March 29, 2020
Estimated Post Reading Time ~

User Creation using AccountManagementService API in AEM 6.2 - Part1

When it comes to the right access to right person, creating users is the first thing which hit our mind.
Let us see how to create users in AEM6.2.
Initially users were getting created using AccountManager API and but now this is deprecated in AEM6.2
After doing POC I came to know that “AccountManagement Service API” is extended with lot of new features.

Activation of AccountManagementService in Felix Console

Before using any OSGi Service, ideally it should be in "active" state but AccountManagement Service was in "unsatisfied" state when i checked it.


Fig- Account Management Service in Unsatisfied State

Follow the below steps to make this Service inactive State:
Configure Day CQ Mail Service.

Fig- Configure Day CQ Mail Service

The email id which is configured in "Day CQ Mail Service", should turn on the "less secure apps" of google account.
To turn it on Click here.

Fig- Turn On Less Secure Apps of gmail account

Now AccountManagemntService is in "satisfied" and "active" state.

Fig- Account Management Service is in Satisified state

Explanation of AccountManagementService API
AccountManagementService API provide the below method to create AEM User.

Fig- requestAccount() method of AccountManagementService API

Below are the parameters of requestAccount() method in detail:
UserId: UserId is a name through which, the account will be created in AEM.
Pwd: This is the password of the user account.
Map<String,RequestParameter[]> properties : In this map, user's profile related all additional values can get stored. In this map “email” property must exist, because email is used for sending the mail to user to confirm or validate a newly created account

Fig- Storing properties

requestUrl: API will get the host and port using this parameter which will help to create confirmation page URL. This URL will be sent to user via mail for verifying the account. Example: http://localhost:4502

Note:
I have given the example of localhost, but this will not work in other environment i.e QA/UAT. For these environments, domains will be dynamically fetched from “DAY CQ Link Externalizer” configuration from Felix console

configPath: It is a path of the node(e.g., “/content/properties”) type of nt:unstructured , where below three properties need to be added:
a) memberOf
b) intermediatePath
c) confirmationPage


Fig- config path node with its properties

Detailed explanation of above Properties:
memberOf: This property identifies that the user should be part of which group. If you don’t provide any value to memberOf property,the user become part of “everyone” group. Note: This is an optional field.
intermediatePath: By default , AEM users gets created under /home/users.Intermediate path is used to provide customized path for creation of users. Eg: sgaem. So here, all the users will be created under /home/users/sgaem. Note: This is an optional field.
confirmationPage: ConfirmationPage link will be sent to email id which is added by user in registeration details.
Note: This field is mandatory.

Functionality of requestAccount() method


Fig- Flow of user creation using AccountManagementService API

Follow the below steps:
User fills the Account Creation form and submits it.
This Request received by the servlet and the servlet calls the requestAccount() method of AccountManagementService API.

package com.aem.sgaem.project.servlets;

import com.adobe.cq.account.api.AccountManagementService;
import java.util.HashMap;
import java.util.Map;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.sling.SlingServlet;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.request.RequestParameter;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;

@SlingServlet(paths = "/bin/registeration", methods = "post")
public class RegisterServlet extends SlingAllMethodsServlet {

@Reference
private AccountManagementService accountManagementService;
@Override
public void doPost(SlingHttpServletRequest request, SlingHttpServletResponse response) {
String fname = request.getParameter("fname");
String password = request.getParameter("pwd");
try {
Map<String, RequestParameter[]> profilemap = new HashMap<String, RequestParameter[]>();
profilemap
.put("email", new RequestParameter[]{new Parameters(request.getParameter("email"))});
profilemap
.put("familyName", new RequestParameter[]{new Parameters(request.getParameter("lname"))});

accountManagementService
.requestAccount(fname, password, profilemap, "http://localhost:4502",
"/content/properties");
response.getWriter().print("Please Check your EmailId and verify the mail for complete account creation");
} catch (Exception e) {
e.printStackTrace();
}
}
}

package com.aem.sgaem.project.servlets;

import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import org.apache.sling.api.request.RequestParameter;
final class Parameters implements RequestParameter {

private final String parameter;
public Parameters(String parameter) { this.parameter = parameter; }
public boolean isFormField() { return true; }
public String getContentType() { return null; }
public long getSize() { return parameter.length(); }
public byte[] get() { return parameter.getBytes(); }
public InputStream getInputStream() throws IOException { return null; }
public String getFileName() { return null; }
public String getName() { return getString(); }
public String getString() {return parameter; }
public String getString(String s) throws UnsupportedEncodingException { return new String(parameter.getBytes(s));}
}

This method creates the user in AEM in disabled state and send a verification email to the user.

Fig- Highlighted property shows that the user is in disable state


Fig- User gets the Account Verification Email

The confirmation link page will be having a component named "emailConfirmation". The emailConfirmation.html contains.

<sly data-sly-include="/libs/foundation/components/account/requestconfirmation/requestconfirmation.jsp" />

User will click on verification link to enable the account in AEM.

Fig- User become Enable After Verifying the link

Confirmation mail will be sent to user after verification.

Fig- User gets email for Account Creation

Mission Accomplished: and created user can access the AEM instance with his own credentials But wait, below issue can screw all the happiness.

Issue in using AccountManagementService API
Issue: Initially I used configPath as “/etc/properties” but accountManagementService.requestAccount() will throw nullPointerException.
Solution: While checking the code,I came to know that AccountManagementService API internally using the below method to get the Session object.

private Session getServiceSession()
throws RepositoryException {
return this.repository.loginService("account-management-service",null);
}
"account-management-service “ is a subService defined in User Mapper Configuration.

Fig- Service User Mapper Service Configuration


Fig- Check the Permission of Service user

"account manager" is a user correspond to "account-management-service" in the "Apache Sling Service User Mapper Service Amendment" configuration, but the account manager has only permissions for " /content".

Note: The configPath should be under "/content" or you can give any hierarchy but “account-manager” user must have the permission of that particular configPath.


By aem4beginner

No comments:

Post a Comment

If you have any doubts or questions, please let us know.