I've usually left security and access to servlets up to the network policies and the dispatcher configuration. Is there a best practice for securing an individual servlet within that servlet?
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @Robert-Harper ,
There is a very nice response on how to secure your sling servlet. please go through this link - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/secure-sling-servlet-need-...
Hi @Robert-Harper ,
There is a very nice response on how to secure your sling servlet. please go through this link - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/secure-sling-servlet-need-...
I saw that after I posted this question. It seems to me that there maybe should be a bit more.
As a side question, would you still use a service user to get the resource resolver or just expect the logged in user to have the ACL needed. Part if it is that my servlet is for an API so that other pages/sites can use some of the content as a service.
I would say using a service user is the better option as when you share the content as a service, the login information would not be available for publish sites. You should create a service user and provide the ACL's
Views
Likes
Replies
Views
Likes
Replies