最初にグループを作成し、次にユーザーを作成してから、getServiceResourceResolver(map) または loginService("datawrite",null) を使用してグループにユーザーを追加します。
次のコードを試してみましたが、セッションの保存時に例外が発生しています (adminSession.save()):
public void addGroupUser(SlingHttpServletRequest request) {
log.info("----------------------------------------> addGroupUser");
String groupName = request.getParameter("groupName");
String userName = request.getParameter("userName");
String password = request.getParameter("password");
Session adminSession = null;
ResourceResolver adminResolver = null;
try {
Map<String, Object> authInfoParam = new HashMap<String, Object>();
authInfoParam.put(ResourceResolverFactory.SUBSERVICE, "datawrite");
adminResolver = resolverFactory.getServiceResourceResolver(authInfoParam);
//adminResolver = resolverFactory.getAdministrativeResourceResolver(null); //deprecated method
adminSession = slingRepository.loginService("datawrite", null);
log.info("----------------------------------------> Session user id = {}",adminSession.getUserID());
// Create UserManager Object
final UserManager userManager = AccessControlUtil.getUserManager(adminSession);
// Create a Group
Group group= null;
if (userManager.getAuthorizable(groupName) == null) {
//adminResolver.refresh();
group = userManager.createGroup(groupName,new SimplePrincipal(groupName),"/home/groups/test");
ValueFactory valueFactory = adminSession.getValueFactory();
Value groupNameValue = valueFactory.createValue(groupName, PropertyType.STRING);
group.setProperty("./profile/givenName", groupNameValue);
//adminResolver.commit();
log.info("----------------------------------------> {} Group successfully created.",group.getID());
} else {
log.info("----------------------------------------> Group already exist..");
}
// Create a User
User user = null;
if (userManager.getAuthorizable(userName) == null) {
//adminResolver.refresh();
user=userManager.createUser(userName, password,new SimplePrincipal(userName),"/home/users/test");
ValueFactory valueFactory = adminSession.getValueFactory();
Value firstNameValue = valueFactory.createValue("Arpit", PropertyType.STRING);
user.setProperty("./profile/givenName", firstNameValue);
Value lastNameValue = valueFactory.createValue("Bora", PropertyType.STRING);
user.setProperty("./profile/familyName", lastNameValue);
Value emailValue = valueFactory.createValue("arpit.p.bora@gmail.com", PropertyType.STRING);
user.setProperty("./profile/email", emailValue);
//adminResolver.commit();
log.info("----------------------------------------> {} User successfully created.",user.getID());
} else {
log.info("----------------------------------------> User already exist..");
}
// Add Users to Group
Group addUserToGroup = (Group)(userManager.getAuthorizable(groupName));
addUserToGroup.addMember(userManager.getAuthorizable(userName));
adminSession.save();
}catch (Exception e) {
log.info("----------------------------------------> Not able to perform User Management..");
log.info("----------------------------------------> Exception.." + e.getMessage());
} finally {
if (adminSession != null && adminSession.isLive()) {
adminSession.logout();
}
if (adminResolver != null)
adminResolver.close();
}
}
例外ログは次のとおりです。
javax.jcr.AccessDeniedException: OakAccess0000: Access denied
at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:231)
at org.apache.jackrabbit.oak.api.CommitFailedException.asRepositoryException(CommitFailedException.java:212)
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.newRepositoryException(SessionDelegate.java:670)
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.save(SessionDelegate.java:496)
at org.apache.jackrabbit.oak.jcr.session.SessionImpl$8.performVoid(SessionImpl.java:419)
at org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(SessionDelegate.java:274)
at org.apache.jackrabbit.oak.jcr.session.SessionImpl.save(SessionImpl.java:416)
...
Caused by: org.apache.jackrabbit.oak.api.CommitFailedException: OakAccess0000: Access denied
at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.checkPermissions(PermissionValidator.java:212)
at org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidator.childNodeAdded(PermissionValidator.java:150)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:104)
at org.apache.jackrabbit.oak.spi.commit.VisibleValidator.childNodeAdded(VisibleValidator.java:32)
at org.apache.jackrabbit.oak.spi.commit.CompositeEditor.childNodeAdded(CompositeEditor.java:108)
...
OSGI 構成管理インターフェイスで構成可能な「Apache Sling Service User Mapper Service」に、システム ユーザーとの「datawrite」サービス マッピングがあります。