Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Securing servlet

Avatar

Level 2

How can we secure path based Servlet from random user? 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @aniketp1012 ,

 

PATH based servlet have following disadvantages :

  • path-bound servlets cannot be access controlled using the default JCR repository ACLs
  • path-bound servlets can only be registered to a path and not a resource type (i.e. no suffix handling)
  • if a path-bound servlet is not active, e.g. if the bundle is missing or not started, a POST might result in unexpected results. usually creating a node at /bin/xyz which subsequently overlays the servlets path binding
  • the mapping is not transparent to a developer looking just at the repository

Looking at the ask here, it is recommended to use resourceType based servlet.

Article might help you .

 

Thanks.

View solution in original post

2 Replies

Avatar

Community Advisor

Hi @aniketp1012 

 

The most secure way would be to map the servlet to resource type, AEM would take care of the access part through relevant ACL's

Below is one nice article on this topic that would help you indeed: 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/secure-sling-servlet-need-...

 

Avatar

Correct answer by
Community Advisor

Hi @aniketp1012 ,

 

PATH based servlet have following disadvantages :

  • path-bound servlets cannot be access controlled using the default JCR repository ACLs
  • path-bound servlets can only be registered to a path and not a resource type (i.e. no suffix handling)
  • if a path-bound servlet is not active, e.g. if the bundle is missing or not started, a POST might result in unexpected results. usually creating a node at /bin/xyz which subsequently overlays the servlets path binding
  • the mapping is not transparent to a developer looking just at the repository

Looking at the ask here, it is recommended to use resourceType based servlet.

Article might help you .

 

Thanks.