Expand my Community achievements bar.

SOLVED

How to restrict anonymous access /crx/explorer/ui/search.jsp

Avatar

Level 4

I tried to add +/crx/explorer/ui/search.jsp in Apache Sling Authentication Service, but it didn't work. How can I restrict anonymous access /crx/explorer/ui/search.jsp?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

You cannot with ootb tools. As the CRX Explorer (CRX DE as well!) operates in its own HTTP context, Sling authentication cannot be applied to limit access to specific paths or features of it. When you are authenticated to the repository, you can use all the tools of the CRX Explorer according to the permissions of the underlying repository.

View solution in original post

9 Replies

Avatar

Level 4

I just want to limit anonymous to access /crx/explorer/ui/search.jsp,  I don't want to stop WebDAV.

Avatar

Level 5

That you can restrict through user groups, I don't think there's a default config to disable only specific URL.

 

Check this blog post by @arunpatidar 

https://aemlab.blogspot.com/2020/04/aem-crxde-restriction.html

 

 

Hope this helps 

 

Thanks

Avatar

Level 4

Is it a bug? Why can anonymous access /crx/explorer/ui/search.jsp?

Avatar

Level 3

You have two options here:

1. Update the Apache Sling Authentication Service

Go to http://localhost:4502/system/console/configMgr

 

Search for org.apache.sling.auth.core.impl.SlingAuthenticator.

 

This setting tells the Sling authenticator to require authentication for the specified path.

In the configuration, you need to add the following property if it doesn't already exist:

sling.auth.requirements = /crx/explorer/ui/search.jsp

2. Restrict Access through ACLs

Use CRXDE Lite (http://localhost:4502/crx/de) to set the permissions.to /home/users or wherever you manage your users/groups. You should ensure that the anonymous user does not have read access to /crx/explorer

Avatar

Level 4

Option 1 is not available, I have already tried it.

Avatar

Level 4

I mean this method I have tried it before, it did not work.

Avatar

Correct answer by
Employee Advisor

You cannot with ootb tools. As the CRX Explorer (CRX DE as well!) operates in its own HTTP context, Sling authentication cannot be applied to limit access to specific paths or features of it. When you are authenticated to the repository, you can use all the tools of the CRX Explorer according to the permissions of the underlying repository.