Aem Asset API authentication | Community
Skip to main content
vjleo94
vjleo94
Level 3
July 22, 2024

Aem Asset API authentication

  • July 22, 2024
  • 2 replies
  • 2123 views

Hi,

 

I am trying to create an servlet which will be used to upload an asset to AEM. The whole author system is behind Microsoft OIDC authentication. So, in our case, we will be using bearer token to authenticate the servlet request. 

 

I am trying to do a http post to the OOTB assets API.

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/assets/extending/mac-api-assets#create-an-asset

 

However, the challenge here is the authentication for the OOTB assets API. If I use the bearer token in authorization header, it fails with the below error 

 

com.adobe.granite.rest.impl.servlet.PostRequest Exception during request processing.
java.lang.IllegalArgumentException: Can't create child on a synthetic root
	at org.apache.sling.resourceresolver.impl.ResourceResolverImpl.create(ResourceResolverImpl.java:1004)
	at org.apache.sling.resourceresolver.impl.ResourceResolverImpl.create(ResourceResolverImpl.java:1002)
	at org.apache.sling.resourceresolver.impl.ResourceResolverImpl.create(ResourceResolverImpl.java:1002)
	at org.apache.sling.resourceresolver.impl.ResourceResolverImpl.create(ResourceResolverImpl.java:1002)
	at com.adobe.granite.rest.impl.servlet.ModifyingRequest.createOrModifyResource(ModifyingRequest.java:121)

 

And the only way I am able to create an asset via this custom servlet is by calling the OOTB API via the direct IP with the basic admin credentials. 

Is it possible to use token based authentication?

Best regards,
Vijaya Kumar A

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

2 replies

anupampat
Community Advisor
anupampatCommunity Advisor
Community Advisor
July 22, 2024

Hi @vjleo94 ,

 

Not sure if you have already tried using this but you will need an external application for this (nodejs)- https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headless/authentication/overview

 

Regards,

Anupam Patra

    vjleo94
    vjleo94Author
    Level 3
    July 23, 2024

    Hi @anupampat ,

    Thank you for the reply. 

    But we have custom OIDC authentication in place, and this is a OIDC access token I am talking about which is used to authorize an user in the server. 

     

    Now as a workaround, I am going to use the direct IP to access the server with basic login credentials and use the API in my servlet.

     

    Best regards,
    Vijaya Kumar A

      sarav_prakash
      Community Advisor
      sarav_prakashCommunity Advisor
      Community Advisor
      August 4, 2024

      @vjleo94 , trust me, your approach of servlet to upload assets will 100% fail. I wrote an article explaining all challenges we faced calling servlet to upload assets - https://medium.com/@bsaravanaprakash/how-we-migrated-a-million-assets-into-aem-cloud-service-dam-ef7eb74d30fa

       

      So technically you can leverage Adobe IMS to authenticate  https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/developing/generating-access-tokens-for-server-side-apis

       

      But if you are running on AEMaaCS, servlet approach will 100% fail. Consider switching to

      1. cloud-way using https://github.com/adobe/aem-upload
      2. Using bulk uploader - https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/migration/bulk-import
      3. Or like I wrote custom implementation using asset compute microservice https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/asset-compute/overview

      Do consider not writing servlets, as they are not scalable. Will easily crash AEM JVM. 

       

        Terms & ConditionsAccessibility statement

        Loading footer...