Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn more

View all

Sign in to view all badges

SOLVED

Saving password inTranslation Cloud config

JanHumpal
Level 2
Level 2

For the configuration of our translation connector we need to save a password in its Translation Cloud configuration. This used to be ok in AEM 6.5 as the password could be encrypted using the /system/console/crypto. This is no longer possible in cloud based AEM.
Is there a way to programatically invoke the same functionality, when the config form is saved?

1 Accepted Solution
JanHumpal
Correct answer by
Level 2
Level 2

Hello Arun!

 

Thanks for the reference, however I don't see how that answers the question.

Let me try to clarify what the problem is.
Formerly, these used to be the steps the user of our connector would take to set up the configuration:

  1. Create the configuration
  2. Open /system/console/crypto
  3. Encode the password to our service
  4. Fill the encoded password and other details
  5. Save the configuration

Step 2 and 3 are no longer possible in cloud. I was asking if there is a way the code of our connector could invoke the crypto service to encode the password when the configuration is saved, so that it isn't stored in plaintext.

Or is it the case, that we need to instruct our users to extract the key from their cloud AEM, inject it into an SDK and encode the password there?

View solution in original post

9 Replies
Arun_Patidar
Community Advisor
Community Advisor

Please check https://experienceleague.adobe.com/docs/experience-manager-cloud-service/implementing/developing/aem...

 

 

In case you depend on CryptoSupport (either by configuring the credentials of Cloudservices or the SMTP Mail service in AEM or by using C...), the encrypted properties will be encrypted by a key that is autogenerated on the first start of an AEM environment. While the cloudsetup takes care of automatically reusing the environment-specific CryptoKey, it is necessary to inject the cryptokey into the local development environment.

JanHumpal
Correct answer by
Level 2
Level 2

Hello Arun!

 

Thanks for the reference, however I don't see how that answers the question.

Let me try to clarify what the problem is.
Formerly, these used to be the steps the user of our connector would take to set up the configuration:

  1. Create the configuration
  2. Open /system/console/crypto
  3. Encode the password to our service
  4. Fill the encoded password and other details
  5. Save the configuration

Step 2 and 3 are no longer possible in cloud. I was asking if there is a way the code of our connector could invoke the crypto service to encode the password when the configuration is saved, so that it isn't stored in plaintext.

Or is it the case, that we need to instruct our users to extract the key from their cloud AEM, inject it into an SDK and encode the password there?

View solution in original post

JanHumpal
Level 2
Level 2
Hi Arun, thanks! Could you please give a hint or point to a resource on how to invoke the Java API when the configuration form is submitted? I tried to find such resource, but could only find explanations of invoking code when the form is rendered.
Arun_Patidar
Community Advisor
Community Advisor
Hi, you can create a servlet and call on form submit or create an event listener to invoke crypto API. when dedicated field is changed.
JanHumpal
Level 2
Level 2

Hello @Arun_Patidar ,

 

Thanks for the tip, the event route turned out to yeild a working implementation.

I still have one concern though.

The event that is published when the configuration is saved has the broad topic of `com/day/cq/wcm/core/page`, so filtering on level of code seems like a potential performace issue.

But I'm unable to filter events using the `EventConstants.EVENT_FILTER`.

I tried to specify 

EventConstants.EVENT_FILTER + "(path=/conf*)"

or

EventConstants.EVENT_FILTER + "(modifications.path=/conf*)"

 but neither filters out a regular page edit. I suspect this is caused by the event having the modifications as an object (see attached screenshot from the event console). 

Screenshot.png

 

Do you know if there is a way around that, or if filtereing in the event handler itself is actually the correct solution?

JanHumpal
Level 2
Level 2
Hi, I tried adding equals sign to the filter, filtering for the property `paths` and `modifications.paths`, and listening to ReplicationAction.EVENT_TOPIC, but none of those work. I think the issue realy is, that the `com/day/cq/wcm/core/page` event presents with the path obscured by the wrapping object (an ArrayList with one element in this case).
Arun_Patidar
Community Advisor
Community Advisor

Hi, can you try with below code

 

 

package com.community.aemlab.core.events;

import org.osgi.framework.Constants;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.event.Event;
import org.osgi.service.event.EventConstants;
import org.osgi.service.event.EventHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = EventHandler.class, immediate = true, property = {
		Constants.SERVICE_DESCRIPTION + "=Demo to listen event on page modification ",
		EventConstants.EVENT_TOPIC + "=org/apache/sling/api/resource/Resource/ADDED",
		EventConstants.EVENT_TOPIC + "=org/apache/sling/api/resource/Resource/CHANGED",
		EventConstants.EVENT_FILTER + "=(path=/content/aemlab/us/*/jcr:content)" })
public class PageEvent implements EventHandler {

	private static final Logger LOG = LoggerFactory.getLogger(PageEvent.class);

	@Override
	public void handleEvent(Event event) {
		LOG.info("Event is called with paths PageEvent Test ......");
	}

}