Bypassing CUG on asset directory | Community
Skip to main content
G
Gunars_V
Level 3
November 26, 2024
Solved

Bypassing CUG on asset directory

  • November 26, 2024
  • 5 replies
  • 1237 views

Hi, I have an interesting requirement...

I have directory that is currently CUG protected, meaning only certain user groups can access after authenticating. We have a new requirement where they would like to bypass the authentication if a vetted user clicks on the link (from an email).

 

So, for example, /content/dam/locked_assets/xyz.pdf (CUG protected at the folder level "locked_assets")

 

If someone goes to www.awebsite.com/content/dam/locked_assets/xyz.pdf,  it should redirect to login, but

if you go to www.awebsite.com/content/dam/locked_assets/xyz.pdf?hasAccess=true, it should bypass login.

 

It doesn't necessarily have to be a request parameter, but any other solution I'd be open to.

 

Thanks in advance!

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by arunpatidar

Hi @gunars_v 
I would suggest to make it simple and use service url pattern if you want to bypass login.

Example

 

www.awebsite.com/service/pdfdeliver.html?url=/content/dam/locked_assets/xyz.pdf
where /service/pdfdeliver.html map to the servlet which will read and deliver the content using service-user session.

5 replies

narendiran_ravi
narendiran_ravi
Level 6
November 26, 2024

I think you can explore the brand portal or asset share commons. Please refer these links for more details. -https://medium.com/hoodoo-digital/do-you-need-brand-portal-or-asset-share-commons-4cdc6111326d  and https://experienceleague.adobe.com/en/docs/experience-manager-brand-portal/using/share/brand-portal-link-share 

narendragandhi
Community Advisor
narendragandhiCommunity Advisor
Community Advisor
November 26, 2024

Hello @gunars_v 

 

If its only few assets and you would want them to get to the assets only via link then you can look at the AEM built in feature to share assets as a link  - https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/assets/manage/share-assets#sharelink

 

Hope this helps!

 

Thanks

Narendra

Fanindra_Surat
Community Advisor
Fanindra_SuratCommunity Advisor
Community Advisor
November 27, 2024

Hi @gunars_v - There's no way to bypass the CUG that has been applied to restrict the asset access. AEM will need a login-token in the headers, to authenticate and determine the user's presence in CUG to serve the asset. So, you will have to rely on solution like Brand portal to get the asset accessible to a certain set of users.

 

Regards,

A_H_M_Imrul
Community Advisor
A_H_M_ImrulCommunity Advisor
Community Advisor
November 27, 2024

Hello @gunars_v,

There isn't a direct way to bypass authentication, but you can consider the following approach:

  1. Create a service user with read access (using org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl) to the asset
  2. Manage an authentication key (e.g., stored in page properties and restricted from general access).
  3. Include the key as a parameter in the URL sent via email, which is mapped to a servlet internally.
  4. When the URL is clicked, the servlet can:
    • Validate the authentication key.
    • Perform an internal login for the service user using TokenUtil.createCredentials().
    • Grant the user access to the gated asset.

See if this helps..

Thanks     

arunpatidar
Community Advisor
arunpatidarCommunity AdvisorAccepted solution
Community Advisor
November 27, 2024

Hi @gunars_v 
I would suggest to make it simple and use service url pattern if you want to bypass login.

Example

 

www.awebsite.com/service/pdfdeliver.html?url=/content/dam/locked_assets/xyz.pdf
where /service/pdfdeliver.html map to the servlet which will read and deliver the content using service-user session.

Arun Patidar
    Terms & ConditionsAccessibility statement

    Loading footer...