resourceResolverFactory.getAdministrativeResourceResolver(null) WhiteList Bundle for Administrative Login

When working for organizations with the goal of migrating from AEM 6X to 6.5 or to AEM Cloud as a Service. It’s very common that the AEM backend code still utilizes the deprecated resourceResolverFactory.getAdministrativeResourceResolver(null) @depricated API. This method has been deprecated as of 2.4 (bundle version 2.5.0) because of inherent security issues. Services requiring specific permissions should use the getServiceResourceResolver(), AEM service users instead.

1
2
3
4
5
try (ResourceResolver resolver = resourceResolverFactory.getAdministrativeResourceResolver(null)) {
    // do something
} catch (LoginException e) {
    e.printStackTrace();
}

In the later versions of AEM, from the default AEM environment configurations, it has disabled the use of resourceResolverFactory.getAdministrativeResourceResolver(null) because of inherent security issues and has disabled the API. Without any configurations made on AEM, the AEM environment will causes the API call to not work as expected, and the resourceResolverFactory.getAdministrativeResourceResolver(null) returns as a null object.


Solving the Issue

During times of rapid development, developers are not positions to refactor the deprecated API. That’s okay. AEM provides configuration to re-enable this disabled feature as a temporary solution for the environment to allow the deprecated API. You have two options.


1. Apache Sling Login Admin Whitelist

Visit http://localhost:4502/system/console/configMgr/org.apache.sling.jcr.base.internal.LoginAdminWhitelist

whitelist.bypass: {Boolean} if true, by default all the bundles will be allowed to use getAdministrativeResourceResolver() deprecated API.
whitelist.bundles.regexp: Regular expression for bundle symbolic names for which loginAdministrative() is allowed. NOT recommended for production use, but useful for testing with generated bundles.


2. Apache Sling Login Admin Whitelist Configuration Fragment

http://localhost:4502/system/console/configMgr/org.apache.sling.jcr.base.internal.LoginAdminWhitelist.fragment

whitelist.name: Optional name to disambiguate configurations.
whitelist.bundles: A list of bundle symbolic names allowed to use loginAdministrative().


Was this post helpful?

Hello, I am an enthusiastic Adobe Community Advisor and a seasoned Lead AEM Developer. I am currently serving as an AEM Technical Lead at MNPDigital.ca, bringing over a decade of extensive web engineering experience and more than eight years of practical AEM experience to the table. My goal is to give back to the AEM Full Stack Development community by sharing my wealth of knowledge with others. You can connect with me on LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top