What's the correct way of storing passwords in AEM?

Question

I have an OSGI service/service implementation combo to store the GTM codes.

I have some passwords that's stored in .java files at the moment. To make it more secure, I followed the same technique used on the GTM codes to create an OSGI config (acessible via configMgr). I have no problems accessing it on my component class (com.myhost.core.impl.view.component.mycomponent).

The issue I have is I cannot access the password config in a servlet.

This lead me to believe that perhaps I'm doing it wrong.

So I searched the net and came across this article (https://aemhq.com/posts/aem-encryption-101-how-to-encrypt-a-shared-secret/).

3 questions

Is what I originally did best practice?
If yes, how can I access the OSGI config from a servlet?
How do I know which filename to use for the XML if I were to use the techniques mentioned in the link? Can I arbitrarily used whatever filename I want?

I actually have tried question 3. I followed the article. I created a new XML (filename=com.myhost.core.services.impl.whatever.xml) file inside ui.apps/src/main/content/jcr_root/apps/myhost/configs/config.author.localhost and used the xml below as the contents of the file. I installed the compiled maven package (.zip) but I cannot see the new XML in CRXDE (/apps/myhost/configs/config.author.localhost).

<?xml version="1.0" encoding="UTF-8"?>
<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0"
xmlns:jcr="http://www.jcp.org/jcr/1.0" jcr:primaryType="sling:OsgiConfig"
username="mySampleUsername"
encryptedpassword="{89cb4befeb375b865332fed9bbde85b8842a2318be4901851c3b5a0495c49f13dad8b4cfd38a6fa26f07ea361ea4994e}"/>

Thanks for the help!

BrijeshYadav · Accepted Answer

1. I think Crypto Support provided by Adobe, so it should according to a standard guideline. in addition to your article, you can also read more about crypto support https://www.argildx.com/crypto-support-aem/

2. You can read configurations in servlet via ConfigurationAdmin.

@Reference
private ConfigurationAdmin configAdmin;

private static final String LOGGER_FACTORY_PID = "org.apache.sling.commons.log.LogManager.factory.config";

@Override
protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException {

Configuration loggerFactoryConfig = configAdmin.getConfiguration(LOGGER_FACTORY_PID);

}

I would recommend creating OSGi service along with the OSGi configuration of the same name and use that service in servlet.

3. Name of the configurations file can be the arbitrary name but if you have created OSGi service then the configurations file name should be same as the service name. Read here more about OSGi configurations Configuring OSGi.

4. Check your filter package filter.xml, you might have forgotten to add xml file

arunpatidar · Answer

Hi,Yes you can use OOTB encryption to store password.To access any factory or service configuration you can check below: aem63app-repo/ReadOsgiRepoConfImpl.java at master · arunpatidar02/aem63app-repo · GitHub but you can access encryption configs as mentioned in the articleyou can create sling:OsgiConfig osgi config inside repo with node name of PID for your service and to access its configs you should use service reference.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded