Adobe Experience Manager Sites & More

daniel-strmecki · 9/26/24

Hello,

I've created a Splunk report that counts all requests to AEM Publisher with the same path. I've noticed in the report that we are getting 28k+ requests towards "/libs/granite/security/currentuser.json" daily.

I would like to understand why is that so, and if this is expected OOTB behaviour? In our codebase we are not calling this API, so it must be something OOTB. But then again, why would we fetch current user info on publisher if we don't have login funcionalities. We are on the latest version of AEMaaCS.

Thanks for the help,

Daniel

h_kataria · 9/26/24

It is second most hit request on our publish based on your query.
Another thing, I checked and this is not whitelisted directly on our application dispatcher i.e <project_domain>/libs/granite/security/currentuser.json doesn't work, but is only allowed in publish filters so https://publish-xxxx-xxxx.adobeaemcloud.com/libs/granite/security/currentuser.json still works, and nothing seems to be breaking so far.
Hope this helps.

View solution in original post

h_kataria · 9/26/24

It is listed in dispatcher security checklist https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/getting-started/secur... so I would assume that this is needed for some internal functionality probably contexthub or CUG.
I checked in our Splunk logs and we also have "HEAD" requests for the same. So, I would assume this is expected and should be fine.

daniel-strmecki · 9/26/24

Thanks for the hint @h_kataria, I also see that Dispatcher logs contain user info.

I still don't really understand why this is needed, but looks like to it is expected behaviour.

Here is the Spunk query if you can please confirm that this is expected to be one of the requests with the highest number of calls on AEM Publisher.

index=`your_index` sourcetype=aemrequest aem_env_type=prod aem_tier=publish aem_env_id=`your_env_id` earliest=-2d@d latest=@d
| eval Period = if(_time > relative_time(now(),"-1d@d"), "Yesterday","Day Before Yesterday")
| stats count(eval(Period="Yesterday")) as "Yesterday"
count(eval(Period="Day Before Yesterday")) as "Day Before Yesterday"
by path
| rename path AS "Request Path"
| sort -Yesterday
| head 20

h_kataria · 9/26/24

It is second most hit request on our publish based on your query.
Another thing, I checked and this is not whitelisted directly on our application dispatcher i.e <project_domain>/libs/granite/security/currentuser.json doesn't work, but is only allowed in publish filters so https://publish-xxxx-xxxx.adobeaemcloud.com/libs/granite/security/currentuser.json still works, and nothing seems to be breaking so far.
Hope this helps.

Jörg_Hoh · 9/29/24

I think that this AEM CS.

This request is done by the monitoring, and therefor an internal implementation detail of AEM CS.

Adobe Experience Manager Sites & More

Why is OOTB currentuser.json API called so many times on AEM Publisher?

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe