ResourceResolverFactory getServiceResourceResolver

2020-01-25 10:05发布

问题:

I want to write some data to AEM, and the below code works fine for me in AEM 6.0 but not in AEM 6.1 , always throws a Login Exception as follows:

"Login Exception when obtaining a CRX User for the Service:'writeService'.org.apache.sling.api.resource.LoginException: Cannot derive user name for bundle group.tti.commons-service [395] and sub service writeService"

OSGI Config:

Code in my class:

import javax.jcr.Session;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
....
@Reference
private ResourceResolverFactory factory;
private ResourceResolver resourceResolverWriter;
private static Session adminSession;
...
...
Map<String, Object> param = new HashMap<String, Object>();        
    param.put(ResourceResolverFactory.SUBSERVICE, "writeService");
try {
  resourceResolverWriter = factory.getServiceResourceResolver(param);            
  adminSession = resourceResolverWriter.adaptTo(Session.class);
...
} catch (LoginException e) {
...
}

Am i missing anything on AEM 6.1?

回答1:

In AEM 6.1, service users must be system users, which effectively means that their node in the JCR is of type rep:SystemUser. These users cannot be used to log in normally, only by background processes. The admin user is not a system user, so you cannot use the admin user in a service user mapping like this. You have to create a new system user and assign them the appropriate permissions.

If you would like to read more of the background on this change, take a look at https://issues.apache.org/jira/browse/SLING-3854.



回答2:

With Justin's advice, i tried and found the solution. Posting so can be beneficial for others.

Goal: To write data/nodes to content (specifically to /etc/userdata) when a user logs in.

We can achieve this in 2 ways (either way, the user needs to be a 'system user')

Process 1:

Step 1: Use in-built system user in OSGI configuration. In OSGI select Apache Sling Service User Mapper Service

group.abc.commons-service:writeService=oauthservice (where oauthservice is a system user)

Step 2: Assign that system user the permissions to access the content folder.

You see the system users in CRX at: /home/users/system

Process 2:

Step 1: Create a new system user. to do this Open http://localhost:4502/crx/explorer/index.jsp

1. Login as admin 
2. Open 'User Administration
3. Select 'Create System User'
4. Enter "user id"
5. Hit the Green button (you will not se a save button :)`

I have created abcwriteservice user

Step 2: Go to Permissions, and for the user abcwriteservice give Permissions to access the folder where you'd like to write. (In this example: /etc/userdata )

Step 3: Open OSGI console and go to Apache Sling Service User Mapper Service to define the service-user mapping.

Example: group.commons-service:writeService=abcwriteservice

Step 4: In code, i added extra parameter, as:

Map<String, Object> param = new HashMap<String, Object>();
param.put(ResourceResolverFactory.SUBSERVICE, "writeService");

try {
    resourceResolverWriter = factory.getServiceResourceResolver(param);

    if (resourceResolverWriter == null)
        throw new Exception("Could not obtain a CRX User for the Service:'writeService'");

    Node usersRootNode = adminSession.getNode("/etc/userdata/users");
}


回答3:

Also, if you are planning a future migration to AEM 6.2, consider using ACS Commons to facilitate the creation and availability of system users. It eliminates all this manual process which can be error-prone.

https://adobe-consulting-services.github.io/acs-aem-commons/features/ensure-service-users/index.html



回答4:

insted of making session like:

adminSession = resourceResolverWriter.adaptTo(Session.class);`

make Session like below ,hopefully Login exception will not occur

final Session session;
session= resourceResolver.adaptTo(Session.class);

This happen because resourceResolverWriter is not implicit object.



标签: aem sling