Importing rep:policy nodes in the ui.content maven content package

While working on a new AEM project (typically using https://github.com/adobe/aem-project-archetype), we might sometimes want to deploy new content with rep:policy nodes in particular, to give permission controls to allow jcr:read everyone to view the root content pages like /content/sourcedcode. There comes when a problem while building the ui.content maven module. Sometimes the rep:policy node is not imported over.

In this article, we will be configuring your AEM ui.content maven module to import the rep:policy as expected to allow the everyone group to view the /content/sourcedcode folder.

Step 1

Create a file named _rep_policy.xml under /ui.content/src/main/content/jcr_root/content/sourcedcode/_rep_policy.xml

1
2
3
4
5
6
7
8
<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
    jcr:primaryType="rep:ACL">
    <allow
        jcr:primaryType="rep:GrantACE"
        rep:principalName="everyone"
        rep:privileges="{Name}[jcr:read]"/>
</jcr:root>

Step 2

Update and add the _rep_policy.xml file, within /ui.content/src/main/content/META-INF/vault/filter.xml

1
2
3
4
<?xml version="1.0" encoding="UTF-8"?>
<workspaceFilter version="1.0">
    <filter root="/content/whitelabel/rep:policy" mode="merge"/>
</workspaceFilter>

Step 3

Ensure that the /ui.content/pom.xml has the correct plugins installed. Make sure the versions are exactly the same as the configuration as looking like below.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<plugin>
    <groupId>org.apache.jackrabbit</groupId>
    <artifactId>filevault-package-maven-plugin</artifactId>
    <version>1.0.1</version>
    <extensions>true</extensions>
    <configuration>
        <properties>
            <acHandling>merge</acHandling>
        </properties>
    </configuration>
</plugin>
<plugin>
    <groupId>com.day.jcr.vault</groupId>
    <artifactId>content-package-maven-plugin</artifactId>
    <version>1.0.2</version>
    <extensions>true</extensions>
    <configuration>
        <verbose>false</verbose>
        <failOnError>true</failOnError>
    </configuration>
</plugin>

Step 4

It’s very important that the is set to merge, or else the ui.content package will always overwrite the rep:policy node from the installed AEM environment. In step #3, make sure line:8 is set to your desires.

other options include:
ignore: Ignores the packaged access control and leaves the target unchanged.
overwrite: Applies the access control provided with the package to the target. this also removes existing access control.
merge: Merge access control provided with the package with the one in the content by replacing the access control entries of corresponding principals (i.e. package first). It never alters access control entries of principals not present in the package.
merge_preserve: Merge access control in the content with the one provided with the package by adding the access control entries of principals not present in the content (i.e. content first). It never alters access control entries already existing in the content.
clear: Clears all access control on the target system.

Was this post helpful?

Hello, I am an active Adobe Community Advisor & a certified Lead AEM Developer who is currently working as a Senior AEM Full Stack Developer. I have over a decade of overall web engineering experience and many years (more than 6) of AEM experience in practice. I hope to give back to the AEM Full Stack Development community by sharing my knowledge with the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top