Question

How to enable the permission sensitive caching feature of the dispatcher module ?

Configuration

This feature requires an additional package, that will be deployed inside CQ (you need to code a servlet that respond to the url and return the correct HTTP code). After deployment, checking whether a user is allowed to access some page is done by requesting /bin/permissioncheck.html?uri=<handle>. In order to enable permission sensitive caching, add the following section to your farm in the dispatcher.any configuration file:

# Authorization checker: before a page in the cache is delivered, a HEAD
# request is sent to the URL specified in 'url' with the query string
# '?uri=<page>'. If the response status is 200 (OK), the page is returned
# from the cache. Otherwise, the request is forwarded to the render and
# its response returned.
/auth_checker
  {
  # request is sent to this URL with '?uri=<page>' appended
  /url "/bin/permissioncheck.html"
      
  # only the requested pages matching the filter section below are checked,
  # all other pages get delivered unchecked
  /filter
    {
    /0000
      {
      /glob "*"
      /type "deny"
      }
    /0001
      {
      /glob "*.html"
      /type "allow"
      }
    }
  # any header line returned from the auth_checker's HEAD request matching
  # the section below will be returned as well
  /headers
    {
    /0000
      {
      /glob "*"
      /type "deny"
      }
    /0001
      {
      /glob "Set-Cookie:*"
      /type "allow"
      }
    }
  }

The sample configuration enables checking for html pages only.

Below is some sample code that implement the check for CQ 5, thanks to Dominik :)

/**
* @scr.component metatype="false"
* @scr.service
* @scr.property name="sling.servlet.paths" value="/bin/permissioncheck"
*
*/
public class PermissionHeadServlet extends SlingSafeMethodsServlet {

    private static final Logger log = LoggerFactory.getLogger(PermissionHeadServlet.class);

    public void doHead(SlingHttpServletRequest request, SlingHttpServletResponse response) {
        String uri = request.getParameter("uri");
        Resource test = request.getResourceResolver().getResource(uri);
        if (test != null) {
            response.setStatus(SlingHttpServletResponse.SC_OK);
        } else {
            response.setStatus(SlingHttpServletResponse.SC_UNAUTHORIZED);
        }
    }
}

Applies To

Dispatcher 4.0.2+ and CQ 5.x

Questo prodotto è concesso in licenza in base alla licenza di Attribuzione-Non commerciale-Condividi allo stesso modo 3.0 Unported di Creative Commons.  I post su Twitter™ e Facebook non sono coperti dai termini di Creative Commons.

Note legali   |   Informativa sulla privacy online