Adobe Experience Manager Sites & More

Mahesh_Gunaje · 3/21/24

Hello Everyone,

I have created Assets HTTP API. its GET method only. Now, 3rd party spring boot application(for the same client, handled by known team) wants to access this GET api. Now, what is the minimum configuration I need to do in my AEM application? Note: 3rd party application calls the get method from their backend logic (in this case, its from Java)

I hope CORS setting is not required for this? So, I need to modify only under: Apache Sling Referrer Filter configuration?

cc @aanchal-sikka @arunpatidar @Imran__Khan @BrianKasingli @TarunKumar

arunpatidar · 3/21/24

To allow the third-party Spring Boot application to access your AEM Assets HTTP API, you need to configure the necessary CORS (Cross-Origin Resource Sharing) settings in your AEM application. CORS enables web servers to specify which origins (domains) have permission to access its resources. Here's what you need to do:

Configure CORS in AEM:
- Open the AEM Web Console Configuration Manager (http://localhost:4502/system/console/configMgr).
- Search for the "Adobe Granite Cross-Origin Resource Sharing Policy" configuration.
- Enable the configuration and add the origin domain of the third-party Spring Boot application to the "Allowed Origins" field.
- Optionally, you may also need to configure other CORS-related settings such as allowed headers and methods based on the requirements of the third-party application.
Ensure the Assets HTTP API is accessible:
- Make sure your Assets HTTP API endpoint is publicly accessible and does not require authentication or special permissions to access. This is necessary for the third-party application to make requests to the API.
- Test the API endpoint directly using tools like cURL or Postman to ensure it returns the expected results.
Adjust check dispatcher filter and cache setting as well for get APIs

Arun Patidar

View solution in original post

arunpatidar · 3/21/24

To allow the third-party Spring Boot application to access your AEM Assets HTTP API, you need to configure the necessary CORS (Cross-Origin Resource Sharing) settings in your AEM application. CORS enables web servers to specify which origins (domains) have permission to access its resources. Here's what you need to do:

Configure CORS in AEM:
- Open the AEM Web Console Configuration Manager (http://localhost:4502/system/console/configMgr).
- Search for the "Adobe Granite Cross-Origin Resource Sharing Policy" configuration.
- Enable the configuration and add the origin domain of the third-party Spring Boot application to the "Allowed Origins" field.
- Optionally, you may also need to configure other CORS-related settings such as allowed headers and methods based on the requirements of the third-party application.
Ensure the Assets HTTP API is accessible:
- Make sure your Assets HTTP API endpoint is publicly accessible and does not require authentication or special permissions to access. This is necessary for the third-party application to make requests to the API.
- Test the API endpoint directly using tools like cURL or Postman to ensure it returns the expected results.
Adjust check dispatcher filter and cache setting as well for get APIs

Arun Patidar

Mahesh_Gunaje · 3/21/24

Thanks @arunpatidar for the clarification.

What is the role of Apache Sling Referrer Filter? In this configuration, settings are not required? In what scenario, I need to configure/use the Referrer Filter?

I heard Adobe Granite Cross-Origin Resource Sharing Policy configuration was introduced from AEM 6.3? Correct me if I am wrong.

arunpatidar · 3/21/24

Hi @Mahesh_Gunaje
When you have modification requests like POST, PUT etc calls, in that case you need to apply Apache Sling Referrer Filter changes

Yes CORS changes you need to do

Adobe Experience Manager Sites & More

Minimum configuration required to allow my GET api to be called from 3rd party application

Arun Patidar

Arun Patidar

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe