Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

SOLVED

How to enable access to "/bin/querybuilder.json" to any user ?

Avatar

Level 8
Level 8
4/19/23 7:52:23 AM
 

Views

850

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
4/19/23 12:05:40 PM

Hi @akshaybhujbale Sling Engine will take care of permissions if you register servlet using Resource Type.

Users who cannot access a particular resource will not be able to invoke the servlet.

Path-bound servlets cannot be access controlled using the default JCR repository ACLs.

Reference - https://sling.apache.org/documentation/the-sling-engine/servlets.html#example-registration-by-resour...

 

@Component(service = Servlet.class)
@SlingServletResourceTypes(
        resourceTypes = "services/testServlet",
        methods = { HttpConstants.METHOD_GET }
)
@ServiceDescription("Test Servlet")
public class TestServlet extends SlingAllMethodsServlet {
     @Override
    protected void doGet(final SlingHttpServletRequest request, final 
SlingHttpServletResponse response)
            throws ServletException, IOException {
      // business-logic over here
}
}

Hope this helps!

Thanks

View solution in original post

Views

826

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Community Advisor
Community Advisor
4/19/23 9:54:57 AM

@akshaybhujbale

I think /bin/querybuilder.json makes a request to servlet which is registered with a path /bin/querybuilder and an extenstion json. Servlets registered with path can not be access controlled so I think we can not provide its access to any user.

Views

841

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
4/19/23 12:05:40 PM

Hi @akshaybhujbale Sling Engine will take care of permissions if you register servlet using Resource Type.

Users who cannot access a particular resource will not be able to invoke the servlet.

Path-bound servlets cannot be access controlled using the default JCR repository ACLs.

Reference - https://sling.apache.org/documentation/the-sling-engine/servlets.html#example-registration-by-resour...

 

@Component(service = Servlet.class)
@SlingServletResourceTypes(
        resourceTypes = "services/testServlet",
        methods = { HttpConstants.METHOD_GET }
)
@ServiceDescription("Test Servlet")
public class TestServlet extends SlingAllMethodsServlet {
     @Override
    protected void doGet(final SlingHttpServletRequest request, final 
SlingHttpServletResponse response)
            throws ServletException, IOException {
      // business-logic over here
}
}

Hope this helps!

Thanks

Views

827

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
How to mock/unit test a Sling filter that does a redirect? (and other questions) Solved

Views

106

Likes

0

Replies

2
AIO Plugin unable to push code to RDE environment or use any commands Solved

Views

527

Likes

0

Replies

2
Facing org.apache.pdfbox.pdmodel.encryption.InvalidPasswordException while converting PDF to JSON using Tika in AEM Solved

Views

1.1K

Likes

0

Replies

4
How to Expose a Custom Resolver Field in Content Fragments for AEM GraphQL queries Without Editing the Fragment Model

Views

694

Likes

0

Replies

3
Failure: Enable Integrated Security in the JDBC Connection

Views

336

Likes

0

Replies

1