@NitroHazeDev
If you want to restrict access to the model.json data in a secure fashion without updating the host, you have a few options. Here are a couple of approaches you could consider:
Restrict Access at the Servlet Level: You can create a custom servlet that serves the JSON data and then implement access control within the servlet code. This way, you have full control over who can access the JSON data. You can authenticate users using service user accounts or any other authentication mechanism of your choice. Once authenticated, you can verify whether the user has the necessary permissions to access the data before returning it. This approach gives you fine-grained control over access to the data.
Use the Exporter Framework with Access Controls: You mentioned considering the Exporter annotation as part of content services. This is a good approach as well. You can use the Exporter framework to expose only the required data via the model.json, ensuring that sensitive information is not exposed to the general public. Additionally, you can implement access controls within your model classes or the exporter itself to restrict access to certain users or groups. This approach allows you to leverage AEM's built-in security mechanisms while still exposing data via the model.json.
In both cases, you should ensure that access controls are implemented properly to prevent unauthorized access to the JSON data. Choose the approach that best fits your project requirements and security considerations.
