Importing rep:policy nodes in the ui.content maven content package

AEM Content
briankasingli

Importing rep:policy nodes in the ui.content maven content package

While working on a new AEM project (typically using https://github.com/adobe/aem-project-archetype), we might sometimes want to deploy new content with rep:policy nodes in particular, to give permission controls to allow jcr:read everyone to view the root content pages like /content/sourcedcode. There comes when a problem while building the ui.content maven module. Sometimes the rep:policy node is not imported over.

In this article, we will be configuring your AEM ui.content maven module to import the rep:policy as expected to allow the everyone group to view the /content/sourcedcode folder.

Step 1

Create a file named _rep_policy.xml under /ui.content/src/main/content/jcr_root/content/sourcedcode/_rep_policy.xml

1
2
3
4
5
6
7
8
<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
   jcr:primaryType="rep:ACL">
    <allow
       jcr:primaryType="rep:GrantACE"
       rep:principalName="everyone"
       rep:privileges="{Name}[jcr:read]"/>
</jcr:root>

Step 2

Update and add the _rep_policy.xml file, within /ui.content/src/main/content/META-INF/vault/filter.xml

1
2
3
4
<?xml version="1.0" encoding="UTF-8"?>
<workspaceFilter version="1.0">
    <filter root="/content/whitelabel/rep:policy" mode="merge"/>
</workspaceFilter>

Step 3

Ensure that the /ui.content/pom.xml has the correct plugins installed. Make sure the versions are exactly the same as the configuration as looking like below.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<plugin>
    <groupId>org.apache.jackrabbit</groupId>
    <artifactId>filevault-package-maven-plugin</artifactId>
    <version>1.0.1</version>
    <extensions>true</extensions>
    <configuration>
        <properties>
            <acHandling>merge</acHandling>
        </properties>
    </configuration>
</plugin>
<plugin>
    <groupId>com.day.jcr.vault</groupId>
    <artifactId>content-package-maven-plugin</artifactId>
    <version>1.0.2</version>
    <extensions>true</extensions>
    <configuration>
        <verbose>false</verbose>
        <failOnError>true</failOnError>
    </configuration>
</plugin>

Step 4

It’s very important that the is set to merge, or else the ui.content package will always overwrite the rep:policy node from the installed AEM environment. In step #3, make sure line:8 is set to your desires.

other options include:
ignore: Ignores the packaged access control and leaves the target unchanged.
overwrite: Applies the access control provided with the package to the target. this also removes existing access control.
merge: Merge access control provided with the package with the one in the content by replacing the access control entries of corresponding principals (i.e. package first). It never alters access control entries of principals not present in the package.
merge_preserve: Merge access control in the content with the one provided with the package by adding the access control entries of principals not present in the content (i.e. content first). It never alters access control entries already existing in the content.
clear: Clears all access control on the target system.

Hello, I am an enthusiastic Adobe Community Advisor and a seasoned Lead AEM Developer. I am currently serving as an AEM Technical Lead at MNPDigital.ca, bringing over a decade of extensive web engineering experience and more than eight years of practical AEM experience to the table. My goal is to give back to the AEM Full Stack Development community by sharing my wealth of knowledge with others. You can connect with me on LinkedIn.
Website https://www.linkedin.com/in/briankasingli

Leave a Reply

Your email address will not be published. Required fields are marked *


Related Posts

Back To Top