Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Dispatcher filter to allow only mapped post content

Keerthi97
Level 2
Level 2

Hi All,

I would to like to deny all the post methods by adding below filter 

/0001 {type "deny" /method "POST" }

Then , I have 100+websites running in my AEM application,so how to allow the all configured mapped content paths(present in my application) by adding filter conditions.

Could you please suggest on this and let me know your thoughts .

 

Thanks  in Advance.

1 Accepted Solution
davidjgonzalezzzz
Correct answer by
Level 6
Level 6

@Keerthi97 there is no magic bullet for this, since there are any number of ways the HTTP POST endpoints maybe have been defined in AEM.

 

In the best case, all your HTTP POST endpoints are bound with well-known Sling selectors -- so like, HTTP POST /content/site-1/page.my-custom-submisssion.json, where `my-custom-submission` is the identifying selector.

 

If you have a set of well-known selectors, you can allow POST whose URLs contain that Selector or Path pattern .. some examples are here  [1]

 

If you have a mix of POST endpoints (resource-type based servlets, path-based servlets, script-based servlets, or even OOTB) then you'll have to go through them and figure out the best set of filters are for what your 100+ sites are using. Hopefully, you'll be able to identify some patterns that let you define allow a single rule per logical endpoint. Definitely think about using the /path configuration that allows patterns (regex) or matching on selectors if you can.

 

[1] https://github.com/adobe/aem-project-archetype/blob/master/src/main/archetype/dispatcher.cloud/src/c...

View solution in original post

1 Reply
davidjgonzalezzzz
Correct answer by
Level 6
Level 6

@Keerthi97 there is no magic bullet for this, since there are any number of ways the HTTP POST endpoints maybe have been defined in AEM.

 

In the best case, all your HTTP POST endpoints are bound with well-known Sling selectors -- so like, HTTP POST /content/site-1/page.my-custom-submisssion.json, where `my-custom-submission` is the identifying selector.

 

If you have a set of well-known selectors, you can allow POST whose URLs contain that Selector or Path pattern .. some examples are here  [1]

 

If you have a mix of POST endpoints (resource-type based servlets, path-based servlets, script-based servlets, or even OOTB) then you'll have to go through them and figure out the best set of filters are for what your 100+ sites are using. Hopefully, you'll be able to identify some patterns that let you define allow a single rule per logical endpoint. Definitely think about using the /path configuration that allows patterns (regex) or matching on selectors if you can.

 

[1] https://github.com/adobe/aem-project-archetype/blob/master/src/main/archetype/dispatcher.cloud/src/c...

View solution in original post