Pritam
How does component's jsp gets executed on aem publish instance for anonymous user when anonymous does not have access to '/apps' folder.
- content page gets rendered properly for anonymous user even when it does not have access to /apps, as per sling script resolution; the script is searched under 'apps' or 'libs'
http://dev.day.com/content/ddc/blog/2010/08/understanding_howsc.html
How does the script gets resolved when the anonymous user does not have access to apps in publish instance?
Does the jsp script gets compiled at a place and loaded from there?
Solved! Go to Solution.
Views
Replies
Total Likes
I think, that it depends a bit on your AEM/Sling version; in versions including AEM 6.0 it's using an admin session, but I guess, sooner or later there will be a service user for this. The process as described on the sling site is correct and it works this way on author and publish, the only drawback you could see is that it doesn't mention the sessions being involved in this.
removing any privilege for the "admin" user doesn't have any effect.
Jörg
Views
Replies
Total Likes
"How does component's jsp gets executed on aem publish instance for anonymous user when anonymous does not have access to '/apps' folder"
If you want anonymous users to be able to run code, extend the correct rights. See:
https://docs.adobe.com/docs/en/cq/5-6-1/administering/security.html
Views
Replies
Total Likes
Hi,
the script resolution process is not using the ResourceResolver attached to the request, but using a different one (with elevated privileges).
Jörg
Views
Replies
Total Likes
Hi Jörg,
Thanks for your reply. Could you please elaborate a bit more? Is there a user with elevated privileges with whose permissions the script gets resolved on publish? Does the sling resolution process https://sling.apache.org/documentation/the-sling-engine/url-to-script-resolution.html work this way only on author?
If we remove the permissions of 'apps' for admin user from author; will the page not work there as well?
Pritam
Views
Replies
Total Likes
I think, that it depends a bit on your AEM/Sling version; in versions including AEM 6.0 it's using an admin session, but I guess, sooner or later there will be a service user for this. The process as described on the sling site is correct and it works this way on author and publish, the only drawback you could see is that it doesn't mention the sessions being involved in this.
removing any privilege for the "admin" user doesn't have any effect.
Jörg
Views
Replies
Total Likes
Thanks Jörg, i tested it by removing the /apps folder permission for a user on author, the page got rendered successfully so i understand that sling script resolution internally uses the admin session to resolve the script and it's does not use the slingRequest user session.
I appreciate it.
Cheers
Pritam
Views
Replies
Total Likes
Views
Likes
Replies