Adobe Experience Manager Sites & More

sonaliku · 11:40:01 AM

We want to enable basic authentication to access servlets at the /bin/<project> on author instances.

This approach is working perfectly fine on Publisher with some dispatcher config updates.

What configuration would be needed to allow /bin/<project> with Basic Auth on AMS author environment?

markus_bulla_adobe · 12:59:14 AM

As already mentioned by @DPrakashRaj, AMS setups come with a Dispatcher for both, Publish and author side. So you should be able to enable Basic Authentication for a specific path (e. g. /bin/project as mentioned in your question) by adding the according configuration to your webserver configuration.

There are other things to consider, though:

If you are using Cloud Manager for deployments, Basic Authentication is not recommended. It might conflict with Cloud Manager testing capabilities. The test agent/client could receive an HTTP 403 Forbidden response and the testing step would fail.
You could also think about adding authentication on AEM level for your servlets. Especially on author side, this would allow you to leverage the existing authorization and authentication capabilities of AEM and handle permissions for servlet access with your overall permission concept.

Hope this helps!

元の投稿で解決策を見る

DPrakashRaj · 8:15:21 PM

In AMS author and publisher are both behind the dispatcher. Please check the filter rules in dispatcher configs for author, if you are allowing the servlet path in allow rule. Should have similar dispatcher configuration on author for this servlet like dispatcher for publisher.

markus_bulla_adobe · 12:59:14 AM

Hi @sonaliku!

As already mentioned by @DPrakashRaj, AMS setups come with a Dispatcher for both, Publish and author side. So you should be able to enable Basic Authentication for a specific path (e. g. /bin/project as mentioned in your question) by adding the according configuration to your webserver configuration.

There are other things to consider, though:

If you are using Cloud Manager for deployments, Basic Authentication is not recommended. It might conflict with Cloud Manager testing capabilities. The test agent/client could receive an HTTP 403 Forbidden response and the testing step would fail.
You could also think about adding authentication on AEM level for your servlets. Especially on author side, this would allow you to leverage the existing authorization and authentication capabilities of AEM and handle permissions for servlet access with your overall permission concept.

Hope this helps!