Service User Creation

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Service User Creation

Andreas Schaefer
Hi

I was wondering what is considered the best way to
create a Service User and install it with package.

So far I saw two solutions:

1) Use the Bundle Activator to create the System User and then to set the permission
2) Create a System User, export it and add this as /home/users/system node and provide the permission as rep:policy node(s). I tested that on AEM 6.2.

And then, of source, provide the Service User Amend file.

1) seems to go under the radar and is hard to understand for an administrator
2) not sure if that works in Sling especially inside a Content Bundle

- Andy Schaefer
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Service User Creation

Bertrand Delacretaz
Hi,

On Mon, Mar 27, 2017 at 10:21 PM, Andreas Schaefer Sr. <[hidden email]> wrote:
> ...I was wondering what is considered the best way to
> create a Service User and install it with package...

With a http://jackrabbit.apache.org/filevault/ package you mean?

I don't think we have currently a better out of the box solution than
what you mention.

The repoinit tool [1] is meant to create service users and set
permissions for them but it's not currently "wired" to package
installations.

The repoinit parser and JCR modules are reusable in other contexts
however, so it shouldn't be too hard to call them when detecting
bundles or content packages which provide repoinit statements. However
the current code is written with immutable Sling instances in mind, so
handling uninstalls would be more complicated.

-Bertrand

[1] https://sling.apache.org/documentation/bundles/repository-initialization.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Service User Creation

Carsten Ziegeler
The new model installer plugin for the OSGi installer can take an
archive containing bundles, configurations and repo init instructions
and installs all of them. Uninstall is supported for bundles and
configurations and for whatever repoinit uninstall supports.

I still believe the descriptive approach using the provisioning model is
a very good way as it clearly shows you what is happening if you install
this package. If you use a JCR package, it's way harder to find out and
it's close to impossible to find out if your bundle is creating users.

Regards
Carsten

Bertrand Delacretaz wrote

> Hi,
>
> On Mon, Mar 27, 2017 at 10:21 PM, Andreas Schaefer Sr. <[hidden email]> wrote:
>> ...I was wondering what is considered the best way to
>> create a Service User and install it with package...
>
> With a http://jackrabbit.apache.org/filevault/ package you mean?
>
> I don't think we have currently a better out of the box solution than
> what you mention.
>
> The repoinit tool [1] is meant to create service users and set
> permissions for them but it's not currently "wired" to package
> installations.
>
> The repoinit parser and JCR modules are reusable in other contexts
> however, so it shouldn't be too hard to call them when detecting
> bundles or content packages which provide repoinit statements. However
> the current code is written with immutable Sling instances in mind, so
> handling uninstalls would be more complicated.
>
> -Bertrand
>
> [1] https://sling.apache.org/documentation/bundles/repository-initialization.html
>


 

--
Carsten Ziegeler
Adobe Research Switzerland
[hidden email]
Loading...