Adobe Experience Manager Sites & More

tim-schwalbe-NZ · 1/23/18

Hi guys,

I am trying to read a config file from a path in JCR. For example apps/company/company/config/rss-config.properties within a servlet/services.

This is working on the author instance but not on publish. Is there a path where to put these files and access them also in the publish instance?

They also should not be accessible for unauthorized people so only from the servlet.

Can you give me a solution or some hints to solve this issue?

The reason for doing this is that we want an author to change the content of the file inside the author instance, so that we don't need a deployment to change config properties.

I know that the normal use case is to do it over the osgi console but its not possible in our case.

Thanks and Br,

Tim

edubey · 1/23/18

Anonymous user will not have access to /apps in publish also it will blocked at dispatcher if you are directly accessing this path.

You can create a system user and use service user mapper to access it.

But I would still like to why proper OSGI config won't work your user case?

View solution in original post

edubey · 1/23/18

Anonymous user will not have access to /apps in publish also it will blocked at dispatcher if you are directly accessing this path.

You can create a system user and use service user mapper to access it.

But I would still like to why proper OSGI config won't work your user case?

tim-schwalbe-NZ · 1/23/18

At the moment we write our osgi config in code and set it via code, but our deployment process is not that mature and we deploy only once a week. So I want a solution to change configuration as an author and not as a administrator or by deploy again.

We have a lot of projects and don't want to go to every project environment and set it via OSGI console.

Maybe there is a better way to enable authors to configure a servlet for example?

Can you point me to an example how to use the system user?

Br,

Tim

edubey · 1/23/18

For service user, you can refer https://helpx.adobe.com/experience-manager/using/aem63_slingmodel.html

https://helpx.adobe.com/experience-manager/using/aem63_slingmodel.html

https://helpx.adobe.com/experience-manager/6-3/sites/administering/using/security-service-users.html

Can you elaborate what are those servlet properties?

Jörg_Hoh · 1/23/18

Hi Tim,

To make your approach work, you have to meet some preconditions:

* As edubey already mentioned, /apps is locked down publish for anonymous users.

* But: on author /apps is typically read-only for users as well. Write permissions are typically only granted for the user you use for deployment, because there is no other reason to write to /apps. And allowing other users to write to /apps is likely to cause problems.

* And finally you have to adjust the filters of your deployment packges not to overwrite your configuration.

Maintaining these properties as OSGI properties is not a good idea either, because in that case the author users will get permissions to modify OSGI configuration. If not done properly (which is not that easy) this user can create configuration for all OSGI configurations. That's not what you want.

For your usecase you should consider to use Sling Context Aware Configuration [1], which solves most (if not all) of these issues quite nicely.

Jörg

[1] Apache Sling :: Apache Sling Context-Aware Configuration