Sling Servlet expsoing as JSON Content Services | Community
Skip to main content
Chandra_gupta
Chandra_gupta
Level 4
July 17, 2016
Solved

Sling Servlet expsoing as JSON Content Services

  • July 17, 2016
  • 5 replies
  • 4246 views

I have AEM 5.6.1 implementation which is heavily content based application and implemented single sign on using Some Central authentication Services and Publish server has URL protected like  /content, /etc, /dam /bin etc.

So anybody try to access CQ Content path mostly will be redirected to CAS …Browser gets Auth token after successful login and then CQ5 publish let you go into the system.

Requirement is want to expose some of the content as Json Service and I can expose content i.e. /content/xyz.6.json. or I can write a Sling servlet and dump any content path into JSON Reponses.

CQ5 is running in domain x1.x.com. while Other client is running x2.x.xom . both are under the same CAS and understand Auth Cookies very well ..so in the same browser session if I am logged in, I can access  cq5 CONTENT OR servlet like this  http://x1.x.com/content/xyz.6.json or . http://x1.x.com/bin/jsonContentService so accessing CQ5 any Content URL in the same browser is not an issue.

Where is the Problem?

When I try to make a ajax call in JS code in x2.x.xom to http://x1.x.com/content/xyz.6.json I get several issue.

  1. Cors… so I put this in the IIS web.config  in cq5 side “Access-Control-Allow-Origin *” so this is taken care.
  2. Auth Cookies are available in browser and when content URL is called from AJAX call/restful Cookies are being passed to CQ5 SSO code but Custom Client SSO in Publish does not understand the Auth Cookies and redirect to CAS Login URL.

If you try to access the Same Content URL in browser then Custom SSO on Publish able to reads the Auth cookies and let you go..I understand this is very vague situation people talks a lot on this in several blogs and forum.  Anybody can share some thoughts?

My primary question is why Auth works in Browser access but not in Ajax call?

Regards,
Chandra

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Chandra_gupta

Both domains are running on https..i am not getting your point.

I did it differently.. I created a anonymous Sling servlet which has Auth cookies...I verify that cookies was issued by right authority if yes then i expose the relevant Content as JSON in browser response.

5 replies

S
stevec2515680
Level 4
July 17, 2016

Are you trying to access servet using Ajax fom AEM JSP?

Chandra_gupta
Chandra_guptaAuthor
Level 4
July 17, 2016

.Application is Angular JS code in x2.x.xom  is making call to AEM sling Servlet which is in x1.x.com. Remember .x.com is common domain. and both domain are under CAS for Authentication.

A
Abhinav_m
Level 2
July 17, 2016
Check the type of auth cookie. If it is https and secured then , cross domain, it won't be visible to client side scripts (js), but would be sever side.
Chandra_gupta
Chandra_guptaAuthorAccepted solution
Level 4
July 18, 2016

Both domains are running on https..i am not getting your point.

I did it differently.. I created a anonymous Sling servlet which has Auth cookies...I verify that cookies was issued by right authority if yes then i expose the relevant Content as JSON in browser response.

Chandra_gupta
Chandra_guptaAuthor
Level 4
July 18, 2016

These are finally needed to be setup on Server side either in servelt or on IIS..

        final ResourceResolver resourceResolver = request.getResourceResolver();
        response.addHeader("Access-control-Allow-Origin", "http://source domain");
        response.addHeader("Access-Control-Allow-Credentials", "true");
        response.addHeader("Access-Control-Allow-Headers", "timestamp,X-XSRF-TOKEN,Referer,sourceSystem,transactionId");

Terms & ConditionsAccessibility statement

Loading footer...