I have a servlet that provides JSON of any page that is opened with a given selector. This JSON will be accessed by third party and i wanted to limit the access. I wanted to use OAuth or something similar (but no ACL).
If OAuth is a good idea, how can that be done? The user should have access to the all page jsons.
Solved! Go to Solution.
Views
Replies
Total Likes
If I understand you correctly, you want to restrict access to that specific servlet acting on the content, but not on the content itself.
ACLs are the natural way to restrict access, and by far the most secure one. Implementing access control on a filter is more work and less secure.
If I understand you correctly, you provide access to this functionality with URLs like this:
/content/mysite/page.myselector.json
If you change that to
/content/mysite/protectedContent.html/content/mysite/page.json
You can add access control to the /content/mysite/protectedContent resource, and then use whatever authentication you like.
Hi ,
Can you try to allow or whitelist the host name of your third party domain in “Allow Hosts” parameter (allow.hosts) of Apache Sling Referrer Filter .
Sample reference
https://taylor.callsen.me/security-and-java-servlets-in-aem-6-1/
Thanks,
Sambasivaraja
If I understand you correctly, you want to restrict access to that specific servlet acting on the content, but not on the content itself.
ACLs are the natural way to restrict access, and by far the most secure one. Implementing access control on a filter is more work and less secure.
If I understand you correctly, you provide access to this functionality with URLs like this:
/content/mysite/page.myselector.json
If you change that to
/content/mysite/protectedContent.html/content/mysite/page.json
You can add access control to the /content/mysite/protectedContent resource, and then use whatever authentication you like.
Views
Likes
Replies
Views
Likes
Replies