Approach
Make the service API available on the Author node (not the Publish node). If your Author node resides inside a firewall, then only internal clients have access to. Instead of coding SlingServlet (see references) in CQ, we can choose to code JSP and have it been accessed through the standard sling URL decomposition. Sling then looks for a special property on that node named "sling:resourceType", then Sling will look under /apps (then /lib) to find a script according to the value of "sling:resouorceType".
Without writing a SlingServlet, we can simply code a JSP file using CRXDE Lite, and have the java code on the JSP page to be invoked. The example is to have a JSP to be invoked from the web. Its responsibility is to clear Dispatcher cache via curl command behind the scene. To invoke the JSP deployed on the Author node:
http://localhost:4502/apps/company/tools/dispatcher/invalidate?url=http://dictionary.company.com/definition/master-validity.html
However, for accessibility on Author node, you must remember to poke a hole on the Author node so accessing the above said API (JSP) won't require username and password credential. Also, for security concern, remember not to replicate such .jsp node to your Publish node unless it's necessary.
To poke a hole, you need:
to give read access to 'everyone' group for accessing the node that you have the jsp code, and
to give read access to 'everyone' group for accessing any other node(s) that you referenced by the jsp code, and
config 'Apache Sling Authentication Service' so that access to the jsp node won't trigger authentication.
Give read access to 'everyone' group for the JSP node and other nodes:
http://localhost:4502/useradmin
search for 'everyone'
double-click on 'everyone' group
click on 'permissions' tab of 'everyone' group
navigate to the folder(s) and check 'read'
save
Config 'Apache Sling Authentication Service' so that access to the node won't trigger authentication:
http://localhost:4502/system/console/configMgr
Find and click on 'Apache Sling Authentication Service'
In 'Authentication Requirements' field, add '-' followed by the relative path you'd like authentication be disabled for. e.g. '-/apps/tools/dispatcher/invalidate'
Save
References
Configuring Anonymous access for Sling Servlet
CQ Tips and Tricks #1 – How to define a SlingServlet [CQ5.5-5.6]
How to write a custom SlingServlet
http://localhost:4502/useradmin
search for 'everyone'
double-click on 'everyone' group
click on 'permissions' tab of 'everyone' group
navigate to the folder(s) and check 'read'
save
Config 'Apache Sling Authentication Service' so that access to the node won't trigger authentication:
http://localhost:4502/system/console/configMgr
Find and click on 'Apache Sling Authentication Service'
In 'Authentication Requirements' field, add '-' followed by the relative path you'd like authentication be disabled for. e.g. '-/apps/tools/dispatcher/invalidate'
Save
References
Configuring Anonymous access for Sling Servlet
CQ Tips and Tricks #1 – How to define a SlingServlet [CQ5.5-5.6]
How to write a custom SlingServlet
No comments:
Post a Comment
If you have any doubts or questions, please let us know.