Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Default Get Servlet of sling redirecting to login page

Avatar

Level 4

Hello,

I am trying to access the Default GET Servlet of Sling from http://localhost:8080/ and the response is the login.html page.  The AEM instance is running on http://localhost:4502 Please suggest what i need to do to be able to access jcr content with Default GET Servlet of Sling.

Jörg Hoh​, smacdonald2008​, please look into this if possible.

1506813_pastedImage_0.png

Thank you in advance.

1 Accepted Solution

Avatar

Correct answer by
Level 4

Hello,

Thank you Jörg Hoh​, arunp99088702 and smacdonald2008


Since the answer to this question is a combination of responses to this post, am writing the conclusive answer:

PART 1 : SETUP

A NodeJS server (running on http://localhost:8080) can connect with an AEM instance/server (running on http://localhost:4502).  This would be the jQuery code block to execute this:

1508842_pastedImage_2.png

This is the response:

1508843_pastedImage_7.png

PART 2 : SECURITY

As we can see in PART 1, this exposes the user credentials which can be a major security concern.  For this I've worked with AEM's user-management interface, with which we can create a user that has READ ONLY ACCESS to the applications content folder as shown in the screenshot below.  Now we can work with these credentials to fetch data on a remote server without any security concerns.

1508845_pastedImage_9.png

Good Luck...

View solution in original post

10 Replies

Avatar

Level 10

You are trying to invoke the Default Sling GET SERVLET and running into the login page. Is that correct?

Avatar

Employee Advisor

Hi,

so you have a Sling (AEM?) Instance running on port 8080 and a different AEM instance running on port 4502, and you are trying to use the Default GET Servlet on the sling instance to access data on the AEM instance?

This does not work. Default GET servlet is always local to an instance and you cannot cross the boundaries of the sling repository with it.

Jörg

Avatar

Level 4

Hi Jörg Hoh​, smacdonald2008​,

Thank you for your response.


The http://localhost:8080 referred to in the question above is a NodeJS http server which is serving an html page with jQuery included.

http://localhost:4502 is the AEM server.

I'm trying to access jcr content from 8080 by making a GET call to http://localhost:4502.  Also, Access-Control-Allow-Origin response header is set to  wildcard ('*') to avoid CORS issue.  However, i'm unable to get the response.  The only response i'm getting is a re-direct link to AEM login page (http://localhost:4502/.../login.html).  Is there any way i can get data response on http://localhost:8080 by making a GET call to http://localhost:4502?

Regards,

Akash

Avatar

Employee Advisor

If your instance at localhost:4502 is an authoring instance, you are required to authenticate (the 401 is a very strong indication in that direction). In the simplest usecase you can use basic auth for it.

Jörg

Avatar

Level 4

Hi Jörg Hoh​,

Can you please show an example of the REST call with jQuery?  Where would we include the username and password?


Thanks & Regards,

Akash

Avatar

Community Advisor

Hi Akash,

If the server performs HTTP authentication before providing a response, the user name and password pair can be sent via the username and password options in beforeSend callback  it receives the xhr object and the settings object as parameters.

beforeSend: function (xhr) {
  xhr
.setRequestHeader ("Authorization", "Basic " + btoa(username + ":" + password));
},

more info

hope this helps.

Thanks

Arun



Arun Patidar

Avatar

Correct answer by
Level 4

Hello,

Thank you Jörg Hoh​, arunp99088702 and smacdonald2008


Since the answer to this question is a combination of responses to this post, am writing the conclusive answer:

PART 1 : SETUP

A NodeJS server (running on http://localhost:8080) can connect with an AEM instance/server (running on http://localhost:4502).  This would be the jQuery code block to execute this:

1508842_pastedImage_2.png

This is the response:

1508843_pastedImage_7.png

PART 2 : SECURITY

As we can see in PART 1, this exposes the user credentials which can be a major security concern.  For this I've worked with AEM's user-management interface, with which we can create a user that has READ ONLY ACCESS to the applications content folder as shown in the screenshot below.  Now we can work with these credentials to fetch data on a remote server without any security concerns.

1508845_pastedImage_9.png

Good Luck...

Avatar

Level 10

Nice reply - this is what community is all about!

Avatar

Level 4

Another way to handle security is to move this call to the server-side(in this case NodeJS server) and expose a REST API from the server.  This way the credentials will not be exposed on the client-side.

Good Luck...

Avatar

Level 4

...Following up on the above answer.  There is one more important part.  We need to include the other server as Allowed Origins:

PART 3:

1569239_pastedImage_0.png

Clicking on it will open the window where we need to add our local server

1569240_pastedImage_1.png

Good Luck...