Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Externalizing and Mapping- resourceresolver and permissions

Avatar

Level 10

Does Externalizer.externalize and resourceresolver.map(), just need read access at the path to be externalized , that can then resolve a path via .map or externalize an asset path or currentpage path?

I am trying to externalize an asset path stored at jcrcontent/image and current page path within sling models and wcmuse pojo, getting resolver using the @slingObject resource resolver within sling models and getResourceresolver() within wcmusepojo. 
Assuming nothing special in terms of permission needs to be done here since the resolver is obtained at the wcmusepojo or sling model that can then be used?

author- would be behind access

pub- i believe anonymous user's access is what pulls up the resource resolver for sling models or wcmuse pojos? We do not have login for publish access.


It currently works fine but wanted to hash it out.

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

@NitroHazeDev Your understanding is correct over here, where in Externalizer just needs read access over Content, which is achievable on author with required permissions. 

On Publisher, anonymous user has Read Access on Content, so we are good over here too.

 

 

As long as you are using @slingObject, which is fetching resource Resolver from SlingHttpServletRequest and not performing any JCR Operations, anonymous access should suffice this usecase on publisher as well

View solution in original post

2 Replies

Avatar

Correct answer by
Employee Advisor

@NitroHazeDev Your understanding is correct over here, where in Externalizer just needs read access over Content, which is achievable on author with required permissions. 

On Publisher, anonymous user has Read Access on Content, so we are good over here too.

 

 

As long as you are using @slingObject, which is fetching resource Resolver from SlingHttpServletRequest and not performing any JCR Operations, anonymous access should suffice this usecase on publisher as well

Avatar

Level 10

Thanks @krati_garg , I am fetching it via resource adaptable but @@slingobject and getting externalizer using adaptTo from resolver. This is for the sling model 

for the wcmusepojo, this is done using the getResourceResolver and just like the sling model using adaptTo I get the externalizer service . I don’t use the sling http request object. 

also, I do the mapping to get a shortened url 

externalizer.authorLink(resolver.map(currentPage.getPath())+”.html”

does that seem ok ? 

does .map also look for read access ? I believe yes but looking for consensus 
update- yes, there are no jcr operations like valuemap or anything done for the asset path stored at the image node, just externalizing of asset path is done.


Quick test- on pub - I took away read permissions from anonymous for the asset it tries to externalize and it worked .

I tried this on author for fun by removing all rights for the asset path (that is stored at the jcr:content/image ) for an admin user and it still worked. - strange. I believe something with permissions might be involved in externalizer service