Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Default Get Servlet of sling redirecting to login page

Avatar

Level 4
Level 4
6/12/18 3:01:57 AM

Hello,

I am trying to access the Default GET Servlet of Sling from http://localhost:8080/ and the response is the login.html page.  The AEM instance is running on http://localhost:4502 Please suggest what i need to do to be able to access jcr content with Default GET Servlet of Sling.

Jörg Hoh​, smacdonald2008​, please look into this if possible.

1506813_pastedImage_0.png

Thank you in advance.

Views

7.3K

Replies

10
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 4
Level 4
6/14/18 6:47:23 PM

Hello,

Thank you Jörg Hoh​, arunp99088702 and smacdonald2008


Since the answer to this question is a combination of responses to this post, am writing the conclusive answer:

PART 1 : SETUP

A NodeJS server (running on http://localhost:8080) can connect with an AEM instance/server (running on http://localhost:4502).  This would be the jQuery code block to execute this:

1508842_pastedImage_2.png

This is the response:

1508843_pastedImage_7.png

PART 2 : SECURITY

As we can see in PART 1, this exposes the user credentials which can be a major security concern.  For this I've worked with AEM's user-management interface, with which we can create a user that has READ ONLY ACCESS to the applications content folder as shown in the screenshot below.  Now we can work with these credentials to fetch data on a remote server without any security concerns.

1508845_pastedImage_9.png

Good Luck...

View solution in original post

Views

4.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
10 Replies

Avatar

Level 10
Level 10
6/12/18 6:29:48 AM

You are trying to invoke the Default Sling GET SERVLET and running into the login page. Is that correct?

Views

3.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
6/12/18 9:38:15 AM

Hi,

so you have a Sling (AEM?) Instance running on port 8080 and a different AEM instance running on port 4502, and you are trying to use the Default GET Servlet on the sling instance to access data on the AEM instance?

This does not work. Default GET servlet is always local to an instance and you cannot cross the boundaries of the sling repository with it.

Jörg

Views

3.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
6/12/18 6:46:45 PM

Hi Jörg Hoh​, smacdonald2008​,

Thank you for your response.


The http://localhost:8080 referred to in the question above is a NodeJS http server which is serving an html page with jQuery included.

http://localhost:4502 is the AEM server.

I'm trying to access jcr content from 8080 by making a GET call to http://localhost:4502.  Also, Access-Control-Allow-Origin response header is set to  wildcard ('*') to avoid CORS issue.  However, i'm unable to get the response.  The only response i'm getting is a re-direct link to AEM login page (http://localhost:4502/.../login.html).  Is there any way i can get data response on http://localhost:8080 by making a GET call to http://localhost:4502?

Regards,

Akash

Views

4.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
6/13/18 6:14:47 AM

If your instance at localhost:4502 is an authoring instance, you are required to authenticate (the 401 is a very strong indication in that direction). In the simplest usecase you can use basic auth for it.

Jörg

Views

3.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
6/13/18 11:15:17 PM

Hi Jörg Hoh​,

Can you please show an example of the REST call with jQuery?  Where would we include the username and password?


Thanks & Regards,

Akash

Views

4.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
6/14/18 12:56:25 AM

Hi Akash,

If the server performs HTTP authentication before providing a response, the user name and password pair can be sent via the username and password options in beforeSend callback  it receives the xhr object and the settings object as parameters.

beforeSend: function (xhr) {
  xhr.setRequestHeader ("Authorization", "Basic " + btoa(username + ":" + password));
},

more info

hope this helps.

Thanks

Arun



Arun Patidar

Views

3.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 4
Level 4
6/14/18 6:47:23 PM

Hello,

Thank you Jörg Hoh​, arunp99088702 and smacdonald2008


Since the answer to this question is a combination of responses to this post, am writing the conclusive answer:

PART 1 : SETUP

A NodeJS server (running on http://localhost:8080) can connect with an AEM instance/server (running on http://localhost:4502).  This would be the jQuery code block to execute this:

1508842_pastedImage_2.png

This is the response:

1508843_pastedImage_7.png

PART 2 : SECURITY

As we can see in PART 1, this exposes the user credentials which can be a major security concern.  For this I've worked with AEM's user-management interface, with which we can create a user that has READ ONLY ACCESS to the applications content folder as shown in the screenshot below.  Now we can work with these credentials to fetch data on a remote server without any security concerns.

1508845_pastedImage_9.png

Good Luck...

Views

4.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 10
Level 10
6/14/18 7:33:18 PM

Nice reply - this is what community is all about!

Views

3.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
6/17/18 5:40:38 AM

Another way to handle security is to move this call to the server-side(in this case NodeJS server) and expose a REST API from the server.  This way the credentials will not be exposed on the client-side.

Good Luck...

Views

4.2K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
9/10/18 8:59:43 PM

...Following up on the above answer.  There is one more important part.  We need to include the other server as Allowed Origins:

PART 3:

1569239_pastedImage_0.png

Clicking on it will open the window where we need to add our local server

1569240_pastedImage_1.png

Good Luck...

Views

4.3K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
I want to disable the delete copy move and all the other options for the child components Solved

Views

137

Likes

0

Replies

5
I am getting errors while building the code taken from wknd git clone

Views

48

Likes

0

Replies

1
How to propagate template code changes to sites using that template

Views

69

Likes

0

Replies

3
how to implement nonce for Content-Security-Policy script-src directive in dispatcher

Views

80

Likes

0

Replies

1
Sharing common data to multiple features in Tab component

Views

201

Likes

0

Replies

12