Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Why is OOTB currentuser.json API called so many times on AEM Publisher?

Avatar

Level 4

Hello,

I've created a Splunk report that counts all requests to AEM Publisher with the same path. I've noticed in the report that we are getting 28k+ requests towards "/libs/granite/security/currentuser.json" daily.

I would like to understand why is that so, and if this is expected OOTB behaviour? In our codebase we are not calling this API, so it must be something OOTB. But then again, why would we fetch current user info on publisher if we don't have login funcionalities. We are on the latest version of AEMaaCS.

Screenshot 2024-09-26 at 12.29.44.png

 

Thanks for the help,

Daniel

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

It is second most hit request on our publish based on your query.
Another thing, I checked and this is not whitelisted directly on our application dispatcher i.e <project_domain>/libs/granite/security/currentuser.json doesn't work, but is only allowed in publish filters so https://publish-xxxx-xxxx.adobeaemcloud.com/libs/granite/security/currentuser.json still works, and nothing seems to be breaking so far.
Hope this helps.  

View solution in original post

4 Replies

Avatar

Community Advisor

It is listed in dispatcher security checklist https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/getting-started/secur... so I would assume that this is needed for some internal functionality probably contexthub or CUG. 
I checked in our Splunk logs and we also have "HEAD" requests for the same. So, I would assume this is expected and should be fine.

Avatar

Level 4

Thanks for the hint @h_kataria, I also see that Dispatcher logs contain user info.

I still don't really understand why this is needed, but looks like to it is expected behaviour.

Here is the Spunk query if you can please confirm that this is expected to be one of the requests with the highest number of calls on AEM Publisher.

index=`your_index` sourcetype=aemrequest aem_env_type=prod aem_tier=publish aem_env_id=`your_env_id` earliest=-2d@d latest=@d
| eval Period = if(_time > relative_time(now(),"-1d@d"), "Yesterday","Day Before Yesterday")
| stats count(eval(Period="Yesterday")) as "Yesterday"
count(eval(Period="Day Before Yesterday")) as "Day Before Yesterday"
by path
| rename path AS "Request Path"
| sort -Yesterday
| head 20

 

Avatar

Correct answer by
Community Advisor

It is second most hit request on our publish based on your query.
Another thing, I checked and this is not whitelisted directly on our application dispatcher i.e <project_domain>/libs/granite/security/currentuser.json doesn't work, but is only allowed in publish filters so https://publish-xxxx-xxxx.adobeaemcloud.com/libs/granite/security/currentuser.json still works, and nothing seems to be breaking so far.
Hope this helps.  

Avatar

Employee Advisor

I think that this AEM CS.

 

This request is done by the monitoring, and therefor an internal implementation detail of AEM CS.