Use Case: You want to secure DAM content.
Current Issue: There is no way to configure CUG OOTB on DAM resources.
Solution:
In order for CUG to work we need to have the following properties for DAM asset,
Enabled - cq:cugEnabled
Login Page - cq:cugLoginPage
Principals - cq:cugPrincipals
Realm - cq:cugRealm
For this, we have to customize the DAM Asset Editors forms.
These are stored in a node structure under /libs/dam/content/asseteditors.
For example at /libs/dam/content/asseteditors/application/pdf/formitems is for PDFs,
/libs/dam/content/asseteditors/image/jpeg/formitems is for JPEGs.
First, we need to create the necessary folder structure:
curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam
curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam/content/asseteditors/application/pdf
curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam/content/asseteditors/image/jpeg
curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam/content/asseteditors/image/tiff
Then we can copy the nodes from libs:
curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/ http://localhost:4502/libs/dam/content/asseteditors/formitems
curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/application/pdf/ http://localhost:4502/libs/dam/content/asseteditors/application/pdf/formitems
curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/image/ http://localhost:4502/libs/dam/content/asseteditors/image/formitems
curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/image/jpeg/ http://localhost:4502/libs/dam/content/asseteditors/image/jpeg/formitems
curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/image/tiff/ http://localhost:4502/libs/dam/content/asseteditors/image/tiff/formitems
For the CUG to be properly created, these properties must be set on the protected item’s jcr:content node. By default, the form fields on a DAM Asset Editor form are set on the jcr: content/metadata node, so we need to use a relative path like ../cq:cugEnabled in the form field definition to set the proeprty on the correct node.
However, when the form is rendered, the data used to populate the form fields will only contain the metadata node. As a result, a custom beforeloadcontent listener must be created.
Then we have to add properties for CUG in DAM.
curl commands to create the fields for the image editor:
curl -u admin:admin "-FfieldLabel=CUG Enabled" -FinputValue=true -Fjcr:primaryType=cq:Widget -Fname=../cq:cugEnabled -Ftype=checkbox -Fxtype=selection "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../',''); var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugEnabled
curl -u admin:admin "-FfieldLabel=CUG Login Page" -Fjcr:primaryType=cq:Widget -Fname=../cq:cugLoginPage -Fxtype=pathfield "-Fsuffix=.html" "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../',''); var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugLoginPage
curl -u admin:admin "-FfieldLabel=CUG Admitted Groups" -Fjcr:primaryType=cq:Widget -Fname=../cq:cugPrincipals -Fxtype=multifield -FfieldConfig/displayField=principal -FfieldConfig/filter=groups -FfieldConfig/xtype=authselection "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../',''); var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugPrincipals
curl -u admin:admin "-FfieldLabel=CUG Realm" -Fjcr:primaryType=cq:Widget -Fname=../cq:cugRealm -Fxtype=textfield "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../',''); var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugRealm
This will also need to be run for the generic, PDF, JPEG, and TIFF forms.
After that you can test
Go to http://localhost:4502/, login, and go to the DAM Admin.
Open the Asset Editor for an image.
Enable CUG for the asset and at least specify one group.
Activate the asset.
Now you can go to /system/console/cug on your publish instance (e.g. http://localhost:4503/system/console/cug) and see that the CUG was successfully created on the publish instance.
Note: This might not work in CQ5.6 due to some changes in how composite fieldwork. Please do following to fix that issue
* Remove all the listener node created for cugRealm,cugPrincipals,cugLoginPage,cugEnabled
* Install the simple workaround patch from here
* Clear the browser cache and verify.
No comments:
Post a Comment
If you have any doubts or questions, please let us know.