We are not able to access the /apps data in the pathfield if we give the rootpath=/apps in AEM 6.4.2 | Community
Skip to main content
T
textlang
Level 2
April 23, 2020
Solved

We are not able to access the /apps data in the pathfield if we give the rootpath=/apps in AEM 6.4.2

  • April 23, 2020
  • 1 reply
  • 1839 views

We are not able to access the /apps data in the pathfield if we give the rootpath=/apps in AEM 6.4.2. http://localhost:4502/apps.ext.json?_dc=1587623884633&predicate=siteadmin&_charset_=utf-8&node=xnode-34 always returns blank data.

 

We have checked the permissions of the /apps folder and tried giving all the permissions to everyone group but its not working.

 

Kindly suggest.

Thanks,

Ni**bleep**a Sikaria

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by BrianKasingli

Hi @textlang,

It's best NOT to allow access to the /apps folder, especially to the everyone group. This will open yourself up to security vulnerabilities.

Instead, to get a JSON representation of the contents for the given folder, you should create a Sling Servlet. You must create a system user, set ACL permissions, and configure the Apache sling Service User Mapper Service Amendment (tutorial); or a more streamlined and automated way, use the ACS Commons Ensure Authorizable to set these things up.

https://localhost:4503/home.appsfolder.json; you can use this strategy to sugar coat or to change the formatting of the URL when delivering the content.

Example:

 

@Component(service = Servlet.class) @SlingServletResourceTypes( resourceTypes = "sling/servlet/default", methods = METHOD_GET, extensions = "json", selectors = "appsfolder") public class AppsFolderServlet extends SlingSafeMethodsServlet { @Override protected void doGet(SlingHttpServletRequest req, SlingHttpServletResponse res) throws IOException { res.setContentType(APPLICATION_JSON_UTF8); res.setStatus(SlingHttpServletResponse.SC_OK); List<Folder> folders = getFolders(req); String json = new ObjectMapper().writeValueAsString(pageItems); res.getWriter().write(json); } private List<Folder> getFolders() { ... return folder; } }

 

 

Caveats when binding servlets by path:

Binding servlets by paths has several disadvantages when compared to binding by resource types, namely:

  • path-bound servlets cannot be access-controlled using the default JCR repository ACLs
  • path-bound servlets can only be registered to a path and not a resource type (i.e. no suffix handling)
  • if a path-bound servlet is not active, e.g. if the bundle is missing or not started, a POST might result in unexpected results. usually creating a node at /bin/xyz which subsequently overlays the servlets path binding
  • the mapping is not transparent to a developer looking just at the repository

Documentation: https://sling.apache.org/documentation/the-sling-engine/servlets.html#caveats-when-binding-servlets-by-path

I hope this works. 

1 reply

BrianKasingli
Community Advisor and Adobe Champion
BrianKasingliCommunity Advisor and Adobe ChampionAccepted solution
Community Advisor and Adobe Champion
April 23, 2020

Hi @textlang,

It's best NOT to allow access to the /apps folder, especially to the everyone group. This will open yourself up to security vulnerabilities.

Instead, to get a JSON representation of the contents for the given folder, you should create a Sling Servlet. You must create a system user, set ACL permissions, and configure the Apache sling Service User Mapper Service Amendment (tutorial); or a more streamlined and automated way, use the ACS Commons Ensure Authorizable to set these things up.

https://localhost:4503/home.appsfolder.json; you can use this strategy to sugar coat or to change the formatting of the URL when delivering the content.

Example:

 

@Component(service = Servlet.class) @SlingServletResourceTypes( resourceTypes = "sling/servlet/default", methods = METHOD_GET, extensions = "json", selectors = "appsfolder") public class AppsFolderServlet extends SlingSafeMethodsServlet { @Override protected void doGet(SlingHttpServletRequest req, SlingHttpServletResponse res) throws IOException { res.setContentType(APPLICATION_JSON_UTF8); res.setStatus(SlingHttpServletResponse.SC_OK); List<Folder> folders = getFolders(req); String json = new ObjectMapper().writeValueAsString(pageItems); res.getWriter().write(json); } private List<Folder> getFolders() { ... return folder; } }

 

 

Caveats when binding servlets by path:

Binding servlets by paths has several disadvantages when compared to binding by resource types, namely:

  • path-bound servlets cannot be access-controlled using the default JCR repository ACLs
  • path-bound servlets can only be registered to a path and not a resource type (i.e. no suffix handling)
  • if a path-bound servlet is not active, e.g. if the bundle is missing or not started, a POST might result in unexpected results. usually creating a node at /bin/xyz which subsequently overlays the servlets path binding
  • the mapping is not transparent to a developer looking just at the repository

Documentation: https://sling.apache.org/documentation/the-sling-engine/servlets.html#caveats-when-binding-servlets-by-path

I hope this works. 

Terms & ConditionsAccessibility statement

Loading footer...