Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Best practice for securing a Sling servlet

Avatar

Level 2

I've usually left security and access to servlets up to the network policies and the dispatcher configuration. Is there a best practice for securing an individual servlet within that servlet?

1 Accepted Solution

Avatar

Correct answer by
Level 10

Hi @Robert-Harper ,

There is a very nice response on how to secure your sling servlet. please go through this link - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/secure-sling-servlet-need-...

 

View solution in original post

3 Replies

Avatar

Correct answer by
Level 10

Hi @Robert-Harper ,

There is a very nice response on how to secure your sling servlet. please go through this link - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/secure-sling-servlet-need-...

 

Avatar

Level 2

I saw that after I posted this question. It seems to me that there maybe should be a bit more.

As a side question, would you still use a service user to get the resource resolver or just expect the logged in user to have the ACL needed. Part if it is that my servlet is for an API so that other pages/sites can use some of the content as a service.

Avatar

Level 10

I would say using a service user is the better option as when you share the content as a service, the login information would not be available for publish sites. You should create a service user and provide the ACL's