Hello All,
Can someone help me how to disable the crx/de to content authors in AEM author and publish instances. I am able to disable from welcome screen (How to limit access to CRX and CRXDE Light )but when author comes and types localhost:4502/crx/de/index.jsp he is able to see the nodes inside it.
I went through helpx docs and i didn't find anything related to it.
Thanks,
Adithya.
Solved! Go to Solution.
You can try to implement a filter and if url contains /crx/, based on the user you can redirect users to the same page or AEM home page.
example
aem63app-repo/CustomScreenFilter.java at master · arunpatidar02/aem63app-repo · GitHub
My perspective the direct author IP or host name should not be exposed to content authors
Create a custom domain for authors e.g author-uat.test.com and enable the same in dispatcher with required rules to block the URL's.
Even it will be better to configure the URL with some SSO solutions so that user wont login directly with AEM users.
Regards
Albin I
albinissac Thanks for the solution. But I am looking here if there is anyway to achieve this without custom domain. Just disable the crx/de or even if they login they should just see empty(I.e no nodes).
Thanks,
Adithya.
Crxde access cannot be managed by ACL's as it is installed as a bundle and its not a node in repository where you can go and add deny/allow access.
You have two options:
- Completely disable the crxde for all users by stopping the crxde bundle(Check [1])
- Keep it enabled and users will be able to see nodes based on their access. Example, If a user does not have read access on /apps, that user will not see the "/apps" directory in crxde.
[1] https://www.aemquickstart.in/2015/11/how-to-disable-crxde-and-crxde-lite.html
JaideepBrar Thanks for the answer.
I would love to choose option one where I can stop the bundle. But for debugging or checking when there is an issue at least I need "Admin" user have access to crx/de which will be very useful and needed.
You can try to implement a filter and if url contains /crx/, based on the user you can redirect users to the same page or AEM home page.
example
aem63app-repo/CustomScreenFilter.java at master · arunpatidar02/aem63app-repo · GitHub
@Shaheena_Sk May be you can have a separate group for content author in usersdmin console and restrict the access to /crx/ path for that group.
arunpatidar26 Thanks! this will help me.