Hi, We need to provide restricted access to AEM's query-builder json API to a 3rd party app. How can we add some sort of authorization/access restriction around this path: /bin/querybuilder.json.
We can't make it publicly accessible for security considerations.
Solved! Go to Solution.
Views
Replies
Total Likes
with CUG or ACL, it will not work until end user will have session in AEM. I think the best is to achieve from dispatcher.
If you want to do it via AEM session then you can use sling filter to check authentication for this path and return 404 status code or continue the request.
We need to provide search capability to a 3rd party application. It will query AEM DAM and show results in their page.
You can use the AEM Asset API for you requirement, here is the reference https://experienceleague.adobe.com/docs/experience-manager-65/assets/extending/mac-api-assets.html?l...
Hi, Thanks for the response.
Assets API does not provide search functionality.
Hi,
I think you can enable basic auth at apache server only for this path.
Thanks for the response @arunpatidar.
Is there any way we can call /bin/querybuilder.json from a sling servlet? I was thinking may be we can have a sling servlet (tied to a resource page) which has some authentication (CUG or ACL)?
with CUG or ACL, it will not work until end user will have session in AEM. I think the best is to achieve from dispatcher.
If you want to do it via AEM session then you can use sling filter to check authentication for this path and return 404 status code or continue the request.
Hi @arunpatidar ,
I have one question about this requirement. Query AEM DAM via /bin/querybuilder.json and show the result.
Though we are talking about restricted access but what is the guarantee 3rd party user always query about /content/dam/ , if they want they can query like the below also -
https://<domain-name>/bin/querybuilder.json?path=/home/users&type=nt:base&p.limit=1000
and pull AEM user accounts also as shown below -
Will it be a good idea to use /bin/querybuilder.json? Want to know your thoughts.
Hi @DEBAL_DAS
Yes, if anonymous user have access to any path like /content, /conf, /etc , then they can query anything within these paths.
That is why it is recommended to create your own servlet with limited capabilities and expose via selector e.g. /bin/querybuilder/asset.cam.json.
This will provide restricted access to json extension.
Note : The servlet should be registered via resourcetype but path.
Views
Likes
Replies
Views
Likes
Replies