Setting up the initial state of AEM
repository may appear cumbersome, we need to do lot of configurations and
create system users and provide access to specific paths. Below are some of the
items:
- Creating service users
- Creating user groups
- Setting up ACLs/permissions for these users
- Base content structure inside /conf or /content
Creating and setting up these configurations
manually may lead to mistakes, and we have lot of environments development, QA,
stage, prod etc. To overcome all these issues, Apache Sling Repository
Initialization comes very handy.
How Repo Init works?
Repo Init is a set of
instructions/scripts which help us in creating JCR structures, service users
and groups. There are no explicit permissions needed in order to run these
scripts. These scripts are executed early in the deployment process so that all
required configuration/content exist in the system before the code is executed.
Configuring Repo Init:
To enable Repoinit, OSGi configuration for factory
PID org.apache.sling.jcr.repoinit.RepositoryInitializer in one of the
project’s configuration folders. Since it’s an OSGi configuration, it is easy
to have a set of scripts for author and publish run modes, along with different
environments such as Stage and Production. For example, config.author,
config.publish, config.author.prod, and config.publish.stage, etc. use a
descriptive name for the configuration like org.apache.sling.jcr.repoinit.RepositoryInitializer~init
and config should be like”
org.apache.sling.jcr.repoinit.RepositoryInitializer-myprojectinit.config
These configurations have two optional fields:
· A multi-value references field with each value
providing the URL (as a String) of raw Repoinit statements
· A multi-value scripts field with each value
providing Repoinit statements as plain text in a String
Let’s create service user
and provide some permissions:
scripts = “[
create service user my-service-user,
create path /conf/demo(nt:folder)/myconfig(sling:Folder),
set ACL for my-service-user;
allow jcr:read,rep:write on /conf/demo/myconfig;
end
]”
It will create "my-service-user" system user and provide read & write permission to this user of path /conf/demo/myconfig.
Create service user
user-1, user-2
scripts = “[
set ACL on /content/dam
allow jcr:read for user-1,user-2
end]”
Service User – permission to multiple paths
set ACL on /content/dam/myproject, /conf/myproject
allow jcr:all for user-1
end
"]
References:
https://sling.apache.org/documentation/bundles/repository-initialization.html
Happy Learning!
