Example 1: DirectoriesServlet.Java doGet Servlet Implementation (html extension):
This is an example of how a servlet in AEM retrieves the directories JSON data.
// example for /content/mysite.directories.html
@SlingServlet(
resourceTypes = "/apps/mysite/components/page/basepage",
selectors = "directory",
extensions = "html",
methods = "GET")
public class MyServlet extends SlingSafeMethodsServlet {
@Override
protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException {
response.setStatus(HttpStatus.OK_200);
response.setContentType(APPLICATION_JSON_UTF8);
response.setHeader(HttpHeaders.EXPIRES, EXPIRE_IN_SECONDS);
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=" + EXPIRE_IN_SECONDS);
String json = new ObjectMapper().writeValueAsString(getDirectories());
response.getWriter().write(json);
}
}
Example 2: StoresServlet.Java doGet Servlet Implementation (json extension):
This is an example of how a servlet in AEM retrieves the stores JSON data.
// example for /content/mysite.stores.json
@SlingServlet(
resourceTypes = "/apps/mysite/components/page/basepage",
selectors = "stores",
extensions = "json",
methods = "GET")
public class MyServlet extends SlingSafeMethodsServlet {
@Override
protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException {
response.setStatus(HttpStatus.OK_200);
response.setContentType(APPLICATION_JSON_UTF8);
response.setHeader(HttpHeaders.EXPIRES, EXPIRE_IN_SECONDS);
response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=" + EXPIRE_IN_SECONDS);
String json = new ObjectMapper().writeValueAsString(getStores());
response.getWriter().write(json);
}
}
JSON Request:
Typically, multi-channel implementations such as mobile, smartwatches, kiosks, 3rd party websites, etc… will be requesting JSON data with the path of:
/content/mysite.directories.html
/content/mysite.stores.json
As you can tell, the path stated above looks unfinished. As such, Sling Servlet Resolver scripts/paths may not be acceptable to present to the end-users. Revealing custom selectors or custom extensions are not suitable for security reasons and detailed information exposure; this can be easily resolved. We can add a layer of security, and also sugar-coat the revealed scripts/paths by utilizing the Apache Web Server’s Rewrite Flag, PT, as one of the many good practices to follow.
What is the Apache Web Server’s Rewrite Flag, PT
The [PT] flag causes the result of the RewriteRule to be passed back through URL mapping as an Alias. Simply the end-users will only see an alias of the JSON file while the request is internally mapped to the correct path to the AEM publisher.
The [PT] flag causes the result of the RewriteRule to be passed back through URL mapping as an Alias. Simply the end-users will only see an alias of the JSON file while the request is internally mapped to the correct path to the AEM publisher.
Examples of PT:
RewriteRule ^/api/directories.json$ /content/mysite.directories.html [PT,L]
RewriteRule ^/api/stores.json$ /content/mysite.stores.json [PT,L]
Finally, after the Rewrite rule has been set up, multi-channel implementations can request for the JSON with this path:
/api/directories.json
/api/stores.json
In summary, this is a standard way to secure your Servlets in AEM, and also to sugar-coat an AEM site’s Sling Servlet Resolver scripts/paths.
Also, do remember to add caching strategies to optimize the load against your AEM production publish instances.
RewriteRule ^/api/directories.json$ /content/mysite.directories.html [PT,L]
RewriteRule ^/api/stores.json$ /content/mysite.stores.json [PT,L]
Finally, after the Rewrite rule has been set up, multi-channel implementations can request for the JSON with this path:
/api/directories.json
/api/stores.json
In summary, this is a standard way to secure your Servlets in AEM, and also to sugar-coat an AEM site’s Sling Servlet Resolver scripts/paths.
Also, do remember to add caching strategies to optimize the load against your AEM production publish instances.
No comments:
Post a Comment
If you have any doubts or questions, please let us know.