Access denied to crxde

Avatar

Avatar
Validate 1
Level 1
phani2811
Level 1

Like

1 like

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile

Avatar
Validate 1
Level 1
phani2811
Level 1

Like

1 like

Total Posts

12 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 1
View profile
phani2811
Level 1

14-03-2017

Hi,

I would like to restrict a specific group not to access crxde lite in author mode .

Is there any way  to do that ?

suggestions are really appreciated,thx.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,134 likes

Total Posts

3,161 posts

Correct reply

1,079 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,134 likes

Total Posts

3,161 posts

Correct reply

1,079 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

16-03-2017

Hi Anton,

I don't think that this will work in that way, because CRXDE Liste is not a Sling application; therefor you should write a plain Http Servlet and register it via Felix. Then you can do that.

Jörg

Answers (5)

Answers (5)

Avatar

Avatar
Validate 1
Level 2
Anton_Smulskiy
Level 2

Likes

3 likes

Total Posts

35 posts

Correct reply

4 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Applaud 5
Affirm 3
View profile

Avatar
Validate 1
Level 2
Anton_Smulskiy
Level 2

Likes

3 likes

Total Posts

35 posts

Correct reply

4 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Applaud 5
Affirm 3
View profile
Anton_Smulskiy
Level 2

16-03-2017

Hi Jörg,

Yep, you are right, today I faced with issue that crxde doesn't show anything when nosamplecontent runmode used. I googled and found out that CRXde is not a sling app and if I'm not mistaken, WebDav protocol used to get jcr tree in CRXde. 

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,200 likes

Total Posts

6,394 posts

Correct reply

1,147 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,200 likes

Total Posts

6,394 posts

Correct reply

1,147 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

16-03-2017

See if this helps you :- http://aemfaq.blogspot.in/2013/05/blocking-anonymous-access-to-crx-in-non.html

// Blocking anonymous access to Crx in a non dispatcher protected instance

~kautuk

Avatar

Avatar
Validate 1
Level 2
Anton_Smulskiy
Level 2

Likes

3 likes

Total Posts

35 posts

Correct reply

4 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Applaud 5
Affirm 3
View profile

Avatar
Validate 1
Level 2
Anton_Smulskiy
Level 2

Likes

3 likes

Total Posts

35 posts

Correct reply

4 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Applaud 5
Affirm 3
View profile
Anton_Smulskiy
Level 2

15-03-2017

Hi,

You can write a sling filter with a pattern property. Check runmode. Get UserId. Then get Authorizable from UserManager. Then you can call memberOf() method on Authorizable.

This is first what came to my mind. Maybe there are better ways to reach you goal.

Avatar

Avatar
Boost 1
Level 1
vinayk70574604
Level 1

Like

1 like

Total Posts

5 posts

Correct reply

1 solution
Top badges earned
Boost 1
Affirm 1
View profile

Avatar
Boost 1
Level 1
vinayk70574604
Level 1

Like

1 like

Total Posts

5 posts

Correct reply

1 solution
Top badges earned
Boost 1
Affirm 1
View profile
vinayk70574604
Level 1

15-03-2017

Hi Jörg, the above solution holds good if there is a dispatcher infront of the author instance, also the admin will lose the access to crx if he moves out of the network for some reason (if the admin is on a travel for eg.), is it a good practice to consider IPs in this scenario?

Whats the alternative if there is no dispatcher in front of the author instance?

Avatar

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,134 likes

Total Posts

3,161 posts

Correct reply

1,079 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile

Avatar
Coach
Employee
Jörg_Hoh
Employee

Likes

1,134 likes

Total Posts

3,161 posts

Correct reply

1,079 solutions
Top badges earned
Coach
Give back 600
Ignite 5
Ignite 3
Ignite 1
View profile
Jörg_Hoh
Employee

15-03-2017

Hi,

removing the links to https://hostname/crx/de/index.jsp doesn't help, if people are aware of it. Access to CRXDE Lite cannot be controlled using ACLs (in an AEM/Oak sense),  but only by implementing network ACLs; for example by alloweding only IPs from the admin network acess to /crx by implementing such rules through apache httpd config.

Jörg