AEM Permission Checker

This is a project provides a tool to test user permissions for Adobe Experience Manager 6.4.

How to use

Requirements

• AEM 6.4 or later

Download

Download the latest release here: https://github.com/namics/aem-permission-checker/releases

Installation and Configuration

Upload and install the content package using the CRX Package Manager.

The permission checker servlet is disabled by default (for security reasons). It can be enabled in the OSGi Configuration ("Namics Permission Checker Servlet"). Of course you are free to create a runmode specific configuration in your code to enable or disable for different environments.

WARNING! The permission checker is meant to be a tool to support you during development. It's highly recommended NOT to use it in production! But hey, I'm just a README file. I cannot tell you how to live your live.

By default only the user admin has the permissions call the servlet. If you want to grant access for other users you need to add them to the group namics-permission-checker which was automatically created during package installation.

Check permissions

To perform a permission check you can send your test definition as a POST request to the permission checker servlet:

A test definition has the following schema:

[
  {
    "name": "*testname*",
    "paths": [
      "*pathToNode*",
      "*pathToNode*"
    ],
    "users": [
      "*userId*",
      "*userId*"
    ],
    "allow": [
      "*permission*",
      "*permission*"
    ],
    "deny": [
      "*permission*",
      "*permission*"
    ]
  },
  ...
]

Using curl

curl -u <username>:<password> http://<host>:<port>/bin/permissionchecker -d @<path/to/json/file> --header "Content-Type: application/json" -k

Small side note: The curl user agent is white-listed in the "Adobe Granite CSRF Filter" configuration by default. This allows the request to bypass the CSRF check. If you have troubles with the curl request, please check this configuration.

Example response:

{
    "allTestsSuccessful": false,
    "testsExecuted": 2,
    "testsSuccessful": 1,
    "testsFailed": 1,
    "testResults": [
        {
            "name": "Test for my-authors",
            "success": true,
            "errors": []
        },
        {
            "name": "Test for anonymous",
            "success": false,
            "errors": [
                "Failed! User: anonymous, Path: /content, Action: read, Expected: false, But was: true"
            ]
        }
    ]
}

Using the GUI

The permission checker provides a simple GUI which allows you to execute tests and display its result. It can be found in the aem tool section:

Direct link:/apps/namics/permissionchecker/gui.html

How to contribute

Requirements

• Java 8 or later
• Maven 3.3.9 or later

Modules

The main parts of the projects are:

• core: Java bundle containing all core functionality like OSGi services as well as component-related Java code such as servlets.
• ui.apps: contains the /apps parts of the project such as the permission checker gui and the "tools" menu entry for the AEM backend.

How to build locally

To build all the modules run in the project root directory the following command with Maven 3:

mvn clean install

If you have a running AEM instance you can build and package the whole project and deploy into AEM with

mvn clean install -PautoInstallPackage

Or to deploy it to a publish instance, run

mvn clean install -PautoInstallPackagePublish

Or alternatively

mvn clean install -PautoInstallPackage -Daem.port=4503

Or to deploy only the bundle to the author, run

mvn clean install -PautoInstallBundle

Maven settings

The project comes with the auto-public repository configured. To setup the repository in your Maven settings, refer to:

http://helpx.adobe.com/experience-manager/kb/SetUpTheAdobeMavenRepository.html