I'm creating a custom WorkflowProcess in AEMaaCS that does some changes on behalf of the workflow initiator. How can I get a ResourceResolver that has the rights of the workflow initator?
In the WorkflowProcess I can get a ResourceResolver e.g. like this:
resourceResolverFactory.getResourceResolver(
Collections.singletonMap(JcrResourceConstants.AUTHENTICATION_INFO_SESSION,
workflowSession.getSession())
but this resolver seems to be for userid workflow-process-service. But for security reasons I'd like to restrict the resolver to the initiators rights. How to do that? I tried this, but that throws a "Impersonation not allowed" LoginException:
resourceResolverFactory.getResourceResolver(
Collections.singletonMap(ResourceResolverFactory.USER_IMPERSONATION,
workItem.getWorkflow().getInitiator())
and for a getResourceResolver with ResourceResolverFactory.USER I don't have the password...
Thanks a lot!
I am pretty sure this is not possible.
I had a similar use case and ended up writing code to check initiators permissions during workflow execution instead of getting a session with initiator auth info.
Another way would be to implement your logic via a servlet instead of a workflowprocessstep (if needed, delegate batch processing to a sling job), where you can get the resourceResolver from request.