While working on a new AEM project (typically using https://github.com/adobe/aem-project-archetype), we might sometimes want to deploy new content with rep:policy nodes in particular, to give permission controls to allow jcr:read everyone to view the root content pages like /content/sourcedcode. There comes when a problem while building the ui.content maven module. Sometimes the rep:policy node is not imported over.
In this article, we will be configuring your AEM ui.content maven module to import the rep:policy as expected to allow the everyone group to view the /content/sourcedcode folder.
Step 1
Create a file named _rep_policy.xml under /ui.content/src/main/content/jcr_root/content/sourcedcode/_rep_policy.xml
1 2 3 4 5 6 7 8 | <?xml version="1.0" encoding="UTF-8"?> <jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal" jcr:primaryType="rep:ACL"> <allow jcr:primaryType="rep:GrantACE" rep:principalName="everyone" rep:privileges="{Name}[jcr:read]"/> </jcr:root> |
Step 2
Update and add the _rep_policy.xml file, within /ui.content/src/main/content/META-INF/vault/filter.xml
1 2 3 4 | <?xml version="1.0" encoding="UTF-8"?> <workspaceFilter version="1.0"> <filter root="/content/whitelabel/rep:policy" mode="merge"/> </workspaceFilter> |
Step 3
Ensure that the /ui.content/pom.xml has the correct plugins installed. Make sure the versions are exactly the same as the configuration as looking like below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | <plugin> <groupId>org.apache.jackrabbit</groupId> <artifactId>filevault-package-maven-plugin</artifactId> <version>1.0.1</version> <extensions>true</extensions> <configuration> <properties> <acHandling>merge</acHandling> </properties> </configuration> </plugin> <plugin> <groupId>com.day.jcr.vault</groupId> <artifactId>content-package-maven-plugin</artifactId> <version>1.0.2</version> <extensions>true</extensions> <configuration> <verbose>false</verbose> <failOnError>true</failOnError> </configuration> </plugin> |
Step 4
It’s very important that the
other options include:
ignore: Ignores the packaged access control and leaves the target unchanged.
overwrite: Applies the access control provided with the package to the target. this also removes existing access control.
merge: Merge access control provided with the package with the one in the content by replacing the access control entries of corresponding principals (i.e. package first). It never alters access control entries of principals not present in the package.
merge_preserve: Merge access control in the content with the one provided with the package by adding the access control entries of principals not present in the content (i.e. content first). It never alters access control entries already existing in the content.
clear: Clears all access control on the target system.