When working for organizations with the goal of migrating from AEM 6X to 6.5 or to AEM Cloud as a Service. It’s very common that the AEM backend code still utilizes the deprecated resourceResolverFactory.getAdministrativeResourceResolver(null) @depricated API. This method has been deprecated as of 2.4 (bundle version 2.5.0) because of inherent security issues. Services requiring specific permissions should use the getServiceResourceResolver(), AEM service users instead.
1 2 3 4 5 | try (ResourceResolver resolver = resourceResolverFactory.getAdministrativeResourceResolver(null)) { // do something } catch (LoginException e) { e.printStackTrace(); } |
In the later versions of AEM, from the default AEM environment configurations, it has disabled the use of resourceResolverFactory.getAdministrativeResourceResolver(null) because of inherent security issues and has disabled the API. Without any configurations made on AEM, the AEM environment will causes the API call to not work as expected, and the resourceResolverFactory.getAdministrativeResourceResolver(null) returns as a null object.
Solving the Issue
During times of rapid development, developers are not positions to refactor the deprecated API. That’s okay. AEM provides configuration to re-enable this disabled feature as a temporary solution for the environment to allow the deprecated API. You have two options.
1. Apache Sling Login Admin Whitelist
Visit http://localhost:4502/system/console/configMgr/org.apache.sling.jcr.base.internal.LoginAdminWhitelist
whitelist.bypass: {Boolean} if true, by default all the bundles will be allowed to use getAdministrativeResourceResolver() deprecated API.
whitelist.bundles.regexp: Regular expression for bundle symbolic names for which loginAdministrative() is allowed. NOT recommended for production use, but useful for testing with generated bundles.
2. Apache Sling Login Admin Whitelist Configuration Fragment
http://localhost:4502/system/console/configMgr/org.apache.sling.jcr.base.internal.LoginAdminWhitelist.fragment
whitelist.name: Optional name to disambiguate configurations.
whitelist.bundles: A list of bundle symbolic names allowed to use loginAdministrative().