Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Access denied to crxde

phani2811
Level 2
Level 2

Hi,

I would like to restrict a specific group not to access crxde lite in author mode .

Is there any way  to do that ?

suggestions are really appreciated,thx.

1 Accepted Solution
Jörg_Hoh
Correct answer by
Employee
Employee

Hi Anton,

I don't think that this will work in that way, because CRXDE Liste is not a Sling application; therefor you should write a plain Http Servlet and register it via Felix. Then you can do that.

Jörg

View solution in original post

1 Reply
Jörg_Hoh
Employee
Employee

Hi,

removing the links to https://hostname/crx/de/index.jsp doesn't help, if people are aware of it. Access to CRXDE Lite cannot be controlled using ACLs (in an AEM/Oak sense),  but only by implementing network ACLs; for example by alloweding only IPs from the admin network acess to /crx by implementing such rules through apache httpd config.

Jörg

Shaheena_Sk
Level 4
Level 4
what do we have to add to the httpd.config file to implement your idea??
vinayk70574604
Level 1
Level 1

Hi Jörg, the above solution holds good if there is a dispatcher infront of the author instance, also the admin will lose the access to crx if he moves out of the network for some reason (if the admin is on a travel for eg.), is it a good practice to consider IPs in this scenario?

Whats the alternative if there is no dispatcher in front of the author instance?

Anton_Smulskiy
Level 3
Level 3

Hi,

You can write a sling filter with a pattern property. Check runmode. Get UserId. Then get Authorizable from UserManager. Then you can call memberOf() method on Authorizable.

This is first what came to my mind. Maybe there are better ways to reach you goal.

kautuk_sahni
Community Manager
Community Manager

See if this helps you :- http://aemfaq.blogspot.in/2013/05/blocking-anonymous-access-to-crx-in-non.html

// Blocking anonymous access to Crx in a non dispatcher protected instance

~kautuk

Jörg_Hoh
Correct answer by
Employee
Employee

Hi Anton,

I don't think that this will work in that way, because CRXDE Liste is not a Sling application; therefor you should write a plain Http Servlet and register it via Felix. Then you can do that.

Jörg

View solution in original post

Anton_Smulskiy
Level 3
Level 3

Hi Jörg,

Yep, you are right, today I faced with issue that crxde doesn't show anything when nosamplecontent runmode used. I googled and found out that CRXde is not a sling app and if I'm not mistaken, WebDav protocol used to get jcr tree in CRXde.