Implementing Authentication for servlet on publish instance | Community
Skip to main content
__96
__96
Level 4
January 21, 2016
Solved

Implementing Authentication for servlet on publish instance

  • January 21, 2016
  • 11 replies
  • 7948 views

Hi,

I have a scenario and any suggestions in implementing that will be of great help. I have a servlet created on publish that will have POST requests coming from a lot of other third party applications. This servlet just stores the incoming posted data in JCR. I have successfully created this servlet but now the requirement is to make this servlet secured so that only applications hitting this servlet with particular username and password should be entertained.

Has anyone knowledge on what I can do to achieve this.

Thanks,

Samir

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by Jitendra_S_Toma

    Hi Samir,

    Use UserManager API in your servlets which handles are the request from third party applications. Through UserManager API, you could extract individual user profiles to do validation against given parameters.

    Here is the doc which could help you.

    http://wemcode.wemblog.com/user-group-management

    https://docs.adobe.com/docs/en/aem/6-0/develop/ref/javadoc/org/apache/jackrabbit/api/security/user/UserManager.html

    Jitendra

    $@^^!R wrote...

    Hi,

    I have a scenario and any suggestions in implementing that will be of great help. I have a servlet created on publish that will have POST requests coming from a lot of other third party applications. This servlet just stores the incoming posted data in JCR. I have successfully created this servlet but now the requirement is to make this servlet secured so that only applications hitting this servlet with particular username and password should be entertained.

    Has anyone knowledge on what I can do to achieve this.

    Thanks,

    Samir

     

    11 replies

    Show previous replies
    Kunal_Gaba_
    Kunal_Gaba_
    January 29, 2016

    Also, if you use ACLs/permissions approach instead of CUG then you will get an error page with 403 response code in the header(if the passed user does not have permissions) and if it is successful then you will get 200 as response code in the header. In your service code you can check on the response header value to determine if the post was success or not. 

      Terms & ConditionsAccessibility statement

      Loading footer...