Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

We are not able to access the /apps data in the pathfield if we give the rootpath=/apps in AEM 6.4.2

textlang
Level 2
Level 2

We are not able to access the /apps data in the pathfield if we give the rootpath=/apps in AEM 6.4.2. http://localhost:4502/apps.ext.json?_dc=1587623884633&predicate=siteadmin&_charset_=utf-8&node=xnode-34 always returns blank data.

 

We have checked the permissions of the /apps folder and tried giving all the permissions to everyone group but its not working.

 

Kindly suggest.

Thanks,

Ni**bleep**a Sikaria

1 Accepted Solution
BrianKasingli
Correct answer by
Community Advisor
Community Advisor

Hi @textlang,

It's best NOT to allow access to the /apps folder, especially to the everyone group. This will open yourself up to security vulnerabilities.

Instead, to get a JSON representation of the contents for the given folder, you should create a Sling Servlet. You must create a system user, set ACL permissions, and configure the Apache sling Service User Mapper Service Amendment (tutorial); or a more streamlined and automated way, use the ACS Commons Ensure Authorizable to set these things up.

https://localhost:4503/home.appsfolder.json; you can use this strategy to sugar coat or to change the formatting of the URL when delivering the content.

Example:

 

@Component(service = Servlet.class)
@SlingServletResourceTypes(
        resourceTypes = "sling/servlet/default",
        methods = METHOD_GET,
        extensions = "json",
        selectors = "appsfolder")
public class AppsFolderServlet extends SlingSafeMethodsServlet {

    @Override
    protected void doGet(SlingHttpServletRequest req, SlingHttpServletResponse res) throws IOException {
        res.setContentType(APPLICATION_JSON_UTF8);
        res.setStatus(SlingHttpServletResponse.SC_OK);
        List<Folder> folders = getFolders(req);
        String json = new ObjectMapper().writeValueAsString(pageItems);
        res.getWriter().write(json);
    }

    private List<Folder> getFolders() {
        ...
        return folder;
    }
}

 

 

Caveats when binding servlets by path:

Binding servlets by paths has several disadvantages when compared to binding by resource types, namely:

  • path-bound servlets cannot be access-controlled using the default JCR repository ACLs
  • path-bound servlets can only be registered to a path and not a resource type (i.e. no suffix handling)
  • if a path-bound servlet is not active, e.g. if the bundle is missing or not started, a POST might result in unexpected results. usually creating a node at /bin/xyz which subsequently overlays the servlets path binding
  • the mapping is not transparent to a developer looking just at the repository

Documentation: https://sling.apache.org/documentation/the-sling-engine/servlets.html#caveats-when-binding-servlets-...

I hope this works. 

View solution in original post

1 Reply
BrianKasingli
Correct answer by
Community Advisor
Community Advisor

Hi @textlang,

It's best NOT to allow access to the /apps folder, especially to the everyone group. This will open yourself up to security vulnerabilities.

Instead, to get a JSON representation of the contents for the given folder, you should create a Sling Servlet. You must create a system user, set ACL permissions, and configure the Apache sling Service User Mapper Service Amendment (tutorial); or a more streamlined and automated way, use the ACS Commons Ensure Authorizable to set these things up.

https://localhost:4503/home.appsfolder.json; you can use this strategy to sugar coat or to change the formatting of the URL when delivering the content.

Example:

 

@Component(service = Servlet.class)
@SlingServletResourceTypes(
        resourceTypes = "sling/servlet/default",
        methods = METHOD_GET,
        extensions = "json",
        selectors = "appsfolder")
public class AppsFolderServlet extends SlingSafeMethodsServlet {

    @Override
    protected void doGet(SlingHttpServletRequest req, SlingHttpServletResponse res) throws IOException {
        res.setContentType(APPLICATION_JSON_UTF8);
        res.setStatus(SlingHttpServletResponse.SC_OK);
        List<Folder> folders = getFolders(req);
        String json = new ObjectMapper().writeValueAsString(pageItems);
        res.getWriter().write(json);
    }

    private List<Folder> getFolders() {
        ...
        return folder;
    }
}

 

 

Caveats when binding servlets by path:

Binding servlets by paths has several disadvantages when compared to binding by resource types, namely:

  • path-bound servlets cannot be access-controlled using the default JCR repository ACLs
  • path-bound servlets can only be registered to a path and not a resource type (i.e. no suffix handling)
  • if a path-bound servlet is not active, e.g. if the bundle is missing or not started, a POST might result in unexpected results. usually creating a node at /bin/xyz which subsequently overlays the servlets path binding
  • the mapping is not transparent to a developer looking just at the repository

Documentation: https://sling.apache.org/documentation/the-sling-engine/servlets.html#caveats-when-binding-servlets-...

I hope this works. 

View solution in original post