AEM content services - secure json exported | Community
Skip to main content
N
NitroHazeDev
Level 9
February 15, 2024

AEM content services - secure json exported

  • February 15, 2024
  • 2 replies
  • 1255 views

Want to hear thoughts around , on a publish instance, What’s the best way to secure the json exported via content services - .model.json and the custom exporter framework (using the annotation) ? I tend to consider json exported using exporter json as well to be an extension of content services and hence part of content services.

For the latter, (exporter annotations),  I understand one can customize the exported json to have what is needed to be exported , but is there a way to secure the json exported to have only certain folks access it ? Is it based on the resource type set within annotation that security is added? 


Typically, when one exposes a servlet ,the res type is something that enables security as I gather among other ways such as service amended user account and api checks.

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

    2 replies

    Imran Khan
    Community Advisor
    Imran KhanCommunity Advisor
    Community Advisor
    February 16, 2024

    Below blog will help you to achieve what you have been looking for

    https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/allow-aem-servlet-only-from-allowed-domains/m-p/376461

      somen-sarkar
      Community Advisor
      somen-sarkarCommunity Advisor
      Community Advisor
      February 16, 2024

      Hi @nitrohazedev ,

      Another thought , you can have ACL enabled for the particular page/resource and restrict the access to certain users/groups.  Content services should respect the ACLs OOTB .

       

      If your requirement is to access enabled for particular host then sling referrer filter is the way forward as mentioned in other comment.

       

      Thanks,

      Somen

        N
        NitroHazeDevAuthor
        Level 9
        February 25, 2024

        Thanks @imran__khan and @somen-sarkar . Without updating host , my query is inclined towards exposing of say model.json and having exposed the data in a secure fashion. Given the host I still want to restrict the model json access by general public and retain for few. Ofcourse one could have just the required data exposed using exporter framework and thus via model.json but securing the json I would imagine is via the resource type that the exporter framework looks at ? Or is there is any other way like exposing via custom servlet(not exported) and use of service user accounts   ? Naturally model.json should not be something the general public sees

        i am considering use of exporter annotation as part of content services unless someone feels otherwise

        Imran Khan
        Community Advisor
        Imran KhanCommunity Advisor
        Community Advisor
        February 25, 2024

        @nitrohazedev 

        If you want to restrict access to the model.json data in a secure fashion without updating the host, you have a few options. Here are a couple of approaches you could consider:

        Restrict Access at the Servlet Level: You can create a custom servlet that serves the JSON data and then implement access control within the servlet code. This way, you have full control over who can access the JSON data. You can authenticate users using service user accounts or any other authentication mechanism of your choice. Once authenticated, you can verify whether the user has the necessary permissions to access the data before returning it. This approach gives you fine-grained control over access to the data.

        Use the Exporter Framework with Access Controls: You mentioned considering the Exporter annotation as part of content services. This is a good approach as well. You can use the Exporter framework to expose only the required data via the model.json, ensuring that sensitive information is not exposed to the general public. Additionally, you can implement access controls within your model classes or the exporter itself to restrict access to certain users or groups. This approach allows you to leverage AEM's built-in security mechanisms while still exposing data via the model.json.

         

        In both cases, you should ensure that access controls are implemented properly to prevent unauthorized access to the JSON data. Choose the approach that best fits your project requirements and security considerations.

        Terms & ConditionsAccessibility statement

        Loading footer...