Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED
How to scan assets while uploading to find if an asset contains personal data
1 Accepted Solution
Correct answer by
@vpasam You can write a simple workflow step to remove any PII data during the publishing process. So that asset delivered or consumed wont have the PII data.
Below is a sample code , you can add other properties too if you know.
/**
* The method called by the AEM Workflow Engine to perform Workflow work.
*
* @param workItem the work item representing the resource moving through the Workflow
* @param workflowSession the workflow session
* @param args arguments for this Workflow Process defined on the Workflow Model (PROCESS_ARGS, argSingle, argMulti)
* @throws WorkflowException when the Workflow Process step cannot complete. This will cause the WF to retry.
*/
@Override
public void execute(WorkItem workItem, WorkflowSession workflowSession, MetaDataMap args) throws WorkflowException {
/* Get the Workflow Payload */
// Get the Workflow data (the data that is being passed through for this work item)
final WorkflowData workflowData = workItem.getWorkflowData();
final String type = workflowData.getPayloadType();
final ResourceResolver resourceResolver = workflowSession.adaptTo(ResourceResolver.class);
// Check if the payload is a path in the JCR; The other (less common) type is JCR_UUID
if (!StringUtils.equals(type, TYPE_JCR_PATH)) {
return;
}
// Get the path to the metadata node on the JCR resource from the payload
final String path = getAssetPathFromPayload(workflowData);
log.debug("MetadataCleanup Payloadpath:: {} ", path);
Resource assetResource = resourceResolver.getResource(path);
final Resource assetMetadataRes = assetResource.getChild("jcr:content/metadata");
final ModifiableValueMap modifiableValueMap = assetMetadataRes.adaptTo(ModifiableValueMap.class);
Map<String, Object> properties = new HashMap<>();
properties.put("dc:creator", new String[] { "" });
properties.put("xmp:CreatorTool", "");
properties.put("dam:Author", "");
properties.put("dam:Producer", "");
properties.put("pdf:Producer", "");
properties.put("dc:rights", "");
properties.put("dc:Rights", "");
properties.put("photoshop:Credit", "");
final Set<Entry<String, Object>> propertyEntries = properties.entrySet();
for (final Entry<String, Object> propertyEntry : propertyEntries) {
if (modifiableValueMap.containsKey(propertyEntry.getKey())) {
modifiableValueMap.remove(propertyEntry.getKey());
}
modifiableValueMap.put(propertyEntry.getKey(), propertyEntry.getValue());
log.debug("Updating property '{}' with value '{}' for resource at path '{}'.",
propertyEntry.getKey(), propertyEntry.getValue(), assetMetadataRes.getPath());
}
commit(resourceResolver);
}
Correct answer by
@vpasam You can write a simple workflow step to remove any PII data during the publishing process. So that asset delivered or consumed wont have the PII data.
Below is a sample code , you can add other properties too if you know.
/**
* The method called by the AEM Workflow Engine to perform Workflow work.
*
* @param workItem the work item representing the resource moving through the Workflow
* @param workflowSession the workflow session
* @param args arguments for this Workflow Process defined on the Workflow Model (PROCESS_ARGS, argSingle, argMulti)
* @throws WorkflowException when the Workflow Process step cannot complete. This will cause the WF to retry.
*/
@Override
public void execute(WorkItem workItem, WorkflowSession workflowSession, MetaDataMap args) throws WorkflowException {
/* Get the Workflow Payload */
// Get the Workflow data (the data that is being passed through for this work item)
final WorkflowData workflowData = workItem.getWorkflowData();
final String type = workflowData.getPayloadType();
final ResourceResolver resourceResolver = workflowSession.adaptTo(ResourceResolver.class);
// Check if the payload is a path in the JCR; The other (less common) type is JCR_UUID
if (!StringUtils.equals(type, TYPE_JCR_PATH)) {
return;
}
// Get the path to the metadata node on the JCR resource from the payload
final String path = getAssetPathFromPayload(workflowData);
log.debug("MetadataCleanup Payloadpath:: {} ", path);
Resource assetResource = resourceResolver.getResource(path);
final Resource assetMetadataRes = assetResource.getChild("jcr:content/metadata");
final ModifiableValueMap modifiableValueMap = assetMetadataRes.adaptTo(ModifiableValueMap.class);
Map<String, Object> properties = new HashMap<>();
properties.put("dc:creator", new String[] { "" });
properties.put("xmp:CreatorTool", "");
properties.put("dam:Author", "");
properties.put("dam:Producer", "");
properties.put("pdf:Producer", "");
properties.put("dc:rights", "");
properties.put("dc:Rights", "");
properties.put("photoshop:Credit", "");
final Set<Entry<String, Object>> propertyEntries = properties.entrySet();
for (final Entry<String, Object> propertyEntry : propertyEntries) {
if (modifiableValueMap.containsKey(propertyEntry.getKey())) {
modifiableValueMap.remove(propertyEntry.getKey());
}
modifiableValueMap.put(propertyEntry.getKey(), propertyEntry.getValue());
log.debug("Updating property '{}' with value '{}' for resource at path '{}'.",
propertyEntry.getKey(), propertyEntry.getValue(), assetMetadataRes.getPath());
}
commit(resourceResolver);
}
You can use a custom workflow to trim/mask the metadata which might be exposing PII.
For the actual asset binary the trick is to identify the assets - post identification you can either use AEM's in-built image editor or a custom image processing library like OpenCV to blur the PII areas and then re-upload the sanitised version back to AEM.
For PDFs, libraries like Apache PDFBox or iText can be used to programmatically redact text.
For identification you can explore OCR library such as Tesseract OCR to process images and extract text for PII scanning. Once the text is extracted use regex maybe to identify the PII (Emails, Phone Numbers, Names etc.)
Similarly use libraries like Apache PDFBox (for PDFs) or Apache POI (for Word documents) to extract text from documents.
These services would have to be integrated into AEM as part of post-processing workflow to allow the asset to be processed post upload in AEM.
Hope this can help!
Related Conversations
