Best practice for securing a Sling servlet | Community
Skip to main content
Robert-Harper
Robert-Harper
Level 3
March 7, 2022
Solved

Best practice for securing a Sling servlet

  • March 7, 2022
  • 1 reply
  • 1400 views

I've usually left security and access to servlets up to the network policies and the dispatcher configuration. Is there a best practice for securing an individual servlet within that servlet?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Anish-Sinha

Hi @robert-harper ,

There is a very nice response on how to secure your sling servlet. please go through this link - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/secure-sling-servlet-need-suggestions/m-p/417890

 

1 reply

Anish-Sinha
Adobe Employee
Anish-SinhaAdobe EmployeeAccepted solution
Adobe Employee
March 7, 2022

Hi @robert-harper ,

There is a very nice response on how to secure your sling servlet. please go through this link - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/secure-sling-servlet-need-suggestions/m-p/417890

 

    Robert-Harper
    Robert-HarperAuthor
    Level 3
    March 7, 2022

    I saw that after I posted this question. It seems to me that there maybe should be a bit more.

    As a side question, would you still use a service user to get the resource resolver or just expect the logged in user to have the ACL needed. Part if it is that my servlet is for an API so that other pages/sites can use some of the content as a service.

      Anish-Sinha
      Adobe Employee
      Anish-SinhaAdobe Employee
      Adobe Employee
      March 7, 2022

      I would say using a service user is the better option as when you share the content as a service, the login information would not be available for publish sites. You should create a service user and provide the ACL's

        Terms & ConditionsAccessibility statement

        Loading footer...