how to deploy custom scope in AEM
by default AEM 6.5 provides profile , offline and replicate scopes
Views
Replies
Total Likes
Hi @sriram_1 ,
May I know what do you mean by custom scope? - is it OAuth Scopes? If yes please refer to this: https://experienceleague.adobe.com/docs/experience-manager-learn/foundation/authentication/oauth-cod...
Appreciate If you elaborate more of your question for better understanding, if I misunderstood.
Regards,
Santosh
Hi Santosh thanks for the quick response,
we are working in a project where we need to fetch/crawl data from AEM.
as part of project we want to implement server to server authentication mechanism could you provide me some inputs on how to achieve this.
I am referring into this doc for authentication:
Thanks
Sriram
I believe OAuth 2.0 Authentication mechanism provide such functionality, for more details please refer:
Hi @SantoshSai
yes it is Oauth scope.
below is the code for custom scope as mentioned in the above link provided by you
package com.adobe.acs.samples.authentication.oauth.impl; import com.adobe.granite.oauth.server.Scope; import com.adobe.granite.oauth.server.ScopeWithPrivileges; import org.apache.jackrabbit.api.security.user.User; import org.osgi.service.component.annotations.Component; import javax.servlet.http.HttpServletRequest; /** * OAuth Scope support was introduced in AEM 6.3 */ @Component( service = Scope.class ) // This class must implement ScopeWithPrivileges, but it must register as an OSGi Service against Scope.class public class SampleScopeWithPrivileges implements ScopeWithPrivileges { public static final String WRITE_DAM_SCOPE_NAME = "vendor-x__write-dam"; public static final String BASE_PATH = "/content/dam"; /** * Informational purposes only **/ public String getDescription(HttpServletRequest request) { return "Write access to AEM Assets"; } /** * return the unique Scope name. This value must be unique across all scope implementations. **/ public String getName() { // If there is overlay in Scope's w the same `getName()` value, one of the named scopes will be selected at random for use (based on Service registration order). // If a scope is being provided as a 3rd party package, it is good to ensure the scope name has some low-likelihood collision name: // * For example: "vendor-x__dam_write" return WRITE_DAM_SCOPE_NAME; } /** * @param user The authenticated "AEM user" being asked to authorise the scope. * return the JCR path these privileges provided by `getPrivileges()`. **/ public String getResourcePath(User user) { // While the User is provided; it is atypical to derive the path based on the user. // Assuming a low number of path/privilege permutation is its usually better create multiple scopes for each user-type/path combination. // A use case for having the user drive the result of getResourcePath, is for a scope that provides access to the authorizing user's rep:User/profile node. return BASE_PATH; } /** * If the scope is associated with one specific endpoint return the URI to the endpoint. Otherwise return null. **/ public String getEndpoint() { // Return null return null; } /** * - JCR Privileges: http://jackrabbit.apache.org/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConstants.html * - JCR Privilege Mapping: https://jackrabbit.apache.org/oak/docs/security/privilege/mappingtoitems.html * - AEM Privileges: cq:storeUGC, crx:replicate * - Custom privileges also supported (though these are rare) **/ private static final String[] privileges = { "crx:replicate", "jcr:lockManagement", "jcr:versionManagement", "rep:write" }; /** * return the privileges to be applied to the path returned by `getResource(...)`. Note these will supersede any JCR-based ACLs. **/ public String[] getPrivileges() { return privileges; } }
could you please elaborate me on : // This class must implement ScopeWithPrivileges, but it must register as an OSGi Service against Scope.class
Thank you
Yes ScopeWithPrivileges is interface and which extends Scope interface for scopes that define required privileges on their content paths.
API Documentation: https://developer.adobe.com/experience-manager/reference-materials/6-5/javadoc/com/adobe/granite/oau...
yes, but how to egister as an OSGi Service against Scope.class and how to implement the same
Thanks,
Sriram
Please check that complete implementation here
Part 1: https://labs.tadigital.com/index.php/2017/08/18/aem-as-oauth-server-part-1-setting-up-scopes/
Part 2: https://labs.tadigital.com/index.php/2017/09/06/aem-as-oauth-server-part-2-testing-oauth/
Hi @SantoshSai,
the links you provided:
Part 1: https://labs.tadigital.com/index.php/2017/08/18/aem-as-oauth-server-part-1-setting-up-scopes/
Part 2: https://labs.tadigital.com/index.php/2017/09/06/aem-as-oauth-server-part-2-testing-oauth/
seem don't work anymore. Is there any other way to check the complete implementation?
Thanks,
Nicola
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies