Adobe Experience Manager Sites & More

Johann_Lu · 11/3/24

I tried to add +/crx/explorer/ui/search.jsp in Apache Sling Authentication Service, but it didn't work. How can I restrict anonymous access /crx/explorer/ui/search.jsp?

Jörg_Hoh · 11/6/24

You cannot with ootb tools. As the CRX Explorer (CRX DE as well!) operates in its own HTTP context, Sling authentication cannot be applied to limit access to specific paths or features of it. When you are authenticated to the repository, you can use all the tools of the CRX Explorer according to the permissions of the underlying repository.

View solution in original post

PRATHYUSHA_VP · 11/3/24

Hi @Johann_Lu

Please find the relevant topic below -

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-publish-block-access-t...

Johann_Lu · 11/3/24

I just want to limit anonymous to access /crx/explorer/ui/search.jsp, I don't want to stop WebDAV.

PRATHYUSHA_VP · 11/3/24

That you can restrict through user groups, I don't think there's a default config to disable only specific URL.

Check this blog post by @arunpatidar

https://aemlab.blogspot.com/2020/04/aem-crxde-restriction.html

Hope this helps

Thanks

Johann_Lu · 11/4/24

Is it a bug? Why can anonymous access /crx/explorer/ui/search.jsp？

GabrielMircea · 11/4/24

You have two options here:

1. Update the Apache Sling Authentication Service

Go to http://localhost:4502/system/console/configMgr

Search for org.apache.sling.auth.core.impl.SlingAuthenticator.

This setting tells the Sling authenticator to require authentication for the specified path.

In the configuration, you need to add the following property if it doesn't already exist:

sling.auth.requirements = /crx/explorer/ui/search.jsp

2. Restrict Access through ACLs

Use CRXDE Lite (http://localhost:4502/crx/de) to set the permissions.to /home/users or wherever you manage your users/groups. You should ensure that the anonymous user does not have read access to /crx/explorer

Johann_Lu · 11/4/24

Option 1 is not available, I have already tried it.

GabrielMircea · 11/5/24

Apologies, the correct URL for configurations is http://localhost:4502/system/console/configMgr

Johann_Lu · 11/5/24

I mean this method I have tried it before, it did not work.

Jörg_Hoh · 11/6/24

You cannot with ootb tools. As the CRX Explorer (CRX DE as well!) operates in its own HTTP context, Sling authentication cannot be applied to limit access to specific paths or features of it. When you are authenticated to the repository, you can use all the tools of the CRX Explorer according to the permissions of the underlying repository.