Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

login Authentication mechanism for Dam assest in publish instance

Avatar

Level 4

I am using  AEM 5.6.1 and  the requirement is  that  end user  must be Authenticated to view  few  DAM assets in publish instance using an dispacther.Could you please  suggest  what  is best mechanism i could use and any best practices in general i must look for.

 

Thanks

1 Accepted Solution

Avatar

Correct answer by
Level 10
  1. If you have multiple PDFs/assets which require authentication then why not create an assets listing page which can be shown to authenticated users. You can set CUG (Closed user group) properties on the listing page so that only required group of users will have access to it via login. 
  2. If you want to restrict access to a particular PDF or asset then there is a way to set the CUG properties on individual assets. http://www.wemblog.com/2013/01/how-to-associate-cug-with-dam-asset-in.html
  3. If you do not like applying these properties individually on multiple assets then other solution could be to create a custom servlet and bind it to a resource type and bind that resource type to a page. Then you can restrict access to that page by setting CUG properties on it. You can then expose the page url with asset path as parameter in the front end to the users. When they hit the page URL the AEM will check if the user is authenticated or not. If not then it will redirect to the login page and if yes then it will call the servlet and pass the asset path as param to it. The servlet then can redirect to the asset URL(passed as param to it). 

 

CUG - https://docs.adobe.com/docs/en/aem/6-1/administer/security/cug.html

https://helpx.adobe.com/experience-manager/using/resourcetypes.html

https://cqdump.wordpress.com/2015/03/23/aem-coding-best-practice-servlets/

Thanks,

Kunal

View solution in original post

4 Replies

Avatar

Level 10

How will the user be looking at the assets? Do you you mean in an AEM web site that references DAM assets, or do you mean on CQ Author? 

Avatar

Level 4

The  anonymous users when hits on the PDF link to download on publish instance.He will be shown up with login page.Then followed by Authentication mechanism.That is he logs in and then we need a session present for sometime for the login.Then logout for the user

Avatar

Correct answer by
Level 10
  1. If you have multiple PDFs/assets which require authentication then why not create an assets listing page which can be shown to authenticated users. You can set CUG (Closed user group) properties on the listing page so that only required group of users will have access to it via login. 
  2. If you want to restrict access to a particular PDF or asset then there is a way to set the CUG properties on individual assets. http://www.wemblog.com/2013/01/how-to-associate-cug-with-dam-asset-in.html
  3. If you do not like applying these properties individually on multiple assets then other solution could be to create a custom servlet and bind it to a resource type and bind that resource type to a page. Then you can restrict access to that page by setting CUG properties on it. You can then expose the page url with asset path as parameter in the front end to the users. When they hit the page URL the AEM will check if the user is authenticated or not. If not then it will redirect to the login page and if yes then it will call the servlet and pass the asset path as param to it. The servlet then can redirect to the asset URL(passed as param to it). 

 

CUG - https://docs.adobe.com/docs/en/aem/6-1/administer/security/cug.html

https://helpx.adobe.com/experience-manager/using/resourcetypes.html

https://cqdump.wordpress.com/2015/03/23/aem-coding-best-practice-servlets/

Thanks,

Kunal

Avatar

Level 4

Had a  question based on above.

We have one author and 2  publish instance and AEM5.6.1

If the user is added to cug group in one publish instance after singup then how the user get added to one more publish instance