Hello,
I am trying to access the Default GET Servlet of Sling from http://localhost:8080/ and the response is the login.html page. The AEM instance is running on http://localhost:4502 Please suggest what i need to do to be able to access jcr content with Default GET Servlet of Sling.
Jörg Hoh, smacdonald2008, please look into this if possible.
Thank you in advance.
Solved! Go to Solution.
Hello,
Thank you Jörg Hoh, arunp99088702 and smacdonald2008
Since the answer to this question is a combination of responses to this post, am writing the conclusive answer:
PART 1 : SETUP
A NodeJS server (running on http://localhost:8080) can connect with an AEM instance/server (running on http://localhost:4502). This would be the jQuery code block to execute this:
This is the response:
PART 2 : SECURITY
As we can see in PART 1, this exposes the user credentials which can be a major security concern. For this I've worked with AEM's user-management interface, with which we can create a user that has READ ONLY ACCESS to the applications content folder as shown in the screenshot below. Now we can work with these credentials to fetch data on a remote server without any security concerns.
Good Luck...
Views
Replies
Total Likes
You are trying to invoke the Default Sling GET SERVLET and running into the login page. Is that correct?
Views
Replies
Total Likes
Hi,
so you have a Sling (AEM?) Instance running on port 8080 and a different AEM instance running on port 4502, and you are trying to use the Default GET Servlet on the sling instance to access data on the AEM instance?
This does not work. Default GET servlet is always local to an instance and you cannot cross the boundaries of the sling repository with it.
Jörg
Hi Jörg Hoh, smacdonald2008,
Thank you for your response.
The http://localhost:8080 referred to in the question above is a NodeJS http server which is serving an html page with jQuery included.
http://localhost:4502 is the AEM server.
I'm trying to access jcr content from 8080 by making a GET call to http://localhost:4502. Also, Access-Control-Allow-Origin response header is set to wildcard ('*') to avoid CORS issue. However, i'm unable to get the response. The only response i'm getting is a re-direct link to AEM login page (http://localhost:4502/.../login.html). Is there any way i can get data response on http://localhost:8080 by making a GET call to http://localhost:4502?
Regards,
Akash
Views
Replies
Total Likes
If your instance at localhost:4502 is an authoring instance, you are required to authenticate (the 401 is a very strong indication in that direction). In the simplest usecase you can use basic auth for it.
Jörg
Hi Jörg Hoh,
Can you please show an example of the REST call with jQuery? Where would we include the username and password?
Thanks & Regards,
Akash
Views
Replies
Total Likes
Hi Akash,
If the server performs HTTP authentication before providing a response, the user name and password pair can be sent via the username
and password
options in beforeSend
callback it receives the xhr
object and the settings
object as parameters.
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic " + btoa(username + ":" + password));
},
hope this helps.
Thanks
Arun
Hello,
Thank you Jörg Hoh, arunp99088702 and smacdonald2008
Since the answer to this question is a combination of responses to this post, am writing the conclusive answer:
PART 1 : SETUP
A NodeJS server (running on http://localhost:8080) can connect with an AEM instance/server (running on http://localhost:4502). This would be the jQuery code block to execute this:
This is the response:
PART 2 : SECURITY
As we can see in PART 1, this exposes the user credentials which can be a major security concern. For this I've worked with AEM's user-management interface, with which we can create a user that has READ ONLY ACCESS to the applications content folder as shown in the screenshot below. Now we can work with these credentials to fetch data on a remote server without any security concerns.
Good Luck...
Views
Replies
Total Likes
Nice reply - this is what community is all about!
Another way to handle security is to move this call to the server-side(in this case NodeJS server) and expose a REST API from the server. This way the credentials will not be exposed on the client-side.
Good Luck...
Views
Replies
Total Likes
...Following up on the above answer. There is one more important part. We need to include the other server as Allowed Origins:
PART 3:
Clicking on it will open the window where we need to add our local server
Good Luck...
Views
Replies
Total Likes