Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Unsecured Page or anonymous page access

Avatar

Level 2

Hi All, I am working on AEM 5.6.1 and trying to grant anonymous/unsecured(access the page without logging in) page access in author instance. 

Had granted read permission to the test page as shown in the attachment[img]access.jpg[/img]

Please suggest what is that I need to modify to get this accessed by anonymous users without logging into the CQ author instance.

Thanks.

-Suresh Kumar.

1 Accepted Solution

Avatar

Correct answer by
Level 10

What is your usecase? Seems something not correct to have everyone access for few pages at author instance. 

However along with permission You need to select "Allow Anonymous Access" at http://localhost:4502/system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuthenticator

View solution in original post

7 Replies

Avatar

Correct answer by
Level 10

What is your usecase? Seems something not correct to have everyone access for few pages at author instance. 

However along with permission You need to select "Allow Anonymous Access" at http://localhost:4502/system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuthenticator

Avatar

Level 2

fantastic !! Thanks Sham, it worked fine and also I have narrowed the read permission only to the test page, removing read access for content also and still it works fine.

UseCase: We have healthcheck impl for which we need the script to access an static AEM page anonymously to check if the system is up and running fine(heartbeat).

Avatar

Level 10

For use case You can use existing page [1] for it depending on aem version.

[1]  http://<host>:<port>/libs/cq/core/content/login.html

http://<host>:<port>//libs/granite/core/content/login.html

Avatar

Level 2

Thanks Sham, agreed with your response.

But, in my case the client needs the url strictly to be

http://[host]:8080/health/heartbeat

- which does not contain any /content,

- should run on specified port by their standard

- no extension 

- anonymously accessible

So, I had to create sling match for this url and anonymously accessible as you briefed.

Please clarify, is there any security threat if I have enabled anonymous read access to few required pages in our environments ?

Thanks.

Suresh.

Avatar

Level 10

Configure vanity url with /health/heartbeat

Avatar

Level 2

Sham, I tried configuring vanity URL with "/health/heartbeat" but it does not work but it works if it is just one word ex: heartbeat

and from Forum I saw it is a known issue with Vanity URL having restrictions and so went ahead with sling:internalRedirect.

Avatar

Level 5

I was able to apply the anonymous access to a single page, but the clientlibs are not loading/blocked, not even the OOTB ones e.g. /etc/clientlibs/foundation/personalization/kernal due to the anonymous access, I suppose these urls(clientlibs) also need anonymous access, there are at-least 15 of them blocked. I provided the access to each which is a tiring job, and could still not achieve the access properly as it asked to login when I added  /etc/clientlibs/foundation/personalization/kernal, any way I can achieve this?