Adobe Experience Manager Forms

Correct, none of 3rd-part viewers will show the document content. But apparently you can add some unprotected content that will be displayed by 3rd-party viewers. While Adobe Reader does not display it and instead asks you to log in to AEM Forms.

I believe you can leave the document's metadata unencrypted. This is an option when protecting the document.

Yes, but I think what I'm talking about is not metadata. That's what I'm trying to figure out - what is it? Have a look here: How to display custom content in protected PDF files? - Stack Overflow . I posted screenshots of such document when opened by Adobe Reader and by 3rd-party viewer.

DarrenBiz​ Thank you so much! I really cannot thank you enough!

In my code, I literally replaced a call to .protectDocument() with a call to .protectDocumentWithCoverPage(), and everything worked out of the box.

DarrenBiz​ Maybe you could help me with something else please?

We use External Authorizer with AEM Forms, so as per documentation we implemented public class MyExternalAuthorizer implements ExternalAuthorizer { … }, which has a method @Override public ExternalAuthResultDTO evaluate(ExternalAuthDTO authDto) { … }. In the method, we create new instance of ExternalAuthResultDTO class and call .setPermissions() on it to apply permissions as needed if the user is allowed to view the document.

But if the user is not allowed to view the doc, we just return the instance of ExternalAuthResultDTO without setting any permissions. As a result, the user sees this in Adobe Reader:

Is there a way to customise this message?

I haven't actually used the functionality that you are describing, but I took a quick look at the ExternalAuthResultDTO API and it has a method public void setAccessDeniedErrorMessage(java.lang.String accessDeniedErrorMessage) [1] . This looks like it should customise the error message that is returned if the user doesn't get any permissions set.

The method says it sets the error message during the evaluate() method so if you override this method (as you are) I expect you can set your own message to be returned.

[1] ExternalAuthResultDTO (AEM forms on JEE Java API Reference)

Thanks DarrenBiz, I do not know how I missed that method! Unless it was not there yet when I developed the External Authorizer, it was 3 years ago.

Unfortunately it did not work, calling the method did not change the error message in Adobe Reader. But at least now I have something to go to Adobe support with.