Adobe Experience Manager Sites & More

Uppari_Ramesh · 9/3/23

Hi Team,

I have a requirement for my servlets where I need to verify the end user access in AEM user group. If he is part of some xyz AEM group then only I want to allow him/her to access some /content resource. If he is not part of xyz group then I want to to reject the user request saying unauthorized.

I have 10 servlets created and for all the servlets I need to create a one Servlet FILTER as a pre-processer to verify him/her against user group access.

I want to create a single filter for all servlets where I need to verify the user for AEM user group access in the FILTER itself. If he is part of XYZ group then allow him to access the original servlet and content. If he is not reject the request in filter itself by giving 401.

Now how can I create the Servlet Filter for this use case?

@lukasz-m @anchal

Thanks,

Ramesh

Nupur_Jain · 9/4/23

Hi @Uppari_Ramesh

When you create Servlet Filter, You get an option to specify the requests for which the filter should be called like

@Component(
        service = Filter.class,
        property = { EngineConstants.SLING_FILTER_SCOPE + "=REQUEST",
                EngineConstants.SLING_FILTER_PATTERN + "="
                        + "/content(/dam)?/myproject/(\\w{2})/(\\w{2})(/.*)?",
                Constants.SERVICE_RANKING + ":Integer=1" })
public class RequestFilter implements Filter {

You can always specify regex as shown above to specify all servlet paths for which the filter should be called.

There are other as well like sling.filter.resource.pattern, sling.filter.selectors, sling.filter.extensions mentioned in https://sling.apache.org/documentation/the-sling-engine/filters.html which can help you specify your requests better.

If you register servlets by resourceType, you can use property sling.filter.resourceTypes where you can specify the whole list of all resourceTypes of servlet.

Hope it helps!

Thanks

Nupur

View solution in original post

B_Sravan · 9/3/23

Hi @Uppari_Ramesh ,

you can target all of your servlets with the resourceType mentioned in the filter declaration "sling.filter.resourceTypes" or other filter patterns no?

documentation: https://sling.apache.org/documentation/the-sling-engine/filters.html

Regards,

Sravan

Nupur_Jain · 9/4/23

Hi @Uppari_Ramesh

When you create Servlet Filter, You get an option to specify the requests for which the filter should be called like

@Component(
        service = Filter.class,
        property = { EngineConstants.SLING_FILTER_SCOPE + "=REQUEST",
                EngineConstants.SLING_FILTER_PATTERN + "="
                        + "/content(/dam)?/myproject/(\\w{2})/(\\w{2})(/.*)?",
                Constants.SERVICE_RANKING + ":Integer=1" })
public class RequestFilter implements Filter {

You can always specify regex as shown above to specify all servlet paths for which the filter should be called.

There are other as well like sling.filter.resource.pattern, sling.filter.selectors, sling.filter.extensions mentioned in https://sling.apache.org/documentation/the-sling-engine/filters.html which can help you specify your requests better.

If you register servlets by resourceType, you can use property sling.filter.resourceTypes where you can specify the whole list of all resourceTypes of servlet.

Hope it helps!

Thanks

Nupur

mahi1729 · 9/4/23

Assuming these are custom servlets not bound by resource type, but are registered by paths, I suggest having a custom config attached to the filter where you can manage servlet paths and allowed groups, so inside your code one filter can validate different paths against the groups associated for authorization. However do remember that this works only for author and not publisher as publisher exposes content in anonymous fashion by default. Hope this insight helps. Thanks

Adobe Experience Manager Sites & More

Sling Servlet Filter to verify user group access

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe