By default anonymous users in Adobe Experience Manager(AEM) will have the read access to content, so the content can be accessed via dispatcher/publisher directly without providing any credential.
This blog will explain how to restrict the content access to only authenticated users via dispatcher(including cached content) and publisher.
Remove the access of Anonymous user for a content node in publisher
This blog will explain how to restrict the content access to only authenticated users via dispatcher(including cached content) and publisher.
Remove the access of Anonymous user for a content node in publisher
Create a user sample1 in publisher and provide the read access for the content node (Multiple users can be created based on the requirement)
Enable the authentication in dispatcherExecute the below command to create the password file and add the user - htpasswd -c /etc/httpd/conf/dispatcher.htaccess sample1 (enter the same password used in the publisher for sample1)
Command to add the users to the existing password file - htpasswd /etc/httpd/conf/dispatcher.htaccess sample2 (Multiple users can be created as per requirement, make sure the users are also created in publisher with same credentials)
Add the below configurations in httpd.conf file
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/httpd/conf/dispatcher.htaccess
Require valid-user
Make sure the below-mentioned line is commented out in httpd.conf file
#RequestHeader unset Authorization
Securing the cached content:
Refer the following Adobe blog to enable the same - https://docs.adobe.com/docs/en/dispatcher/permissions-cache.html
Make sure you are merging the existing /filter section with /auth_checker -/filter section in dispatcher.any file.
Enable the authentication in dispatcherExecute the below command to create the password file and add the user - htpasswd -c /etc/httpd/conf/dispatcher.htaccess sample1 (enter the same password used in the publisher for sample1)
Command to add the users to the existing password file - htpasswd /etc/httpd/conf/dispatcher.htaccess sample2 (Multiple users can be created as per requirement, make sure the users are also created in publisher with same credentials)
Add the below configurations in httpd.conf file
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/httpd/conf/dispatcher.htaccess
Require valid-user
Make sure the below-mentioned line is commented out in httpd.conf file
#RequestHeader unset Authorization
Securing the cached content:
Refer the following Adobe blog to enable the same - https://docs.adobe.com/docs/en/dispatcher/permissions-cache.html
Make sure you are merging the existing /filter section with /auth_checker -/filter section in dispatcher.any file.
No comments:
Post a Comment
If you have any doubts or questions, please let us know.