Level 2

해결됨

Is it possiable to enable anonymous access to a servlet in author instance?

Forum|Forum|1 year ago
February 29, 2024
4 답변들
3387 조회

Hi,

I am currently helping to enhance a function, we are using AEMaaCS. it will do the following:

1. We have a customized form component for users to upload an asset with some other fields

2. The form will send a post call to a servlet, the servlet will:

2.1 Save the uploaded file to a DAM folder using AssetManager

2.2 Create a review task with TaskManager

The function works well when using the author instance to test. However, in the publish instance it does not work.

I already know that in AEMaaCS, the publish instance is read-only, and cannot write files directly into publish DAM.

My question is, is there any way to enable the servlet in the author instance for anonymous access without login for the POST call?

Or is there any way to do it in the servlet layer? i.e. when the publish instance receives the call, run the AssetManager and TaskManager in the author instance?

If so, I can make an Ajax call from the published form to call the author servlet for the upload.

Thank you!

이 주제는 답변이 닫혔습니다.

최고의 답변: HenryLiang

Found the solution in the end:

The author instance needs to configure a Technical Account in the Developer Console.

After that, import JJWT into the project and get an access token to be sent in the request header.

Then the project can access the Author API.

Imran Khan

Community Advisor

Modify the configuration of Apache Sling Authentication Service.

Add an entry in sling.auth.requirements parameter.

If you want anonymous access, you have to put a '-' before the path.

Hope this helps!
Same Issue Reference: https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/how-to-make-servlet-publically-available-in-aem-without-login-in/m-p/175620

H

HenryLiang작성자

Level 2

Hi Imran,

Thanks for the reply!

I do not have access to configMgr in the instance. Does AEM provide a way to write the config in code?

I tried the following:

@Component(service = Servlet.class,
        property = {
                ServletResolverConstants.SLING_SERVLET_METHODS + QueryConstants.EQUAL_SYMBOL + HttpConstants.METHOD_POST,
                ServletResolverConstants.SLING_SERVLET_PATHS + QueryConstants.EQUAL_SYMBOL + "/apps/uploadAssetForApproval",
                "sling.auth.requirements"+ QueryConstants.EQUAL_SYMBOL + "-/apps/uploadAssetForApproval"})
@ServiceDescription("Asset Upload Form servlet")
public class AssetUploadFormServlet extends SlingAllMethodsServlet

But still returns 401 when calling the API with Postman.

Imran Khan

Community Advisor

@henryliang Under ui.config module looks for config.author folder and create file and name as org.apache.sling.engine.impl.auth.SlingAuthenticator.cfg.json

Paste below content within the file

{
  "sling.auth.requirements":[
    "+/",
    "-/libs/granite/core/content/login",
    "-/etc.clientlibs",
    "-/etc/clientlibs/granite",
    "-/libs/dam/remoteassets/content/loginerror",
    "-/aem/update.theme",
    "-/linkexpired",
    "-/replace_this_with_your_servlet_path"
  ]
}

Add an entry in sling.auth.requirements parameter.

If you want anonymous access, you have to put a '-' before the path.'

Deploy the code and test, it should work.

SureshDhulipudi

Community Advisor

Didn't get your complete requirement.

Author instance is where the authors/content writers - create content and manage content. once you upload the images to author instance - publish it to store the content in publish instance.

Author - Publisher - has two separate instances to maintain content.

As you stated above - In AEM as a Cloud Service, the publish instance is indeed read-only and you cannot write files directly into the publish DAM.

you can enable a servlet on the author instance for anonymous access. Here's how you can do it:
Create a system user: You need to create a system user that will be used to run the servlet. This user should have the necessary permissions to create assets and tasks.

H

HenryLiang작성자

Level 2

Hi SureshDhulipudi,

Thanks for the reply!

I've already made the servlet on the author and the system user as well.

It works well on the author instance in preview mode. I assume it is because I need to login to the author instance before I do the test.

However, I cannot call the API from anywhere else like a webpage with submit form. When trying to use postman to call it, HTTP status 401 returns.

AMANATH_ULLAH

Community Advisor

@henryliang

Make sure you have system user created in Publisher and it has required permissions to assets

You will not need authentication to call servlet in publisher. You can use postman to test this

Amanath Ullah

H

HenryLiang작성자

Level 2

Thanks Amanath,

I have gotten everything set in the publisher, but AssetManager cannot write anything to the publisher as it is read-only. I need to call the servlet in the author to upload the file, I am seeking a way to make the author servlet publicly accessible without authentication.

narendragandhi

Community Advisor

Hi @henryliang

You can make the changes in the system console of your local AEM SDK instance and then copy the file from there to include in your codebase.

By default it would go under /apps/system/config which you can include under author-specific runmode

and the content should look like below -

Also since you are allowing anonymous file upload, please make sure that required security considerations have been made.

Thanks

Narendra

kautuk_sahni

Community Manager

@henryliang Did you find the suggestions from users helpful? Please let us know if more information is required. Otherwise, please mark the answer as correct for posterity. If you have found out solution yourself, please share it with the community.

Kautuk Sahni

H

HenryLiang작성자답변

Level 2

Found the solution in the end:

The author instance needs to configure a Technical Account in the Developer Console.

After that, import JJWT into the project and get an access token to be sent in the request header.

Then the project can access the Author API.

djohn98390536

Level 4

Hi @henryliang can plz share some sample code how did you achieve this with Technical Account.

가입하기

소셜 로그인

커뮤니티에 로그인

소셜 로그인

파일을 바이러스 검사 중입니다.

이 파일은 다운로드할 수 없습니다