April 1, 2020
Estimated Post Reading Time ~

How to Associate CUG with DAM asset in CQ / WEM

Use Case: You want to secure DAM content.

Current Issue: There is no way to configure CUG OOTB on DAM resources.
Solution:
In order for CUG to work we need to have the following properties for DAM asset,

Enabled - cq:cugEnabled
Login Page - cq:cugLoginPage
Principals - cq:cugPrincipals
Realm - cq:cugRealm
For this, we have to customize the DAM Asset Editors forms. 

These are stored in a node structure under /libs/dam/content/asseteditors. 

For example at /libs/dam/content/asseteditors/application/pdf/formitems is for PDFs,
/libs/dam/content/asseteditors/image/jpeg/formitems is for JPEGs.

First, we need to create the necessary folder structure:
curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam

curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam/content/asseteditors/application/pdf

curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam/content/asseteditors/image/jpeg

curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam/content/asseteditors/image/tiff

Then we can copy the nodes from libs:
curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/ http://localhost:4502/libs/dam/content/asseteditors/formitems

curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/application/pdf/ http://localhost:4502/libs/dam/content/asseteditors/application/pdf/formitems

curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/image/ http://localhost:4502/libs/dam/content/asseteditors/image/formitems

curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/image/jpeg/ http://localhost:4502/libs/dam/content/asseteditors/image/jpeg/formitems

curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/image/tiff/ http://localhost:4502/libs/dam/content/asseteditors/image/tiff/formitems

For the CUG to be properly created, these properties must be set on the protected item’s jcr:content node. By default, the form fields on a DAM Asset Editor form are set on the jcr: content/metadata node, so we need to use a relative path like ../cq:cugEnabled in the form field definition to set the proeprty on the correct node.

However, when the form is rendered, the data used to populate the form fields will only contain the metadata node. As a result, a custom beforeloadcontent listener must be created.

Then we have to add properties for CUG in DAM.

curl commands to create the fields for the image editor:
curl -u admin:admin "-FfieldLabel=CUG Enabled" -FinputValue=true -Fjcr:primaryType=cq:Widget -Fname=../cq:cugEnabled -Ftype=checkbox -Fxtype=selection "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../',''); var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugEnabled

curl -u admin:admin "-FfieldLabel=CUG Login Page" -Fjcr:primaryType=cq:Widget -Fname=../cq:cugLoginPage -Fxtype=pathfield "-Fsuffix=.html" "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../',''); var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugLoginPage

curl -u admin:admin "-FfieldLabel=CUG Admitted Groups" -Fjcr:primaryType=cq:Widget -Fname=../cq:cugPrincipals -Fxtype=multifield -FfieldConfig/displayField=principal -FfieldConfig/filter=groups -FfieldConfig/xtype=authselection "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../',''); var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugPrincipals

curl -u admin:admin "-FfieldLabel=CUG Realm" -Fjcr:primaryType=cq:Widget -Fname=../cq:cugRealm -Fxtype=textfield "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../',''); var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugRealm

This will also need to be run for the generic, PDF, JPEG, and TIFF forms.

After that you can test
Go to http://localhost:4502/, login, and go to the DAM Admin.
Open the Asset Editor for an image.

Enable CUG for the asset and at least specify one group.
Activate the asset.

Now you can go to /system/console/cug on your publish instance (e.g. http://localhost:4503/system/console/cug) and see that the CUG was successfully created on the publish instance. 
Note: This might not work in CQ5.6 due to some changes in how composite fieldwork. Please do following to fix that issue

* Remove all the listener node created for cugRealm,cugPrincipals,cugLoginPage,cugEnabled 
* Install the simple workaround patch from here
* Clear the browser cache and verify. 


By aem4beginner

No comments:

Post a Comment

If you have any doubts or questions, please let us know.