Condition is, when REST call in invoked E,g, localhost:4502/content/a/b_jcr_content.getData.json (POST)
AEM will get all POST data and create a predefined node structure.
This REST service will be invoked from an external system (outside AEM). Is there any checklist / security considerations that should be taken in to account while developing this REST call.
Another question : how would external system can invoke the call to AEM Author instance , would they have to use credentials to fire the rest call along with port number ?
Solved! Go to Solution.
Views
Replies
Total Likes
Hi
To answer you first part of the question:
You need to invoke the API from JSP/Sightly/JS using Ajex or you can achieve it from OSGI custom Service/Component. Then after parsing the response data you can save it in JCR using JCR API.
Link:- https://helpx.adobe.com/experience-manager/using/restful-services.html
// Creating Adobe Experience Manager bundles that invoke third party Restful web services
Link:- https://helpx.adobe.com/experience-manager/using/programmatically-accessing-cq-content-using.html and https://helpx.adobe.com/experience-manager/using/querying-experience-manager-data-using1.html
//Programmatically Accessing Adobe CQ Content using the JCR API
Answering to the Second Part:
AEM supports Restful services. Simply create Sling Servlets that can be accessed using an HTTP GET or HTTP POST.
If you want to get page data, you can use default sling Get servlets. However - if you want to get non-page data - for example - a list of DAM assets in XML or pull data from a 3rd party database, encode the data into a specific JSON structure, and serve that data as the servlet's response - then you need to write your own Servlets. Rest of this is about that use case.
You can write custom application logic in the Servlets to perform business logic to meet your business requirements. For example, you can use the JCR API within the servlet to perform CRUD operations on JCR Data or JDBC data to get data from an external database (you can do what ever you want to meet your business requirements).
As far as getting a Sling Servlet to return JSON - see this community article that shows how to write a Sling Servlet that returns JSON data:
https://helpx.adobe.com/experience-manager/using/custom-sling-servlets.html
This servlet uses the org.json.simple.JSONObject object to create JSON formatted data on the back end.
https://code.google.com/p/json-simple/
Now this article invokes the servlet from a CQ page. However - you can easily hit the AEM Servlet from other apps that support Restful operations
Please refer to these post for detail answers:-
Demo Articles:
Link:- https://helpx.adobe.com/experience-manager/using/using-net-client-application.html
//Submitting data to the Adobe CQ JCR using a .NET client application
Link:- https://helpx.adobe.com/experience-manager/using/post_files.html
//Creating Java Swing applications that posts files to AEM ClientLibs folders
And
"would they have to use credentials to fire the rest call along with port number ? "
Credentials are needed for assessing restricted data, if it is public, we can get it directly.
Thanks and Regards
Kautuk Sahni
Views
Replies
Total Likes
Hi
To answer you first part of the question:
You need to invoke the API from JSP/Sightly/JS using Ajex or you can achieve it from OSGI custom Service/Component. Then after parsing the response data you can save it in JCR using JCR API.
Link:- https://helpx.adobe.com/experience-manager/using/restful-services.html
// Creating Adobe Experience Manager bundles that invoke third party Restful web services
Link:- https://helpx.adobe.com/experience-manager/using/programmatically-accessing-cq-content-using.html and https://helpx.adobe.com/experience-manager/using/querying-experience-manager-data-using1.html
//Programmatically Accessing Adobe CQ Content using the JCR API
Answering to the Second Part:
AEM supports Restful services. Simply create Sling Servlets that can be accessed using an HTTP GET or HTTP POST.
If you want to get page data, you can use default sling Get servlets. However - if you want to get non-page data - for example - a list of DAM assets in XML or pull data from a 3rd party database, encode the data into a specific JSON structure, and serve that data as the servlet's response - then you need to write your own Servlets. Rest of this is about that use case.
You can write custom application logic in the Servlets to perform business logic to meet your business requirements. For example, you can use the JCR API within the servlet to perform CRUD operations on JCR Data or JDBC data to get data from an external database (you can do what ever you want to meet your business requirements).
As far as getting a Sling Servlet to return JSON - see this community article that shows how to write a Sling Servlet that returns JSON data:
https://helpx.adobe.com/experience-manager/using/custom-sling-servlets.html
This servlet uses the org.json.simple.JSONObject object to create JSON formatted data on the back end.
https://code.google.com/p/json-simple/
Now this article invokes the servlet from a CQ page. However - you can easily hit the AEM Servlet from other apps that support Restful operations
Please refer to these post for detail answers:-
Demo Articles:
Link:- https://helpx.adobe.com/experience-manager/using/using-net-client-application.html
//Submitting data to the Adobe CQ JCR using a .NET client application
Link:- https://helpx.adobe.com/experience-manager/using/post_files.html
//Creating Java Swing applications that posts files to AEM ClientLibs folders
And
"would they have to use credentials to fire the rest call along with port number ? "
Credentials are needed for assessing restricted data, if it is public, we can get it directly.
Thanks and Regards
Kautuk Sahni
Views
Replies
Total Likes
ptK wrote...
Condition is, when REST call in invoked E,g, localhost:4502/content/a/b_jcr_content.getData.json (POST)
AEM will get all POST data and create a predefined node structure.
This REST service will be invoked from an external system (outside AEM). Is there any checklist / security considerations that should be taken in to account while developing this REST call.
Another question : how would external system can invoke the call to AEM Author instance , would they have to use credentials to fire the rest call along with port number ?
Hi
Can you be bit clear whether you want to call the external REST call or you want to create REST call in AEM and expose it to external systems
Thanks,
Mani Kumar K
Views
Replies
Total Likes
I want to create REST call in AEM E.g. localhost:4502/bin/abc/def that will be invoked by some external systems to POST the data in to JCR.
Views
Replies
Total Likes
That is very easy to do. Write a Sling Servlet that defines doPost and then use an HTTP Post operation to invoke it. See this commuity article. IN this article - we are doing a POST to get a file into the AEM JCR:
https://helpx.adobe.com/experience-manager/using/post_files.html
In this example - the client is a Java Desktop app.
Views
Replies
Total Likes
Thanks Scott.
I am thinking about what sort of user credentials I should create and provide to external systems can access so they can invoke REST call on AEM author ?
And what sort of Read / Write access levels should be assigned to the user
Views
Replies
Total Likes
Try giving the user that you use to authenticate the HTTP request read and write permissions required to access the part of the JCR that you want to modify. I personally tested with Admin credentials.
Views
Replies
Total Likes
Thanks Scott .
I tried the admin access , it works for GET request but for POST request it gives an error :
org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
I am testing the url for the page as http://localhost:4502/content/submitPage.groups.html
And following are my properties for servlet :
@SlingServlet(methods = {"POST,GET"},
metatype = true,
resourceTypes = {"services/powerproxy"},
selectors = {"groups"})
Views
Replies
Total Likes
For testing purposes - try removing credentials to make sure that the POST servlet works - once we know if works - then we can figure out why authentication is not working. In the Java Swing article - notice the properties that removes authentication. I find it strange that GET is working - not POST.
Views
Replies
Total Likes
Its strange when I use :
@SlingServlet(methods = {"POST,GET"},
metatype = true,
resourceTypes = {"services/powerproxy"},
selectors = {"groups"})
This gives me following error for POST request and admin account : org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials
When I use
@SlingServlet(paths="/bin/upfile", methods = "POST", metatype=true)
I am able to test the Servlet with admin credentials .
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies