Adobe Experience Manager Sites & More

Robert-Harper · 3/7/22

I've usually left security and access to servlets up to the network policies and the dispatcher configuration. Is there a best practice for securing an individual servlet within that servlet?

Anish-Sinha · 3/7/22

Hi @Robert-Harper ,

There is a very nice response on how to secure your sling servlet. please go through this link - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/secure-sling-servlet-need-...

View solution in original post

Anish-Sinha · 3/7/22

Hi @Robert-Harper ,

There is a very nice response on how to secure your sling servlet. please go through this link - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/secure-sling-servlet-need-...

Robert-Harper · 3/7/22

I saw that after I posted this question. It seems to me that there maybe should be a bit more.

As a side question, would you still use a service user to get the resource resolver or just expect the logged in user to have the ACL needed. Part if it is that my servlet is for an API so that other pages/sites can use some of the content as a service.

Anish-Sinha · 3/7/22

I would say using a service user is the better option as when you share the content as a service, the login information would not be available for publish sites. You should create a service user and provide the ACL's

Adobe Experience Manager Sites & More

Best practice for securing a Sling servlet

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe