Expand my Community achievements bar.

SOLVED

Please help me, how ACLs can be achieved using sling resource type servlet?

Avatar

Level 4
Level 4
10/31/22 9:39:47 AM

Everyone says that resource type servlet is recommended over path type servlet as there will be benefit of ACLs, can someone explain with an example  how ACLs can be achieved and why resource type servlet is best?

 

Views

513

Replies

7
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
11/1/22 3:00:47 AM
In response to Prashanth_02a

Hi,

Resourcetypes-based servlets are recommended not just for ACL reasons, but also for other reasons.

In the case of a path servlet, there is no way to restrict users (OptinServlet can do that but they are very slow and less performant) and an additional dispatcher, OSGIconfig changes are required (if not using predefined whitelisted paths) and they are difficult to manage.

Create a servlet using resourcetype, which is most likely used with the sling:resourceType property via a jcr content resource.

It will be easy to add rep:cugPolicy to restrict in publish or rep:policy to restrict in Author for a few set of users.

For example if you want to create a dashboard/custom landing page in AEM author, you can restrict access based on user group.

If you are using Publish on a site with CUG, you can only allow anonymous users to check login status etc.

 

There are many real time use cases and advantages of resource based servlet. If you are create a resource in JCR, you are enabling capabilities on JCR and Sling.



Arun Patidar

View solution in original post

Views

426

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
7 Replies

Avatar

Level 4
Level 4
10/31/22 10:57:34 AM
In response to KannanC

Thanks for your reply, but, it is not clear mentioned, the actual question is, when there is a requirement to access a resource type servlet by any anonymous user of the website based on some CTA, there is no concept of permissions to that user, in that case how ACLs work? 

Views

486

Replies

5
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
10/31/22 1:16:51 PM
In response to Prashanth_02a

If you website is open for anonymous users and any anonymous user can make the call to servlet. There wont any be restriction on permission side.

If you worried about the stopping the servlet call for anonymous users, please check the update #2 in solution link provided by @KannanC  

Views

470

Replies

4
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
10/31/22 10:48:33 PM
In response to Saravanan_Dharmaraj

@Saravanan_Dharmaraj Does that mean that even resource type servlet is not useful?

 

as most of the servlets on websites will be accessed by anonymous users upon CTA or form submission, if there is no use of ACLS for anonymous users through resource type servlet then in which scenarios can we use it? 

Need clarity on below use case.

USE CASE:
Lets say there is a resource type servlet, which will be invoked upon a click of form submit button by any anonymous user, i think that servlet will be invoked and logic inside it will be executed, but how can that happen? because anonymous user will not have any permissions to that resource(I think) and resource type servlet is invoked only when a user is having access to that particular resource.

@markus_bulla_adobe  arunpatidar Jörg_Hohlukasz-m 

Pulkit_Jain_ SantoshSai
BrianKasingli
 
 



Views

457

Replies

3
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
10/31/22 11:43:19 PM
In response to Prashanth_02a

By default in AEM anonymous user will have access to /content path in publisher, so if you are developing resource type based GET servlet whose resource types are used in pages/other assets under /content path, by default they can be used by outside without any restrictions.

 

So pls when you want to take advantage of resourcetype based servlets with ACLs, you need to use such resource types under a specific path only and restriction ACL for anonymous user to that path or convert your servlet to post.

Views

442

Replies

2
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
11/1/22 1:56:45 AM
In response to Shashi_Mulugu

Thanks @Shashi_Mulugu , but in real time, in which scenario we can use a resource type servlet with paths other than /content ??

Views

431

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Community Advisor
Community Advisor
11/1/22 3:00:47 AM
In response to Prashanth_02a

Hi,

Resourcetypes-based servlets are recommended not just for ACL reasons, but also for other reasons.

In the case of a path servlet, there is no way to restrict users (OptinServlet can do that but they are very slow and less performant) and an additional dispatcher, OSGIconfig changes are required (if not using predefined whitelisted paths) and they are difficult to manage.

Create a servlet using resourcetype, which is most likely used with the sling:resourceType property via a jcr content resource.

It will be easy to add rep:cugPolicy to restrict in publish or rep:policy to restrict in Author for a few set of users.

For example if you want to create a dashboard/custom landing page in AEM author, you can restrict access based on user group.

If you are using Publish on a site with CUG, you can only allow anonymous users to check login status etc.

 

There are many real time use cases and advantages of resource based servlet. If you are create a resource in JCR, you are enabling capabilities on JCR and Sling.



Arun Patidar

Views

427

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply