Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Best practice for securing a Sling servlet

Avatar

Level 4

I've usually left security and access to servlets up to the network policies and the dispatcher configuration. Is there a best practice for securing an individual servlet within that servlet?

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi @Robert-Harper ,

There is a very nice response on how to secure your sling servlet. please go through this link - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/secure-sling-servlet-need-...

 

View solution in original post

3 Replies

Avatar

Correct answer by
Employee Advisor

Hi @Robert-Harper ,

There is a very nice response on how to secure your sling servlet. please go through this link - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/secure-sling-servlet-need-...

 

Avatar

Level 4

I saw that after I posted this question. It seems to me that there maybe should be a bit more.

As a side question, would you still use a service user to get the resource resolver or just expect the logged in user to have the ACL needed. Part if it is that my servlet is for an API so that other pages/sites can use some of the content as a service.

Avatar

Employee Advisor

I would say using a service user is the better option as when you share the content as a service, the login information would not be available for publish sites. You should create a service user and provide the ACL's