Provide restricted access to /bin/querybuilder.json | Community
Skip to main content
B
beast42
July 26, 2022
Solved

Provide restricted access to /bin/querybuilder.json

  • July 26, 2022
  • 2 replies
  • 2865 views

Hi, We need to provide restricted access to AEM's query-builder json API to a 3rd party app. How can we add some sort of authorization/access restriction around this path: /bin/querybuilder.json. 

 

We can't make it publicly accessible for security considerations.

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by arunpatidar

with CUG or ACL, it will not work until end user will have session in AEM. I think the best is to achieve from dispatcher.

 

If you want to do it via AEM session then you can use sling filter to check authentication for this path and return 404 status code or continue the request.

2 replies

G
Community Advisor
GanthiRa1Community Advisor
Community Advisor
July 26, 2022

hi @beast42 

what do you want to expose through querybuilder, what is your requirement.

    B
    beast42Author
    July 26, 2022

    We need to provide search capability to a 3rd party application. It will query AEM DAM and show results in their page.

      G
      Community Advisor
      GanthiRa1Community Advisor
      Community Advisor
      July 26, 2022

      @beast42 

      You can use the AEM Asset API for you requirement, here is the reference https://experienceleague.adobe.com/docs/experience-manager-65/assets/extending/mac-api-assets.html?lang=en

        arunpatidar
        Community Advisor
        arunpatidarCommunity Advisor
        Community Advisor
        July 27, 2022

        Hi,

        I think you can enable basic auth at apache server only for this path.

        Arun Patidar
          B
          beast42Author
          July 27, 2022

          Thanks for the response @arunpatidar.

           

          Is there any way we can call  /bin/querybuilder.json from a sling servlet? I was thinking may be we can have a sling servlet (tied to a resource page) which has some authentication (CUG or ACL)? 

            arunpatidar
            Community Advisor
            arunpatidarCommunity AdvisorAccepted solution
            Community Advisor
            July 29, 2022

            with CUG or ACL, it will not work until end user will have session in AEM. I think the best is to achieve from dispatcher.

             

            If you want to do it via AEM session then you can use sling filter to check authentication for this path and return 404 status code or continue the request.

            Arun Patidar
              Terms & ConditionsAccessibility statement

              Loading footer...