Adobe Experience Manager Sites & More

Gunars_V · 9:27:15 AM

Hi, I have an interesting requirement...

I have directory that is currently CUG protected, meaning only certain user groups can access after authenticating. We have a new requirement where they would like to bypass the authentication if a vetted user clicks on the link (from an email).

So, for example, /content/dam/locked_assets/xyz.pdf (CUG protected at the folder level "locked_assets")

If someone goes to www.awebsite.com/content/dam/locked_assets/xyz.pdf, it should redirect to login, but

if you go to www.awebsite.com/content/dam/locked_assets/xyz.pdf?hasAccess=true, it should bypass login.

It doesn't necessarily have to be a request parameter, but any other solution I'd be open to.

Thanks in advance!

arunpatidar · 1:07:07 AM

Hi @Gunars_V
I would suggest to make it simple and use service url pattern if you want to bypass login.

Example

www.awebsite.com/service/pdfdeliver.html?url=/content/dam/locked_assets/xyz.pdf
where /service/pdfdeliver.html map to the servlet which will read and deliver the content using service-user session.

Arun Patidar

元の投稿で解決策を見る

narendiran_ravi · 11:33:19 AM

I think you can explore the brand portal or asset share commons. Please refer these links for more details. -https://medium.com/hoodoo-digital/do-you-need-brand-portal-or-asset-share-commons-4cdc6111326d and https://experienceleague.adobe.com/en/docs/experience-manager-brand-portal/using/share/brand-portal-...

narendragandhi · 2:13:01 PM

Hello @Gunars_V

If its only few assets and you would want them to get to the assets only via link then you can look at the AEM built in feature to share assets as a link - https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/assets/manage/sh...

Hope this helps!

Thanks

Narendra

Fanindra_Surat · 8:47:03 PM

Hi @Gunars_V - There's no way to bypass the CUG that has been applied to restrict the asset access. AEM will need a login-token in the headers, to authenticate and determine the user's presence in CUG to serve the asset. So, you will have to rely on solution like Brand portal to get the asset accessible to a certain set of users.

Regards,

A_H_M_Imrul · 11:35:40 PM

Hello @Gunars_V,

There isn't a direct way to bypass authentication, but you can consider the following approach:

Create a service user with read access (using org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl) to the asset
Manage an authentication key (e.g., stored in page properties and restricted from general access).
Include the key as a parameter in the URL sent via email, which is mapped to a servlet internally.
When the URL is clicked, the servlet can:
- Validate the authentication key.
- Perform an internal login for the service user using TokenUtil.createCredentials().
- Grant the user access to the gated asset.

See if this helps..

Thanks

arunpatidar · 1:07:07 AM

Hi @Gunars_V
I would suggest to make it simple and use service url pattern if you want to bypass login.

Example

www.awebsite.com/service/pdfdeliver.html?url=/content/dam/locked_assets/xyz.pdf
where /service/pdfdeliver.html map to the servlet which will read and deliver the content using service-user session.

Adobe Experience Manager Sites & More

Bypassing CUG on asset directory

Arun Patidar

Arun Patidar

学習

ドキュメント

イベント

コミュニティ

サポート

リソース

Adobe アカウント

Adobe