Highlighted

Need to access query parameter inside AuthcheckerServlet

knstechaspect

28-08-2018

Hi All,

I am using the below blog for caching the secured content

Caching Secured Content

This AuthcheckerServlet servlet receives only HEAD requests from the render, so you only need to implement the doHead method.

The render includes the URI of the requested resource as a parameter of the HTTP request. For example, an authorization servlet is accessed via /bin/permissioncheck. To perform a security check on the /content/geometrixx-outdoors/en.html page, the render includes the following URL in the HTTP request:

/bin/permissioncheck?uri=/content/geometrixx-outdoors/en.html

I want to do the security check on the page with query parameters like /content/geometrixx-outdoors/en.html?intcmp=test but this servlet is not taking the query path which I appended.

Following configurations are added to dispatcher to achieve caching secured content.

/auth_checker

  {

  # request is sent to this URL with '?uri=<page>' appended

  /url "/bin/permissioncheck"

     

  # only the requested pages matching the filter section below are checked,

  # all other pages get delivered unchecked

  /filter

    {

    /0000

      {

      /glob "*"

      /type "deny"

      }

    /0001

      {

      /glob "/content/secure/*.html"

      /type "allow"

      }

    }

  # any header line returned from the auth_checker's HEAD request matching

  # the section below will be returned as well

  /headers

    {

    /0000

      {

      /glob "*"

      /type "deny"

      }

    /0001

      {

      /glob "Set-Cookie:*"

      /type "allow"

      }

    }

  }

Any other configurations needed to get this query parameters with page ? Any suggestion will be much appreciated

Replies

Highlighted

knstechaspect

29-08-2018

Hi berliant​,

Thanks for your reply.  I am already using one servlet for permission check. Before checking the page permission, I want o get requested page query string as well.  How can we send a url including query string to that servlet?

Permission check servlet uses request.getParameter("uri"). Here is uri is path of the requested page but it's taking it's query string.

How to get /bin/permissioncheck?uri=/content/geometrixx-outdoors/en.html?intcmp=true.

As of we are getting only /bin/permissioncheck?uri=/content/geometrixx-outdoors/en.html.

Any suggestion would be much appreciated.

Highlighted

anujg3325839

16-09-2018

Is this query string relevant to make a decision if this user is allowed to access that resource? Is there a case, that with “?intcmp=true" the user is allowed to access the resource and with any other not?  If a user has read access to a resource he can access that resource.

So if you use the resource-based approach of AEM in the right way, you should never come into that situation where this query string is required to determine if read access should be allowed. And then adding the query string of the request to the request to the authchecker is not required at all.