Expand my Community achievements bar.

SOLVED

anonymous user access to /etc using curl

Avatar

Level 4
Level 4
2/19/18 12:28:13 PM

AEM 6.2 does not come with the access to /etc folder for anonymous user. Dispatcher connects to publisher as an anonymous user. Instead of changing the access on each user's aem, I am wondering if there is a curl command we can use to edit the anonymous users access to allow read access for /etc folder.

We tried few commands but none of these seem to work -

curl admin:admin -FprincipalId=anonymous -X POST --data-urlencode "changelog=path:/etc,read:true,modify:false,create:false,delete:false,acl_read:false,acl_edit:false,replicate:false" http://localhost:4503/.cqactions.htm

curl -u admin:admin -FprincipalId=anonymous -Fprivilege@jcr:all=granted http://localhost:4503/etc.modifyAce.html

Does anyone have any idea how we can achieve?

solution proposed in Anonymous read access to entire /etc is now removed. So we need to give read permission to all requi...  will require each developer in the team to do it, but we wanted if it could be achieved through curl command as we are working for setting the AEM env using Docker.

Views

2.6K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 3
Level 3
2/19/18 5:04:15 PM

Sharm​, It looks to me you're pretty close with the CURL command you have only need a couple of changes:

1) I'm using AEM6.3 so I reference "authorizableId" instead of "principalId". To take a look at the actual parameters you have to use in your command, you can log into useradmin console (http://localhost:4502/useradmin ) open developer tools from browser (F12), access network tab and take a look at parameters.

curl -u admin:admin -FauthorizableId=anonymous -Fchangelog="path:/etc,read:true,modify:false,create:false,delete:false,acl_read:false,t:false,replicate:false" http://localhost:4503/.cqactions.html

2) curl command won't work OOTB due to Cross Site Forgery Request prevention. You'll need to configure "Adobe Granite CSRF Filter" and add "curl" as a safe user agent.

View solution in original post

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Level 3
Level 3
2/19/18 5:04:15 PM

Sharm​, It looks to me you're pretty close with the CURL command you have only need a couple of changes:

1) I'm using AEM6.3 so I reference "authorizableId" instead of "principalId". To take a look at the actual parameters you have to use in your command, you can log into useradmin console (http://localhost:4502/useradmin ) open developer tools from browser (F12), access network tab and take a look at parameters.

curl -u admin:admin -FauthorizableId=anonymous -Fchangelog="path:/etc,read:true,modify:false,create:false,delete:false,acl_read:false,t:false,replicate:false" http://localhost:4503/.cqactions.html

2) curl command won't work OOTB due to Cross Site Forgery Request prevention. You'll need to configure "Adobe Granite CSRF Filter" and add "curl" as a safe user agent.

Views

1.8K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 4
Level 4
2/20/18 7:13:27 AM

Thank you very much. It seems to have worked .  I did not have to do the #2 updates for Adobe Granite CSRF Filter as OOTB it was allowed (may be it is the case in AEM 6.2Screen Shot 2018-02-20 at 9.10.46 AM.png).

Views

1.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM 6.5 - Cannot add DAM to AEM Sites Launch

Views

22

Likes

0

Replies

1
Users Authentication on AEMasCS - Author instances using SSO via Azure AD

Views

34

Likes

0

Replies

0
AIO rde cli issue - not able to run install command to deploy pkgs/file

Views

171

Likes

0

Replies

8
Unable to use com.google.code.gson class in aem

Views

99

Likes

0

Replies

2
Can time trigger be set up in AEM and/or Adobe Launch for deploying a Facebook Pixel to track site visitor information?

Views

45

Likes

0

Replies

0