Level 3

Aem Asset API authentication

Forum|Forum|1 year ago
July 22, 2024
2 replies
2122 views

Hi,

I am trying to create an servlet which will be used to upload an asset to AEM. The whole author system is behind Microsoft OIDC authentication. So, in our case, we will be using bearer token to authenticate the servlet request.

I am trying to do a http post to the OOTB assets API.

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/assets/extending/mac-api-assets#create-an-asset

However, the challenge here is the authentication for the OOTB assets API. If I use the bearer token in authorization header, it fails with the below error

com.adobe.granite.rest.impl.servlet.PostRequest Exception during request processing.
java.lang.IllegalArgumentException: Can't create child on a synthetic root
	at org.apache.sling.resourceresolver.impl.ResourceResolverImpl.create(ResourceResolverImpl.java:1004)
	at org.apache.sling.resourceresolver.impl.ResourceResolverImpl.create(ResourceResolverImpl.java:1002)
	at org.apache.sling.resourceresolver.impl.ResourceResolverImpl.create(ResourceResolverImpl.java:1002)
	at org.apache.sling.resourceresolver.impl.ResourceResolverImpl.create(ResourceResolverImpl.java:1002)
	at com.adobe.granite.rest.impl.servlet.ModifyingRequest.createOrModifyResource(ModifyingRequest.java:121)

And the only way I am able to create an asset via this custom servlet is by calling the OOTB API via the direct IP with the basic admin credentials.

Is it possible to use token based authentication?

Best regards,
Vijaya Kumar A

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

anupampat

Community Advisor

Hi @vjleo94 ,

Not sure if you have already tried using this but you will need an external application for this (nodejs)- https://experienceleague.adobe.com/en/docs/experience-manager-learn/getting-started-with-aem-headless/authentication/overview

Regards,

Anupam Patra

rajeshb63021282

This is for AEM as a Cloud Service can we access Assets API on a AEM standalone or AEM via AMS?

What is the authentication used?

rajeshb63021282

@rajeshb63021282 ,

https://experienceleague.adobe.com/en/docs/experience-manager-65/content/assets/extending/mac-api-assets#create-an-asset

This documentation is for non cloud AEM.

Best regards,

Vijay

@vjleo94 The document you provide doesn't talk any thing about authentication except basic auth of user and password.

How do we authenticate this Assets API request(POST) before we create a asset?

Allowing POST on CSRF filter can let anyone create asset in AEM if I'm not wrong.

sarav_prakash

Community Advisor

@vjleo94 , trust me, your approach of servlet to upload assets will 100% fail. I wrote an article explaining all challenges we faced calling servlet to upload assets - https://medium.com/@bsaravanaprakash/how-we-migrated-a-million-assets-into-aem-cloud-service-dam-ef7eb74d30fa

So technically you can leverage Adobe IMS to authenticate https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/developing/generating-access-tokens-for-server-side-apis

But if you are running on AEMaaCS, servlet approach will 100% fail. Consider switching to

cloud-way using https://github.com/adobe/aem-upload
Using bulk uploader - https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/migration/bulk-import
Or like I wrote custom implementation using asset compute microservice https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/asset-compute/overview

Do consider not writing servlets, as they are not scalable. Will easily crash AEM JVM.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded