<\/p>\n

ReadOpService :<\/p>\n

[java]
\n@Service
\n@Component(immediate = true)
\npublic class ReadOpServiceImpl implements ReadOpService {<\/p>\n

private final Logger logger = LoggerFactory.getLogger(ReadOpServiceImpl.class);<\/p>\n

@Reference
\n private ResourceResolverFactory resolverFactory;<\/p>\n

@Override
\n public void readPropFromNode(String resourcePatb) {
\n Map<String, Object> serviceParams = new HashMap<String, Object>();
\n serviceParams.put(ResourceResolverFactory.SUBSERVICE, "readService");
\n ResourceResolver resolver = null;
\n try {
\n resolver = resolverFactory.getServiceResourceResolver(serviceParams);
\n logger.info(resolver.getUserID());
\n Resource res = resolver.getResource(resourcePatb+"\/jcr:content");
\n logger.info("Path is ::: "+res.getPath());
\n ModifiableValueMap modMap = res.adaptTo(ModifiableValueMap.class);
\n if(modMap != null){
\n modMap.put("propname", "propValue");
\n resolver.commit();
\n logger.info("Successfully saved");
\n }
\n } catch (Exception e) {
\n logger.error("Exceptions is ::: ",e);
\n }finally{
\n if(resolver != null){
\n resolver.close();
\n }
\n }
\n }
\n[\/java]<\/p>\n

Step 3 : Configure the Apache Sling Service User Mapper service via Felix Console as below:<\/p>\n

\"console\"<\/a><\/p>\n

Syntax will be \u00a0: [bundle-symbolic-name]:[subServiceName]=[Service-User]\u00a0<\/strong><\/p>\n

Step 4 : Create some authering stuff, in such a way we will pass the page path then on submit, property propname with value propValue\u00a0will be set to the page.
\nStep 5 : Below is the sample associated component script :<\/p>\n

[java]<%@include file="\/libs\/foundation\/global.jsp"%>
\n<%@page session="false" %>
\n<% String prop = properties.get("pagePath","");
\ncom.aem.services.WriteOpService writeOpService = sling.getService(com.aem.services.WriteOpService.class);
\ncom.aem.services.ReadOpService readOpService = sling.getService(com.aem.services.ReadOpService.class);
\n\/\/readOpService.readPropFromNode(prop);
\nwriteOpService.writePropToNode(prop); %>
\n[\/java]<\/p>\n

If we look both the services they are performing the write operation but in the success will depends on via which user you logged in & which operation you call, as different services are associated with different service users. Refer the below link for further information :
\nhttps:\/\/cwiki.apache.org\/confluence\/display\/SLING\/Service+Authentication<\/a><\/p>\n

Vivek Dhiman<\/p>\n","protected":false},"excerpt":{"rendered":"

JCR Sessions and Sling Based Authentication are always the important in code where someone\u00a0need to get an access of the Content Repository. But this same way to get an access over content repository was remains controversial due to its administrative privileges . So with the new AEM6 version below methods have been deprecated to get […]<\/p>\n","protected":false},"author":128,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":2},"categories":[1],"tags":[1581,1580,1360],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/16456"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/128"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=16456"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/16456\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=16456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=16456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=16456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}