AEM 6.1 - Unlocking pages issue having resolverFactory.getServiceResourceResolver() approach

2
votes

In a project that I am working in AEM 6.1, we are using the "new" way to obtain a valid ResourceResolver object through the line resolverFactory.getServiceResourceResolver(). As you know, is neccessary to have a System User created with the right permissions in the environment, to perform some tasks in the JCR. We have created a System User with Admin rights.

Attach of the permissions: useradmin page

This user is assigned to the Apache Sling Service User Mapper Service config as a Default User, so we do not have to pass anytime in the code the Map object with the subservice name. The page path that I am testing is /content/test/test-1/test-folder/test-unlock-page/. Attached the related CODE. When the line page.unlock() is executed this throws a WCMException 

    @Override
public void unlock(String userId, String pagePath) throws LoginException, WCMException {        

    ResourceResolver resourceResolver =resourceResolverFactory.getServiceResourceResolver(null);
    PageManager pageMgr = resourceResolver.adaptTo(PageManager.class);
    Session session = resourceResolver.adaptTo(Session.class);
    Page page = pageMgr.getPage(pagePath);

    if(!page.isLocked()) {
        log.info("Page is NOT locked, unlock operation not mandatory: " + pagePath);
    } else {
    log.info("Unlocking page on behalf of: " + userId);
    page.unlock();
}

The exception cause is: 

javax.jcr.lock.LockException: Not an owner of the lock /content/test/test-1/test-folder/test-unlock-page/jcr:content

I read the documentation of this link and according my understanding when you specify a modify permission for this user the user can lock (locking) but this paragraph does not tell anything about unlocking:

At the JCR level, users can modify a resource by modifying its properties, locking, versioning, nt-modifications, and they have complete write permission on nodes defining a jcr:content child node, for example cq:Page, nt:file, cq:Asset

I am thinking if is possible to assign in other place a permission to unlock to this System user, because it seems that is imposible to do it with the current privileges.

Thanks for any idea about it.

2
aemjcr
I have seen this issue. I think only the lock owner and the extremely special admin user can unlock. So what you can try is impersonating the lock owner session in your code and then unlock. Let me know if you find another way.Abhishek
@Abhishek Thanks for your answer, help me very much. I tested this and seems that when I create an impersonation in order to let the new system user behave like the admin user, the unlock process works fine! but is weird that if i put a validation before the unlocking with page.canUnlock() -- documentation this returns false but the unlock process works normally. It seems to me that maybe for unlocking just the lock owner or explicitly the admin user can unlock. I will tell if I found another way.codeparty2016

2 Answers

0
votes

It is not possible. only the admin user and lock owner can remove the lock.

0
votes

Just the lock owner can remove the lock. Even a member of an administrators group isn't able to unlock a page. However, the admin user can remove the lock of any page using the CRX Content Explorer.