We are not able to access the /apps data in the pathfield if we give the rootpath=/apps in AEM 6.4.2. http://localhost:4502/apps.ext.json?_dc=1587623884633&predicate=siteadmin&_charset_=utf-8&node=xnode-34 always returns blank data.
We have checked the permissions of the /apps folder and tried giving all the permissions to everyone group but its not working.
It's best NOT to allow access to the /apps folder, especially to the everyone group. This will open yourself up to security vulnerabilities.
Instead, to get a JSON representation of the contents for the given folder, you should create a Sling Servlet. You must create a system user, set ACL permissions, and configure the Apache sling Service User Mapper Service Amendment (tutorial); or a more streamlined and automated way, use the ACS Commons Ensure Authorizable to set these things up.
https://localhost:4503/home.appsfolder.json; you can use this strategy to sugar coat or to change the formatting of the URL when delivering the content.
Binding servlets by paths has several disadvantages when compared to binding by resource types, namely:
path-bound servlets cannot be access-controlled using the default JCR repository ACLs
path-bound servlets can only be registered to a path and not a resource type (i.e. no suffix handling)
if a path-bound servlet is not active, e.g. if the bundle is missing or not started, a POST might result in unexpected results. usually creating a node at /bin/xyz which subsequently overlays the servlets path binding
the mapping is not transparent to a developer looking just at the repository