Adobe Experience Manager Sites & More

JyothiM · 2/25/25

I want to display error messages for unauthorised users when accessing /crx/de or /system/console pages. I have setup ACS error handler and its working fine for pages in the website - 404 not found, etc. But how do I make this work for unauthorised users accessing AEM pages.
Thanks in advance for any advice.

kautuk_sahni · 2/26/25

@arunpatidar @Rohan_Garg @sarav_prakash @anupampat @martin_ecx_io @stiegjo22 @Tad_Reeves @Ravi_Pampana @PcProf could you take a look at this question and share your thoughts? Your input would be really helpful!

Kautuk Sahni

arunpatidar · 2/26/25

Hi @JyothiM

I think you can setup this via dispatcher.

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/show-custom-404-error-mess...

Arun Patidar

JyothiM · 2/26/25

Hi @arunpatidar,

Thanks for the reply.

I already have ErrorDocument added in my dispatcher vhost file. But still its showing the default error messages for /crx/de and other console pages when accessed.

ErrorDocument 404 /error/404.html
ErrorDocument 500 /error/500.html
ErrorDocument 403 /error/403.html

Please suggest on how to get this working for AEM console pages.

arunpatidar · 2/27/25

Hi @JyothiM

Can you try debugging on diapathcer, I can see that for non-authorized user, /crx/de/ returns 404

Arun Patidar

Rohan_Garg · 3/6/25

Hey @JyothiM,

For dispatcher error handling do you have DispatcherPassError enabled along with ErrorDocument?

If you are unable to handle this at dispatcher you can probably use a Sling Filter to intercept requests, check if the user has access and then redirect to custom error page.
Here's a sample code -

@Designate(ocd = AccessRestrictionFilter.Config.class)
@Designate(ocd = AccessRestrictionFilter.class)
@Component(immediate = true)
public class AccessRestrictionFilter implements Filter {

    private static final String[] RESTRICTED_PATHS = {"/crx/de", "/system/console"};

    @Activate
    @Modified
    public void activate() {
        // Perform any initialization here, if necessary.
    }

    @Override
    public void doFilter(Request request, Response response, FilterChain chain) throws IOException, ServletException {
        String requestPath = request.getRequestPathInfo().getResourcePath();

        // Check if the user is trying to access restricted paths
        if (Arrays.asList(RESTRICTED_PATHS).contains(requestPath)) {
            if (!hasPermission(request)) {
                response.sendRedirect("/content/unauthorized.html");
                return;
            }
        }

        // Proceed to the next filter in the chain if authorized
        chain.doFilter(request, response);
    }

    private boolean hasPermission(Request request) {
        // Implement the logic to check if the user has the appropriate permissions
        // You could check the request user, roles, etc.
        return false;  // Change to true if the user has permissions
    }
}

Hope this helps!

Rohan Garg

arunpatidar · 3/6/25

Hi @Rohan_Garg

I am not sure if the Sling filter will be executing on below paths.

private static final String[] RESTRICTED_PATHS = {"/crx/de", "/system/console"};

I had to implement a tricky solution for that

https://medium.com/@arunpatidar26/restrict-access-to-crxde-in-aem-08ad9f2934c2

Adobe Experience Manager Sites & More

ACS error handler for AEM unauthorised pages

Kautuk Sahni

Arun Patidar

Arun Patidar

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe