Java 如何使用ACL权限以编程方式在aem6.2中创建用户和组?
是否可以使用具有权限的Jackrabbit用户管理器API在AEM6.2中创建组和用户。 我刚刚遵循了以下URL,但代码引发了一些异常:Java 如何使用ACL权限以编程方式在aem6.2中创建用户和组?,java,aem,jcr,sling,aem-6,Java,Aem,Jcr,Sling,Aem 6,是否可以使用具有权限的Jackrabbit用户管理器API在AEM6.2中创建组和用户。 我刚刚遵循了以下URL,但代码引发了一些异常: 由于method已被弃用,那么我们如何使用method来代替它。我直接从官方Adobe频道的培训中提供了这段代码,它基于AEM 6.1。所以我认为这可能是最好的做法 private void modifyPermissions() { Session adminSession = null; try{ adminS
由于method已被弃用,那么我们如何使用method来代替它。我直接从官方Adobe频道的培训中提供了这段代码,它基于AEM 6.1。所以我认为这可能是最好的做法
private void modifyPermissions() {
Session adminSession = null;
try{
adminSession = repository.loginService(null, repository.getDefaultWorkspace());
UserManager userMgr= ((org.apache.jackrabbit.api.JackrabbitSession)adminSession).getUserManager();
AccessControlManager accessControlManager = adminSession.getAccessControlManager();
Authorizable denyAccess = userMgr.getAuthorizable("deny-access");
AccessControlPolicyIterator policyIterator =
accessControlManager.getApplicablePolicies(CONTENT_GEOMETRIXX_FR);
AccessControlList acl;
try{
acl=(JackrabbitAccessControlList) policyIterator.nextAccessControlPolicy();
}catch(NoSuchElementException nse){
acl=(JackrabbitAccessControlList) accessControlManager.getPolicies(CONTENT_GEOMETRIXX_FR)[0];
}
Privilege[] privileges = {accessControlManager.privilegeFromName(Privilege.JCR_READ)};
acl.addAccessControlEntry(denyAccess.getPrincipal(), privileges);
accessControlManager.setPolicy(CONTENT_GEOMETRIXX_FR, acl);
adminSession.save();
}catch (RepositoryException e){
LOGGER.error("**************************Repo Exception", e);
}finally{
if (adminSession != null)
adminSession.logout();
}
分享我的解决方案,这将有助于其他人 以下是使用方法创建组,然后创建用户,然后将用户添加到具有ACL权限和权限的组中的代码:
public void createGroupUser(SlingHttpServletRequest request) {
String userName = request.getParameter("userName");
String password = request.getParameter("password");
String groupName = request.getParameter("groupName");
Session session = null;
ResourceResolver resourceResolver = null;
try {
Map<String, Object> param = new HashMap<String, Object>();
param.put(ResourceResolverFactory.SUBSERVICE, "datawrite");
resourceResolver = resourceResolverFactory.getServiceResourceResolver(param);
session = resourceResolver.adaptTo(Session.class);
// Create UserManager Object
final UserManager userManager = AccessControlUtil.getUserManager(session);
// Create a Group
Group group = null;
if (userManager.getAuthorizable(groupName) == null) {
group = userManager.createGroup(groupName);
ValueFactory valueFactory = session.getValueFactory();
Value groupNameValue = valueFactory.createValue(groupName, PropertyType.STRING);
group.setProperty("./profile/givenName", groupNameValue);
session.save();
log.info("---> {} Group successfully created.", group.getID());
} else {
log.info("---> Group already exist..");
}
// Create a User
User user = null;
if (userManager.getAuthorizable(userName) == null) {
user = userManager.createUser(userName, password);
ValueFactory valueFactory = session.getValueFactory();
Value firstNameValue = valueFactory.createValue("Arpit", PropertyType.STRING);
user.setProperty("./profile/givenName", firstNameValue);
Value lastNameValue = valueFactory.createValue("Bora", PropertyType.STRING);
user.setProperty("./profile/familyName", lastNameValue);
Value emailValue = valueFactory.createValue("arpit.p.bora@gmail.com", PropertyType.STRING);
user.setProperty("./profile/email", emailValue);
session.save();
// Add User to Group
Group addUserToGroup = (Group) (userManager.getAuthorizable(groupName));
addUserToGroup.addMember(userManager.getAuthorizable(userName));
session.save();
// set Resource-based ACLs
String nodePath = user.getPath();
setAclPrivileges(nodePath, session);
log.info("---> {} User successfully created and added into group.", user.getID());
} else {
log.info("---> User already exist..");
}
} catch (Exception e) {
log.info("---> Not able to perform User Management..");
log.info("---> Exception.." + e.getMessage());
} finally {
if (session != null && session.isLive()) {
session.logout();
}
if (resourceResolver != null)
resourceResolver.close();
}
}
public static void setAclPrivileges(String path, Session session) {
try {
AccessControlManager aMgr = session.getAccessControlManager();
// create a privilege set
Privilege[] privileges = new Privilege[] {
aMgr.privilegeFromName(Privilege.JCR_VERSION_MANAGEMENT),
aMgr.privilegeFromName(Privilege.JCR_MODIFY_PROPERTIES),
aMgr.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES),
aMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT),
aMgr.privilegeFromName(Privilege.JCR_NODE_TYPE_MANAGEMENT),
aMgr.privilegeFromName(Replicator.REPLICATE_PRIVILEGE) };
AccessControlList acl;
try {
// get first applicable policy (for nodes w/o a policy)
acl = (AccessControlList) aMgr.getApplicablePolicies(path).nextAccessControlPolicy();
} catch (NoSuchElementException e) {
// else node already has a policy, get that one
acl = (AccessControlList) aMgr.getPolicies(path)[0];
}
// remove all existing entries
for (AccessControlEntry e : acl.getAccessControlEntries()) {
acl.removeAccessControlEntry(e);
}
// add a new one for the special "everyone" principal
acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges);
// the policy must be re-set
aMgr.setPolicy(path, acl);
// and the session must be saved for the changes to be applied
session.save();
} catch (Exception e) {
log.info("---> Not able to perform ACL Privileges..");
log.info("---> Exception.." + e.getMessage());
}
}
public void createGroupUser(SlingHttpServletRequest请求){
字符串userName=request.getParameter(“用户名”);
字符串密码=request.getParameter(“密码”);
字符串groupName=request.getParameter(“groupName”);
会话=空;
ResourceResolver ResourceResolver=null;
试一试{
Map param=new HashMap();
参数put(resourcesolverfactory.SUBSERVICE,“数据写入”);
resourceResolver=resourceResolverFactory.getServiceResourceResolver(参数);
session=resourcesolver.adapto(session.class);
//创建用户管理器对象
最终UserManager UserManager=AccessControlUtil.getUserManager(会话);
//创建一个组
组=空;
if(userManager.getAuthorizable(groupName)==null){
group=userManager.createGroup(groupName);
ValueFactory ValueFactory=session.getValueFactory();
Value groupNameValue=valueFactory.createValue(groupName,PropertyType.STRING);
group.setProperty(“./profile/givenName”,groupNameValue);
session.save();
log.info(“-->{}组已成功创建。”,Group.getID());
}否则{
log.info(“-->组已存在…”);
}
//创建用户
User=null;
if(userManager.getAuthorizable(userName)==null){
user=userManager.createUser(用户名、密码);
ValueFactory ValueFactory=session.getValueFactory();
Value firstNameValue=valueFactory.createValue(“arbit”,PropertyType.STRING);
user.setProperty(“./profile/givenName”,firstNameValue);
Value lastNameValue=valueFactory.createValue(“Bora”,PropertyType.STRING);
user.setProperty(“./profile/familyName”,lastNameValue);
Value emailValue=valueFactory.createValue(“arbit.p。bora@gmail.com,PropertyType.STRING);
user.setProperty(“./profile/email”,emailValue);
session.save();
//将用户添加到组
组addUserToGroup=(组)(userManager.getAuthorizable(groupName));
addUserToGroup.addMember(userManager.getAuthorizable(用户名));
session.save();
//设置基于资源的ACL
字符串nodePath=user.getPath();
setAclPrivileges(节点路径、会话);
log.info(“-->{}User已成功创建并添加到组中。”,User.getID());
}否则{
log.info(“-->用户已存在…”);
}
}捕获(例外e){
log.info(“-->无法执行用户管理…”);
log.info(“-->异常..”+e.getMessage());
}最后{
if(session!=null&&session.isLive()){
session.logout();
}
if(resourcesolver!=null)
resourcesolver.close();
}
}
公共静态void setAclPrivileges(字符串路径、会话){
试一试{
AccessControlManager aMgr=session.getAccessControlManager();
//创建一个特权集
特权[]特权=新特权[]{
aMgr.privilegeFromName(Privilege.JCR\u版本管理),
aMgr.privilegeFromName(Privilege.JCR\u MODIFY\u属性),
aMgr.privilegeFromName(Privilege.JCR\u ADD\u CHILD\u节点),
aMgr.privilegeFromName(Privilege.JCR_LOCK_MANAGEMENT),
aMgr.privilegeFromName(Privilege.JCR\u NODE\u TYPE\u MANAGEMENT),
aMgr.privilegeFromName(Replicator.REPLICATE\u PRIVILEGE)};
访问控制acl;
试一试{
//获取第一个适用的策略(对于没有策略的节点)
acl=(AccessControlList)aMgr.getApplicatablePolicys(path.nextAccessControlPolicy();
}捕获(无接触元素例外e){
//else节点已具有策略,请获取该策略
acl=(AccessControlList)aMgr.getPolicys(路径)[0];
}
//删除所有现有条目
对于(AccessControlEntry e:acl.getAccessControlEntries()){
acl.取消访问控制中心(e);
}
//为特殊的“每个人”负责人添加一个新的
acl.addAccessControlEntry(EveryonePrincipal.getInstance(),特权);
//必须重新设置策略
aMgr.setPolicy(路径、acl);
//并且必须保存会话才能应用更改
session.save();
}捕获(例外e){
log.info(“-->无法执行ACL权限…”);
log.info(“-->异常..”+e.getMessage());
}
}
在代码中,“datawrite”是一个服务映射,该映射与中的系统用户“Apache Sling服务用户映射器服务”进行映射,该映射可在OSGI配置管理界面中配置
有关系统用户的更多详细信息,请查看链接-感谢您的建议,但我想先创建组,然后创建用户,然后使用getServiceResourceResolver(map)或具有ACL权限的loginService(“datawrite”,null)方法将用户添加到组中。是否有任何方法可以使用getServiceResourceResolver(map)或loginService(“datawrite”,null)方法创建组?在哪里