Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

SOLVED

Page JSON Access

Avatar

Level 7
Level 7
12/28/21 4:33:18 AM

I have a servlet that provides JSON of any page that is opened with a given selector. This JSON will be accessed by third party and i wanted to limit the access. I wanted to use OAuth or something similar (but no ACL). 

If OAuth is a good idea, how can that be done? The user should have access to the all page jsons. 

Views

764

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
12/30/21 3:18:59 AM

If I understand you correctly, you want to restrict access to that specific servlet acting on the content, but not on the content itself.

ACLs are the natural way to restrict access, and by far the most secure one. Implementing access control on a filter is more work and less secure.

 

If I understand you correctly, you provide access to this functionality with URLs like this:

 

/content/mysite/page.myselector.json

 

If you change that to

 

/content/mysite/protectedContent.html/content/mysite/page.json

 

You can add access control to the /content/mysite/protectedContent resource, and then use whatever authentication you like.

 

 

View solution in original post

Views

733

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Level 2
Level 2
12/28/21 8:23:46 AM

Hi  , 

 

Can you try to allow or whitelist the host name of your third party domain in “Allow Hosts” parameter (allow.hosts) of Apache Sling Referrer Filter .

Sample reference 

https://taylor.callsen.me/security-and-java-servlets-in-aem-6-1/

 

Thanks,
Sambasivaraja

 

 

Views

751

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee Advisor
Employee Advisor
12/30/21 3:18:59 AM

If I understand you correctly, you want to restrict access to that specific servlet acting on the content, but not on the content itself.

ACLs are the natural way to restrict access, and by far the most secure one. Implementing access control on a filter is more work and less secure.

 

If I understand you correctly, you provide access to this functionality with URLs like this:

 

/content/mysite/page.myselector.json

 

If you change that to

 

/content/mysite/protectedContent.html/content/mysite/page.json

 

You can add access control to the /content/mysite/protectedContent resource, and then use whatever authentication you like.

 

 

Views

734

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
servlet request + javax Filters: how do I redirect users to another page? Solved

Views

85

Likes

0

Replies

1
AEM GraphQL Query approach to get list of pages where XYZ component is enabled. Solved

Views

132

Likes

0

Replies

2
Without using CRXDE Lite, and just the AEM Authoring interface, can you move multiple (100+) pages from one node to another? Solved

Views

133

Likes

0

Replies

5
Missing Publish Dependency Wizard for Page

Views

370

Likes

0

Replies

1
AEM–Target: Location (hex) hash mismatch between cq:ActivitySettings and runtime page hash

Views

677

Likes

0

Replies

0