0

I am following this article to to automate uploading multiple images in AEM 6.1.

https://helpx.adobe.com/experience-manager/using/multiple-digital-assets.html

At following line of writeToClientLib method of HandleFile.java, it throws NullPointerException when I try to upload images using client.

ResourceResolver resourceResolver = resolverFactory.getAdministrativeResourceResolver(null);
Adrian Cid Almaguer
  • 7,815
  • 13
  • 41
  • 63
V. Patel
  • 43
  • 1
  • 10
  • 2
    Actually you should not need a resolver from a factory. You have a request which gives you via getResourceResolver() the resolver with the appropriate user permissions. That should be all you need. – cwoeltge Jan 12 '16 at 10:10
  • How do you get a reference to the resolverFactory? – Robert Munteanu Jan 13 '16 at 08:42
  • @cwoeltge I tried using req.getResourceResolver(); on HttpServletRequest, It gives 'root not accessible' error message, unless I enable 'anonymous' access on the root using http://:/useradmin. Once it is enabled, I am able to upload files. – V. Patel Jan 13 '16 at 14:32
  • As mentioned in https://helpx.adobe.com/experience-manager/using/multiple-digital-assets.html, I use injection as follows. @Reference private ResourceResolverFactory resolverFactory; Seems like it is not able to inject and giving NullPointerException. – V. Patel Jan 13 '16 at 14:33
  • 1
    Having to enable anonymous access seems to indicate that the incoming request is not authenticated. You should fix that instead of using an administrative resolver which effectively bypasses all access control. – Bertrand Delacretaz Jan 14 '16 at 07:59
  • @BertrandDelacretaz Do you know anyway to fix this access issue? I tried researching a lot, but could not find any way out of it. – V. Patel Jan 14 '16 at 15:43
  • @BertrandDelacretaz Any idea how to get incoming request authenticated? You can look at the article in original post to see the request from client. – V. Patel Jan 14 '16 at 23:45
  • 1
    It looks like that example is using httpclient 4.x, you should be able to set the credentials as done with the PreemptiveAuthInterceptor in the https://github.com/apache/sling/tree/trunk/testing/tools module. – Bertrand Delacretaz Jan 15 '16 at 07:27
  • Thanks a lot. That helped me resolve my issue. I dont need to post as anonymous anymore. – V. Patel Jan 20 '16 at 03:03
  • You can use a [solution as listed here](http://stackoverflow.com/questions/31350548/resourceresolverfactory-getserviceresourceresolver-throws-exception-in-aem-6-1/31394583#31394583) – Suren Konathala Jan 27 '16 at 04:46

1 Answers1

0

Not sure what exactly is happening in your case (a stack trace would make it more readable). I'd expect a LoginException in this situation.

Anyway, you shouldn't be using the getAdministrativeResourceResolver method. It has been deprecated.

as of 2.4 (bundle version 2.5.0) because of inherent security issues. Services requiring specific permissions should use the getServiceResourceResolver(Map) instead.

and further on:

NOTE: This method is intended for use by infrastructure bundles to access the repository and provide general services. This method MUST not be used to handle client requests of whatever kinds. To handle client requests a regular authenticated resource resolver retrieved through getResourceResolver(Map) must be used.

Whatever problem you have might just disappear if you follow the advice from the Javadoc and implement this in a secure way.

toniedzwiedz
  • 17,895
  • 9
  • 86
  • 131
  • I tried using getResourceResolver(Map), as ResourceResolver resourceResolver = resolverFactory.getResourceResolver(Map);, it still gives NullPointerException. Seems like injection using @Reference private ResourceResolverFactory resolverFactory; is not working. – V. Patel Jan 13 '16 at 14:22
  • I tried using req.getResourceResolver(); on HttpServletRequest, It gives 'root not accessible' error message, unless I enable 'anonymous' access on the root using http://:/useradmin. Once it is enabled, I am able to upload files. – V. Patel Jan 13 '16 at 14:31
  • @V.Patel injection may fail if your class is not an OSGi component, check the annotations on your class. The resource resolver from the request will use the credentials of the current user. For the `getServiceResourceResolver` method, you can provide an OSGi configuration mapping specific users to services. Take a look at [this blog post](http://www.wemblog.com/2014/08/how-to-use-sessions-and-resource.html) – toniedzwiedz Jan 13 '16 at 14:42
  • I tried adding two annotations mentioned in the blog post, still giving nullpointer. – V. Patel Jan 14 '16 at 23:43