How to Disable crx/de in author and publish instances for content-authors.

Avatar

adithyaa6344757

22-05-2019

Hello All,

Can someone help me how to disable the crx/de to content authors in AEM author and publish instances. I am able to disable from welcome screen (How to limit access to CRX and CRXDE Light )but when author comes and types localhost:4502/crx/de/index.jsp he is able to see the nodes inside it.

I went through helpx docs and i didn't find anything related to it.

Thanks,
Adithya.

Accepted Solutions (1)

Accepted Solutions (1)

Avatar

Arun_Patidar

MVP

22-05-2019

You can try to implement a filter and if url contains /crx/, based on the user you can redirect users to the same page or AEM home page.

example

aem63app-repo/CustomScreenFilter.java at master · arunpatidar02/aem63app-repo · GitHub

Answers (5)

Answers (5)

Avatar

jbrar

Employee

22-05-2019

Crxde access cannot be managed by ACL's as it is installed as a bundle and its not a node in repository where you can go and add deny/allow access.

You have two options:

- Completely disable the crxde for all users by stopping the crxde bundle(Check [1])

- Keep it enabled and users will be able to see nodes based on their access. Example, If a user does not have read access on /apps, that user will not see the "/apps" directory in crxde.

[1] https://www.aemquickstart.in/2015/11/how-to-disable-crxde-and-crxde-lite.html

Avatar

Albin_Issac

MVP

22-05-2019

My perspective the direct author IP or host name should not be exposed to content authors

Create a custom domain for authors e.g author-uat.test.com and enable the same in dispatcher with required rules to block the URL's.

Even it will be better to configure the URL with some SSO solutions so that user wont login directly with AEM users.

Regards

Albin I

Avatar

adithyaa6344757

22-05-2019

JaideepBrar​ Thanks for the answer.

I would love to choose option one where I can stop the bundle. But for debugging or checking when there is an issue at least I need "Admin" user have access to crx/de which will be very useful and needed.

Avatar

adithyaa6344757

22-05-2019

albinissac​ Thanks for the solution. But I am looking here if there is anyway to achieve this without custom domain. Just disable the crx/de or even if they login they should just see empty(I.e no nodes).

Thanks,
Adithya.