Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Is it possiable to enable anonymous access to a servlet in author instance?

Avatar

Level 2

Hi,

 

I am currently helping to enhance a function,  we are using AEMaaCS. it will do the following:

 

1. We have a customized form component for users to upload an asset with some other fields

2. The form will send a post call to a servlet, the servlet will:

    2.1 Save the uploaded file to a DAM folder using AssetManager

    2.2 Create a review task with TaskManager

 

The function works well when using the author instance to test. However, in the publish instance it does not work.

 

I already know that in AEMaaCS, the publish instance is read-only, and cannot write files directly into publish DAM.

 

My question is, is there any way to enable the servlet in the author instance for anonymous access without login for the POST call?

 

Or is there any way to do it in the servlet layer? i.e. when the publish instance receives the call, run the AssetManager and TaskManager in the author instance?

 

If so, I can make an Ajax call from the published form to call the author servlet for the upload.

 

Thank you!

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Level 2

Found the solution in the end:

The author instance needs to configure a Technical Account in the Developer Console.

After that, import JJWT into the project and get an access token to be sent in the request header.

Then the project can access the Author API. 

View solution in original post

14 Replies

Avatar

Community Advisor

Modify the configuration of Apache Sling Authentication Service.

Add an entry in sling.auth.requirements parameter.

If you want anonymous access, you have to put a '-' before the path.

Hope this helps!
Same Issue Reference:  https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-make-servlet-public...

Avatar

Level 2

Hi Imran,

 

Thanks for the reply!

 

I do not have access to configMgr in the instance. Does AEM provide a way to write the config in code?

 

I tried the following:

@Component(service = Servlet.class,
property = {
ServletResolverConstants.SLING_SERVLET_METHODS + QueryConstants.EQUAL_SYMBOL + HttpConstants.METHOD_POST,
ServletResolverConstants.SLING_SERVLET_PATHS + QueryConstants.EQUAL_SYMBOL + "/apps/uploadAssetForApproval",
"sling.auth.requirements"+ QueryConstants.EQUAL_SYMBOL + "-/apps/uploadAssetForApproval"})
@ServiceDescription("Asset Upload Form servlet")
public class AssetUploadFormServlet extends SlingAllMethodsServlet

But still returns 401 when calling the API with Postman.

Avatar

Community Advisor

@HenryLiang Under ui.config module looks for config.author folder and create file and name as org.apache.sling.engine.impl.auth.SlingAuthenticator.cfg.json

 

Paste below content within the file

 

 

{
  "sling.auth.requirements":[
    "+/",
    "-/libs/granite/core/content/login",
    "-/etc.clientlibs",
    "-/etc/clientlibs/granite",
    "-/libs/dam/remoteassets/content/loginerror",
    "-/aem/update.theme",
    "-/linkexpired",
    "-/replace_this_with_your_servlet_path"
  ]
}

 

 

Add an entry in sling.auth.requirements parameter.

If you want anonymous access, you have to put a '-' before the path.'

Deploy the code and test, it should work.

Avatar

Community Advisor

Didn't get your complete requirement.

Author instance is where the authors/content writers - create content and manage content. once you upload the images to author instance - publish it to store the content in publish instance.

Author - Publisher - has two separate instances to maintain content.

As you stated above - In AEM as a Cloud Service, the publish instance is indeed read-only and you cannot write files directly into the publish DAM.

 

you can enable a servlet on the author instance for anonymous access. Here's how you can do it:
Create a system user: You need to create a system user that will be used to run the servlet. This user should have the necessary permissions to create assets and tasks.

Avatar

Level 2

Hi SureshDhulipudi,

 

Thanks for the reply!

 

I've already made the servlet on the author and the system user as well.

 

It works well on the author instance in preview mode. I assume it is because I need to login to the author instance before I do the test.

 

However, I cannot call the API from anywhere else like a webpage with submit form. When trying to use postman to call it, HTTP status 401 returns.

Avatar

Community Advisor

@HenryLiang 

Make sure you have system user created in Publisher and it has required permissions to assets

You will not need authentication to call servlet in publisher. You can use postman to test this

Avatar

Level 2

Thanks Amanath,

 

I have gotten everything set in the publisher, but AssetManager cannot write anything to the publisher as it is read-only. I need to call the servlet in the author to upload the file, I am seeking a way to make the author servlet publicly accessible without authentication.

Avatar

Community Advisor

Hi @HenryLiang 

 

You can make the changes in the system console of your local AEM SDK instance and then copy the file from there to include in your codebase.

 

narendragandhi_0-1709238609485.png

 

 

By default it would go under /apps/system/config which you can include under author-specific runmode 

 

narendragandhi_0-1709238325123.png

and the content should look like below -

narendragandhi_1-1709238376193.png

Also since you are allowing anonymous file upload, please make sure that required security considerations have been made.

 

Thanks

Narendra

Avatar

Level 2

Hi Narendra,

Thanks! After applying SlingAuthenticator, I can call the servlet through Postman, and the file is uploaded.

However, even though the function seemed to work, Postman still returned a 401 status code. Any clue or debug suggestions for this?

Thanks!

HenryLiang_0-1709271627294.png

Update:

After adding a cookie - login-token=xxxx (copied from browser cookie after logged-in), it returns 200 with the expected result. May I know if there is any way to bypass the login token?

HenryLiang_0-1709276307905.png

Thanks!

Avatar

Level 8

Hi @HenryLiang 

 

As mentioned by @Imran__Khan  in his 1st reply to your post, from 3rd party application, you hit the AEM author URL(i mean Post servlet URL) and then save the images in author environment. (of course you need service user with necessary read, write permission). then, replicate the assets to publisher environments at that time or later(it depends upon your use cases. Suppose, if AEM author wants to check the assets uploaded by 3rd party application, before replicating to publish).

I assume, you have multiple publisher environment(or may be in future). Then, in this case, suppose if you save the asset in 1 publisher environment, how you will install the same asset in other publish, author environments??

Avatar

Community Advisor

Hi @HenryLiang 

 

I think another important detail that was missed here is that the Asset Manager API that you are using to upload files has been deprecated for AEM as a Cloud Service. Please refer - https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/assets/admin/develo... for options to upload assets to AEM.

 

So the initial upload of assets from the form would have to be done to some external storage and from there you can use any of the upload options to bring them to AEM. Hope this helps!

 

Thanks

Narendra

 

 

 

Avatar

Administrator

@HenryLiang Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.



Kautuk Sahni

Avatar

Correct answer by
Level 2

Found the solution in the end:

The author instance needs to configure a Technical Account in the Developer Console.

After that, import JJWT into the project and get an access token to be sent in the request header.

Then the project can access the Author API. 

Avatar

Level 4

Hi @HenryLiang can plz share some sample code how did you achieve this with  Technical Account.