Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Unsecured Page or anonymous page access

suresh_kumar_ve
Level 2
Level 2

Hi All, I am working on AEM 5.6.1 and trying to grant anonymous/unsecured(access the page without logging in) page access in author instance. 

Had granted read permission to the test page as shown in the attachment[img]access.jpg[/img]

Please suggest what is that I need to modify to get this accessed by anonymous users without logging into the CQ author instance.

Thanks.

-Suresh Kumar.

1 Accepted Solution
Sham_HC
Correct answer by
Level 10
Level 10

What is your usecase? Seems something not correct to have everyone access for few pages at author instance. 

However along with permission You need to select "Allow Anonymous Access" at http://localhost:4502/system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuthenticator

View solution in original post

7 Replies
Sham_HC
Correct answer by
Level 10
Level 10

What is your usecase? Seems something not correct to have everyone access for few pages at author instance. 

However along with permission You need to select "Allow Anonymous Access" at http://localhost:4502/system/console/configMgr/org.apache.sling.engine.impl.auth.SlingAuthenticator

View solution in original post

suresh_kumar_ve
Level 2
Level 2

fantastic !! Thanks Sham, it worked fine and also I have narrowed the read permission only to the test page, removing read access for content also and still it works fine.

UseCase: We have healthcheck impl for which we need the script to access an static AEM page anonymously to check if the system is up and running fine(heartbeat).

Sham_HC
Level 10
Level 10

For use case You can use existing page [1] for it depending on aem version.

[1]  http://<host>:<port>/libs/cq/core/content/login.html

http://<host>:<port>//libs/granite/core/content/login.html

suresh_kumar_ve
Level 2
Level 2

Thanks Sham, agreed with your response.

But, in my case the client needs the url strictly to be

http://[host]:8080/health/heartbeat

- which does not contain any /content,

- should run on specified port by their standard

- no extension 

- anonymously accessible

So, I had to create sling match for this url and anonymously accessible as you briefed.

Please clarify, is there any security threat if I have enabled anonymous read access to few required pages in our environments ?

Thanks.

Suresh.

Sham_HC
Level 10
Level 10

Configure vanity url with /health/heartbeat

suresh_kumar_ve
Level 2
Level 2

Sham, I tried configuring vanity URL with "/health/heartbeat" but it does not work but it works if it is just one word ex: heartbeat

and from Forum I saw it is a known issue with Vanity URL having restrictions and so went ahead with sling:internalRedirect.

anupamp17770278
Level 2
Level 2

I was able to apply the anonymous access to a single page, but the clientlibs are not loading/blocked, not even the OOTB ones e.g. /etc/clientlibs/foundation/personalization/kernal due to the anonymous access, I suppose these urls(clientlibs) also need anonymous access, there are at-least 15 of them blocked. I provided the access to each which is a tiring job, and could still not achieve the access properly as it asked to login when I added  /etc/clientlibs/foundation/personalization/kernal, any way I can achieve this?