Adobe Experience Manager Sites & More

beast42 · 7/26/22

Hi, We need to provide restricted access to AEM's query-builder json API to a 3rd party app. How can we add some sort of authorization/access restriction around this path: /bin/querybuilder.json.

We can't make it publicly accessible for security considerations.

arunpatidar · 7/29/22

with CUG or ACL, it will not work until end user will have session in AEM. I think the best is to achieve from dispatcher.

If you want to do it via AEM session then you can use sling filter to check authentication for this path and return 404 status code or continue the request.

Arun Patidar

View solution in original post

Ganthimathi_R · 7/26/22

hi @beast42

what do you want to expose through querybuilder, what is your requirement.

beast42 · 7/26/22

We need to provide search capability to a 3rd party application. It will query AEM DAM and show results in their page.

Ganthimathi_R · 7/26/22

@beast42

You can use the AEM Asset API for you requirement, here is the reference https://experienceleague.adobe.com/docs/experience-manager-65/assets/extending/mac-api-assets.html?l...

beast42 · 7/27/22

Hi, Thanks for the response.

Assets API does not provide search functionality.

arunpatidar · 7/27/22

Hi,

I think you can enable basic auth at apache server only for this path.

Arun Patidar

beast42 · 7/27/22

Thanks for the response @arunpatidar.

Is there any way we can call /bin/querybuilder.json from a sling servlet? I was thinking may be we can have a sling servlet (tied to a resource page) which has some authentication (CUG or ACL)?

arunpatidar · 7/29/22

with CUG or ACL, it will not work until end user will have session in AEM. I think the best is to achieve from dispatcher.

If you want to do it via AEM session then you can use sling filter to check authentication for this path and return 404 status code or continue the request.

Arun Patidar

DEBAL_DAS · 7/30/22

Hi @arunpatidar ,

I have one question about this requirement. Query AEM DAM via /bin/querybuilder.json and show the result.

Though we are talking about restricted access but what is the guarantee 3rd party user always query about /content/dam/ , if they want they can query like the below also -

https://<domain-name>/bin/querybuilder.json?path=/home/users&type=nt:base&p.limit=1000

and pull AEM user accounts also as shown below -

Will it be a good idea to use /bin/querybuilder.json? Want to know your thoughts.

arunpatidar · 7/30/22

Hi @DEBAL_DAS

Yes, if anonymous user have access to any path like /content, /conf, /etc , then they can query anything within these paths.

That is why it is recommended to create your own servlet with limited capabilities and expose via selector e.g. /bin/querybuilder/asset.cam.json.

This will provide restricted access to json extension.

Note : The servlet should be registered via resourcetype but path.

Adobe Experience Manager Sites & More

Provide restricted access to /bin/querybuilder.json

Arun Patidar

Arun Patidar

Arun Patidar

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe