Solved! Go to Solution.
Views
Replies
Total Likes
Hi @akshaybhujbale Sling Engine will take care of permissions if you register servlet using Resource Type.
Users who cannot access a particular resource will not be able to invoke the servlet.
Path-bound servlets cannot be access controlled using the default JCR repository ACLs.
Reference - https://sling.apache.org/documentation/the-sling-engine/servlets.html#example-registration-by-resour...
@Component(service = Servlet.class)
@SlingServletResourceTypes(
resourceTypes = "services/testServlet",
methods = { HttpConstants.METHOD_GET }
)
@ServiceDescription("Test Servlet")
public class TestServlet extends SlingAllMethodsServlet {
@Override
protected void doGet(final SlingHttpServletRequest request, final
SlingHttpServletResponse response)
throws ServletException, IOException {
// business-logic over here
}
}
Hope this helps!
Thanks
I think /bin/querybuilder.json makes a request to servlet which is registered with a path /bin/querybuilder and an extenstion json. Servlets registered with path can not be access controlled so I think we can not provide its access to any user.
Hi @akshaybhujbale Sling Engine will take care of permissions if you register servlet using Resource Type.
Users who cannot access a particular resource will not be able to invoke the servlet.
Path-bound servlets cannot be access controlled using the default JCR repository ACLs.
Reference - https://sling.apache.org/documentation/the-sling-engine/servlets.html#example-registration-by-resour...
@Component(service = Servlet.class)
@SlingServletResourceTypes(
resourceTypes = "services/testServlet",
methods = { HttpConstants.METHOD_GET }
)
@ServiceDescription("Test Servlet")
public class TestServlet extends SlingAllMethodsServlet {
@Override
protected void doGet(final SlingHttpServletRequest request, final
SlingHttpServletResponse response)
throws ServletException, IOException {
// business-logic over here
}
}
Hope this helps!
Thanks
Views
Likes
Replies
Views
Likes
Replies