Adobe Experience Manager Sites & More

aniketp1012 · 3/20/22

How can we secure path based Servlet from random user?

milind_bachani · 3/20/22

PATH based servlet have following disadvantages :

path-bound servlets cannot be access controlled using the default JCR repository ACLs
path-bound servlets can only be registered to a path and not a resource type (i.e. no suffix handling)
if a path-bound servlet is not active, e.g. if the bundle is missing or not started, a POST might result in unexpected results. usually creating a node at /bin/xyz which subsequently overlays the servlets path binding
the mapping is not transparent to a developer looking just at the repository

Looking at the ask here, it is recommended to use resourceType based servlet.

Article might help you .

Thanks.

Pallavi_Shukla_ · 3/20/22

The most secure way would be to map the servlet to resource type, AEM would take care of the access part through relevant ACL's

Below is one nice article on this topic that would help you indeed:

milind_bachani · 3/20/22

PATH based servlet have following disadvantages :

path-bound servlets cannot be access controlled using the default JCR repository ACLs
path-bound servlets can only be registered to a path and not a resource type (i.e. no suffix handling)
if a path-bound servlet is not active, e.g. if the bundle is missing or not started, a POST might result in unexpected results. usually creating a node at /bin/xyz which subsequently overlays the servlets path binding
the mapping is not transparent to a developer looking just at the repository

Looking at the ask here, it is recommended to use resourceType based servlet.

Article might help you .

Thanks.

Securing servlet