Expand my Community achievements bar.

Bypassing CUG on asset directory

Avatar

Level 3
Level 3
11/26/24 9:27:15 AM

Hi, I have an interesting requirement...

I have directory that is currently CUG protected, meaning only certain user groups can access after authenticating. We have a new requirement where they would like to bypass the authentication if a vetted user clicks on the link (from an email).

 

So, for example, /content/dam/locked_assets/xyz.pdf (CUG protected at the folder level "locked_assets")

 

If someone goes to www.awebsite.com/content/dam/locked_assets/xyz.pdf,  it should redirect to login, but

if you go to www.awebsite.com/content/dam/locked_assets/xyz.pdf?hasAccess=true, it should bypass login.

 

It doesn't necessarily have to be a request parameter, but any other solution I'd be open to.

 

Thanks in advance!

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager 6.5 Experience Manager Sites

Views

168

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
5 Replies

Avatar

Community Advisor
Community Advisor
11/26/24 2:13:01 PM

Hello @Gunars_Vilcins 

 

If its only few assets and you would want them to get to the assets only via link then you can look at the AEM built in feature to share assets as a link  - https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/assets/manage/sh...

 

Hope this helps!

 

Thanks

Narendra

Views

107

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
11/26/24 8:47:03 PM

Hi @Gunars_Vilcins - There's no way to bypass the CUG that has been applied to restrict the asset access. AEM will need a login-token in the headers, to authenticate and determine the user's presence in CUG to serve the asset. So, you will have to rely on solution like Brand portal to get the asset accessible to a certain set of users.

 

Regards,

Views

93

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
11/26/24 11:35:40 PM

Hello @Gunars_Vilcins,

There isn't a direct way to bypass authentication, but you can consider the following approach:

  1. Create a service user with read access (using org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl) to the asset
  2. Manage an authentication key (e.g., stored in page properties and restricted from general access).
  3. Include the key as a parameter in the URL sent via email, which is mapped to a servlet internally.
  4. When the URL is clicked, the servlet can:
    • Validate the authentication key.
    • Perform an internal login for the service user using TokenUtil.createCredentials().
    • Grant the user access to the gated asset.

See if this helps..

Thanks     

Views

80

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
11/27/24 1:07:07 AM

Hi @Gunars_Vilcins 
I would suggest to make it simple and use service url pattern if you want to bypass login.

Example

 

www.awebsite.com/service/pdfdeliver.html?url=/content/dam/locked_assets/xyz.pdf
where /service/pdfdeliver.html map to the servlet which will read and deliver the content using service-user session.



Arun Patidar

Views

72

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Question Out of curiosity!! A asset upload in the AEM publish instance. Solved

Views

136

Likes

0

Replies

2
Performance | blocked js files on page load

Views

124

Likes

0

Replies

4
Show/hide fields based on checkbox in multifield

Views

133

Likes

0

Replies

4
Caching on AEM Cloud publish adobeaemcloud.com domain

Views

167

Likes

0

Replies

6
NullPointerException error while installing SSL Certificate on Publish instance

Views

48

Likes

0

Replies

1