Netcentric / Accesscontroltool
Programming Languages
Labels
Projects that are alternatives of or similar to Accesscontroltool
Access Control Tool for Adobe Experience Manager
The Access Control Tool for Adobe Experience Manager (AC Tool) simplifies the specification and deployment of complex Access Control Lists in AEM. Instead of existing solutions that build e.g. a content package with actual ACL nodes you can write simple configuration files and deploy them with your content packages. See Comparison to other approches for a comprehensive overview.
Features:
- easy-to-read Yaml configuration file format
- run mode support
- automatic installation with install hook
- cleans obsolete ACL entries when configuration is changed
- ACLs can be exported
- stores history of changes
- ensured order of ACLs
- built-in expression language to reduce rule duplication
See also our talk at AdaptTo 2016
Requirements
The AC Tool requires Java 7 and AEM 6.1 (SP1) or above (use v1.x for older versions) for on-premise installations. Since v2.5.0 AEM as a Cloud Service is supported, see Startup Hook for details.
It is also possible to run the AC Tool on Apache Sling 11 or above (ensure system user actool-service
has jcr:all
permissions on root). When using the AC Tool with Sling, actions in ACE definitions and encrypted passwords cannot be used. To use the externalId
attribute, ensure bundle oak-auth-external
installed (not part of default Sling distribution).
Installation
The content package is available from the Maven Central repository with the coordinates
<groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
<artifactId>accesscontroltool-package</artifactId>
(for AEM Classic/On Premise) or
<groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
<artifactId>accesscontroltool-package</artifactId>
<classifier>cloud</classifier>
(for AEM as a Cloud Service)
Install it afterwards e.g. via AEM's package manager.
Oak Index for rep:ACL
To retrieve all ACLs in the system, an Apache Oak index for node type rep:ACL
is
- required for versions < 2.4.0 (otherwise the performance degrades significantly)
- beneficial for large installations for versions >= 2.4.0 (see #386, most installations will be fine without index)
You can get the content package containing the index definition via Maven Central with the coordinates
<groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
<artifactId>accesscontroltool-oakindex-package</artifactId>
(for AEM Classic/On Premise) or
<groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
<artifactId>accesscontroltool-oakindex-package</artifactId>
<classifier>cloud</classifier>
(for AEM as a Cloud Service)
Install it afterwards e.g. via AEM's package manager.
Migration to AC Tool
You can easily migrate to AC Tool following four simple steps.
Configuration of ACL entries
You need to setup Yaml configuration files to specify your users, groups and ACL entries. See also the best practices for hints on structuring.
There are also some advanced configuration options supported such as loops, conditional statements and permissions for anonymous.
Applying the ACL entries
There are multiple options to apply the ACL entries (e.g. install hook, JMX and upload listener) to your target system.
JMX interface
The JMX interface provides utility functions such as installing and dumping ACLs or showing the history.
History service
A history object collects messages, warnings, and also an exception in case something goes wrong. This history gets saved in CRX under /var/statistics/achistory. The number of histories to be saved can be configured in the history service.
Questions
If you have any questions which are still answered after reading the documentation feel free to raise them in the discussion forum.
Contributions
Contributions are highly welcome in the form of issue reports, pull request or providing help in our discussion forum.
Building the packages from source
If needed you can build the AC Tool yourself.
License
The AC Tool is licensed under the Eclipse Public License - v 1.0.