Why is this needed?
It may just be me, but I’ve found it incredibly common for clients to request an unauthenticated URL to view in-progress pages within an AEM Author instance. The ask makes a lot of sense, as often those who approve content will often just want to give a cursory glance, and not need extensive time within the AEM Author system or a dedicated login/account. Instead, it’d be great to have a way to preview content prior to go-live, potentially via an offline or email based approval process. Today, that is not available out of the box with AEM, and people wanting to have this behavior have either a dedicated “Preview” Publish instance, or alternatively, have to bite the bullet and forced all their approvers to log in prior to seeing any content.
A new challenger approaches
Enter the Preview Servlet. This custom servlet bypasses authentication and allows a page to render directly on the active author instance. How, you ask? A little trick within the Sling Servlet specification to remove authentication on the servlet request, coupled with a separate apache VHost configuration used to force all traffic requested to go through our preview servlet. (Ideally, this is done via a separate, specific sub-domain)
Now, let’s break down how this servlet works.