Skip navigation

CQ5

cqlearner
cqlearner Calculating status...
Currently Being Moderated

Querybuilder.json servlet and authorization

May 2, 2012 7:05 PM

Tags: #search #query #querybuilder

Hi all,

 

Does the querybuilder.json servlet acknowledges the user authorization when searching? Can I pass user credential so the Querybulider.json will only return what that user suppose to see ?  If yes, how do i pass user credential via URL ?

 

Any pointers would be greatly appreciated.

1523 Views   10 Replies   Latest reply: cqlearner, May 3, 2012 1:16 PM
 
Replies
  • nicolas peltier
    Currently Being Moderated
    1. nicolas peltier,
    May 3, 2012 12:05 AM   in reply to cqlearner
    Report

    Hi,

     

    querybuilder.json is like every other http service given by cq, authorizing only registered credentials (among which is anonymous)  and retrieving the data that associated JCR session is allowed to read.

     

    if you are in a secured network, or just playing with features, you can use basic auth, e.g.

     

    http://admin:admin@localhost:4502/...

     

    or through curl :

     

    curl -u admin:admin http://localhost:4502/...

     

    There are other ways of authentication (see login page code e.g.)

     
    |
    Mark as:
  • cqlearner
    Currently Being Moderated
    2. cqlearner,
    May 3, 2012 6:36 AM   in reply to nicolas peltier
    Report

    Thank you for the info.

     

    This is what I tried:

     

    Site:

    /content/mysite/sample-press-releases

         -     /content/mysite/sample-press-releases/pressrelease/pr1

         -     /content/mysite/sample-press-releases/pressrelease/pr2

         -     /content/mysite/sample-press-releases/pressrelease/pr3

         -     /content/mysite/sample-press-releases/pressrelease/pr4

     

    User:

    I have a user_A which has read access to pr1 and pr2 only

     

    But when I tried http://user_A:cq123@localhost:4503/bin/querybuilder.json?path=/content /mysite/sample-press-releases&type=cq:Page

    I get all 4 results.  I just want to get pr1 and pr2 which user_A is authorized to view.

     
    |
    Mark as:
  • aklimets
    Currently Being Moderated
    3. aklimets,
    May 3, 2012 7:01 AM   in reply to cqlearner
    Report

    The query builder runs in the user's session and uses the normal jcr query underneath, so all ACLs are respected. I guess your ACLs are not what you think they are.

     
    |
    Mark as:
  • cqlearner
    Currently Being Moderated
    4. cqlearner,
    May 3, 2012 7:17 AM   in reply to aklimets
    Report

    I will check on the ACL.

    Does the publish instance needs to run in author mode for authentication?  I think my publish instance is running as public.

     

    Thanks for the prompt response.

     
    |
    Mark as:
  • nicolas peltier
    Currently Being Moderated
    5. nicolas peltier,
    May 3, 2012 8:50 AM   in reply to cqlearner
    Report

    Yes a publish instance must be readable for an anonymous user, whereas an author instance isn't.

     

    Depending on the runmode (cf. http://www.pro-vision.de/adaptto/downloads/2011_lightning_Runmodes_and _Configs_for_Fun_and_Profit.pdf) the author runmode will redirect anonymous to the login if a resource is not readable to him, the publish runmode will just finish here (and retrieve 404).

     
    |
    Mark as:
  • cqlearner
    Currently Being Moderated
    6. cqlearner,
    May 3, 2012 9:31 AM   in reply to nicolas peltier
    Report

    Here are the results of my experiments:


    Setup:

    Site:

    /content/mysite/sample-press-releases

         -     /content/mysite/sample-press-releases/pressrelease/pr1

         -     /content/mysite/sample-press-releases/pressrelease/pr2

         -     /content/mysite/sample-press-releases/pressrelease/pr3

         -     /content/mysite/sample-press-releases/pressrelease/pr4

     

    User:

    I have a user_A which has read access to pr1 and pr2 only

     

    Author:

    URL: http://user_A:cq5:localhost:4502/bin/querybuilder.json?path=/content/m ysite/sample-press-releases&type=cq:Page

              -     Takes me to login page

              -      Log in as user_A

              -     I see content as expected

                         -     /content/mysite/sample-press-releases/pressrelease/pr1

                         -     /content/mysite/sample-press-releases/pressrelease/pr2

     

    Publish:

    URL: http://user_A:cq5:localhost:4503/bin/querybuilder.json?path=/content/m ysite/sample-press-releases&type=cq:Page

              -    DOES NOT takes me to login page

              -     I see content as unexpected

                         -     /content/mysite/sample-press-releases/pressrelease/pr1

                         -     /content/mysite/sample-press-releases/pressrelease/pr2

                         -     /content/mysite/sample-press-releases/pressrelease/pr3

                         -     /content/mysite/sample-press-releases/pressrelease/pr4

     

    I would want to set up Publish environment in a way that it is only public for local network so their partly applications like portal can make REST query and retrive content based on user credential. Also how do I by pass the user login page? adding http://user_A:cq5:localhost:  didnt work for me.

     

    Thanks for the pointers !!




     
    |
    Mark as:
  • aklimets
    Currently Being Moderated
    7. aklimets,
    May 3, 2012 12:19 PM   in reply to cqlearner
    Report

    As noted, ACLs you create on the author don't get over to a publish automatically, and all activated content is readable by anonymous by default, assuming a public website.

     

    You probably want to look into "closed user groups" to set up ACLs and custom logins on the publish.

     

    http://dev.day.com/docs/en/cq/current/howto/create_apply_cug.html

     
    |
    Mark as:
  • cqlearner
    Currently Being Moderated
    8. cqlearner,
    May 3, 2012 12:43 PM   in reply to aklimets
    Report

    Understood. Closed user groups is good but someone will have to configure it at page level. 

    Is there a way to publish ACL's that I create in author to publish instance? Perhaps, I need to run publish instance in author mode ?

     
    |
    Mark as:
  • Justin Edelson
    252 posts
    Nov 24, 2010
    Currently Being Moderated
    9. Justin Edelson,
    May 3, 2012 1:09 PM   in reply to cqlearner
    Report

    by definition, you can't "run publish instance in author mode"

     

    CUG are the right mechanism to define an ACL on author and have it apply on publish (after replicating the page).

     
    |
    Mark as:
  • cqlearner
    Currently Being Moderated
    10. cqlearner,
    May 3, 2012 1:16 PM   in reply to Justin Edelson
    Report

    Yeah, the reason is explained in this page.

    http://dev.day.com/content/kb/home/cq5/CQ5SystemAdministration/ACLRepl ication.html

     

    I think everyones answer help me wrap this concept around my head. 

     

    Thank you all.

     
    |
    Mark as:
Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Answers + Points = Status

  • 10 points awarded for Correct Answers
  • 5 points awarded for Helpful Answers
  • 10,000+ points
  • 1,001-10,000 points
  • 501-1,000 points
  • 5-500 points