Closed santiagozky closed 7 years ago
There are three solution approaches to this:
I would be in favour of 3. for the Vault Install Hook, but this not an option for JMX as there is no session/resourceresolver available there. So for JMX we should instead rely on 2.
I've created a PR with a proporsal for this issue. https://github.com/Netcentric/accesscontroltool/pull/177 it provides a service user, then it is easy to use loginService instead of loginAdministrative.
Fixed by #177, after some tests removed cloning of session in 821c4fa6d0a878f81d173f546d618982d7c88a19 to accommodate @kwin's suggestion.
When executing the installhook under AEM 6.3 the following error happens
Caused by: javax.jcr.LoginException: Bundle biz.netcentric.cq.tools.accesscontroltool.bundle is NOT whitelisted at org.apache.sling.jcr.base.AbstractSlingRepository2.loginAdministrative(AbstractSlingRepository2.java:378) at biz.netcentric.cq.tools.actool.dumpservice.impl.DumpserviceImpl.createAclDumpMap(DumpserviceImpl.java:419)
This seems to be caused by the usage of repository.loginAdministrative. which now is not allowed unless the bundle calling it is explicitly whitelisted in org.apache.sling.jcr.base.internal.LoginAdminWhitelist