Hi everyone,
My scenario is the following: I created a custom servlet (registered to a path, lets say /bin/servlet) that is getting called from an external system and it performs a couple of actions on the Assets (moving and setting metadata values). The servlet is only available in author instances.
My question is if there's any simple way of securing the servlet endpoint to work as the Assets HTTP API do, where you need to generate a JWT and then exchange it for a bearer token to be able to call the AEMaaCS instance.
If not, what are the correct ways of securing servlets when using AEMaaCS.