In order to ensure that AEM installations are as secure as possible, the security checklist recommends disabling WebDAV in production environments.
However, CRXDE Lite depends on the org.apache.sling.jcr.davex bundle to function properly, so disabling WebDAV will effectively disable CRXDE Lite as well.
When this happens, browsing to http://localhost:4502/crx/de/index.jsp will display an empty root node, and all HTTP requests to CRXDE Lite resources will fail:
404 Resource at '/crx/server/crx.default/jcr:root/.1.json' not found: No resource found
While this recommendation is intended to reduce attack surfaces as much as possible, system administrators might sometimes need access to CRXDE Lite in order to browse content or debug issues on production instances.
If disabled, you can turn CRXDE Lite on by following the below procedure:
Go to the OSGi Components console at http://localhost:4502/system/console/components
Search for the following component:
org.apache.sling.jcr.davex.impl.servlets.SlingDavExServlet
Click the wrench icon next to it in order to see its configuration options:
Create the following configuration:
Root path: /crx/server
Tick the box under Use absolute URIs.
Tick the box under Use absolute URIs.
When finished using CRXDE Lite, make sure you disable WebDAV again.
You can also enable CRXDE Lite via cURL, by running this command:
curl -u admin:admin -F "jcr:primaryType=sling:OsgiConfig" -F "alias=/crx/server" -F "dav.create-absolute-uri=true" -F "dav.create-absolute-uri@TypeHint=Boolean" http://localhost:4502/apps/system/config/org.apache.sling.jcr.davex.impl.servlets.SlingDavExServlet
Resources:
For more information on AEM 6 security features, see the following pages:The AEM Security Checklist
Running AEM in Production Ready Mode
No comments:
Post a Comment
If you have any doubts or questions, please let us know.