Sling Servlet Filter to verify user group access | Community
Skip to main content
Uppari_Ramesh
Uppari_Ramesh
Level 5
September 3, 2023
Solved

Sling Servlet Filter to verify user group access

  • September 3, 2023
  • 3 replies
  • 1113 views

Hi Team,

 

I have a requirement for my servlets where I need to verify the end user access in AEM user group. If he is part of some xyz AEM group then only I want to allow him/her to access some /content resource. If he is not part of xyz group then I want to to reject the user request saying unauthorized. 

 

I have 10 servlets created and for all the servlets I need to create a one Servlet FILTER as a pre-processer to verify him/her against user group access.

 

I want to create a single filter for all servlets where I need to verify the user for AEM user group access in the FILTER itself. If he is part of XYZ group then allow him to access the original servlet and content. If he is not reject the request in filter itself by giving 401.

 

Now how can I create the Servlet Filter for this use case?

 

@lukasz-m @anchal 

 

Thanks,

Ramesh

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Nupur_Jain

Hi @uppari_ramesh 

 

When you create Servlet Filter, You get an option to specify the requests for which the filter should be called like

@Component( service = Filter.class, property = { EngineConstants.SLING_FILTER_SCOPE + "=REQUEST", EngineConstants.SLING_FILTER_PATTERN + "=" + "/content(/dam)?/myproject/(\\w{2})/(\\w{2})(/.*)?", Constants.SERVICE_RANKING + ":Integer=1" }) public class RequestFilter implements Filter {

 

You can always specify regex as shown above to specify all servlet paths for which the filter should be called.

There are other as well like sling.filter.resource.pattern, sling.filter.selectors, sling.filter.extensions mentioned in https://sling.apache.org/documentation/the-sling-engine/filters.html which can help you specify your requests better.

If you register servlets by resourceType, you can use property sling.filter.resourceTypes where you can specify the whole list of all resourceTypes of servlet.

Hope it helps!

Thanks

Nupur

3 replies

B_Sravan
Community Advisor
B_SravanCommunity Advisor
Community Advisor
September 3, 2023

Hi @uppari_ramesh ,

you can target all of your servlets with the resourceType mentioned in the filter declaration "sling.filter.resourceTypes" or other filter patterns no?

documentation: https://sling.apache.org/documentation/the-sling-engine/filters.html

Regards,

Sravan

    Nupur_Jain
    Adobe Employee
    Nupur_JainAdobe EmployeeAccepted solution
    Adobe Employee
    September 4, 2023

    Hi @uppari_ramesh 

     

    When you create Servlet Filter, You get an option to specify the requests for which the filter should be called like

    @Component( service = Filter.class, property = { EngineConstants.SLING_FILTER_SCOPE + "=REQUEST", EngineConstants.SLING_FILTER_PATTERN + "=" + "/content(/dam)?/myproject/(\\w{2})/(\\w{2})(/.*)?", Constants.SERVICE_RANKING + ":Integer=1" }) public class RequestFilter implements Filter {

     

    You can always specify regex as shown above to specify all servlet paths for which the filter should be called.

    There are other as well like sling.filter.resource.pattern, sling.filter.selectors, sling.filter.extensions mentioned in https://sling.apache.org/documentation/the-sling-engine/filters.html which can help you specify your requests better.

    If you register servlets by resourceType, you can use property sling.filter.resourceTypes where you can specify the whole list of all resourceTypes of servlet.

    Hope it helps!

    Thanks

    Nupur

      mahi1729
      mahi1729
      Level 4
      September 4, 2023

      Assuming these are custom servlets not bound by resource type, but are registered by paths, I suggest having a custom config attached to the filter where you can manage servlet paths and allowed groups, so inside your code one filter can validate different paths against the groups associated for authorization. However do remember that this works only for author and not publisher as publisher exposes content in anonymous fashion by default. Hope this insight helps. Thanks 

        Terms & ConditionsAccessibility statement

        Loading footer...