Sugar Coat Registered AEM Servlet Scripts and Paths Endpoint

In AEM we tend to write Sling Servlet OSGI Services to expose JSON data using the various service reference properties such as “sling.servlet.paths”, “sling.servlet.resourceTypes”, “sling.servlet.selectors”, and “sling.servlet.extensions”.

Example 1: DirectoriesServlet.Java doGet Servlet Implementation (html extension):
This is an example how a servlet in AEM to retrieve the directories JSON data.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
// example for /content/mysite.directories.html
@SlingServlet(
    resourceTypes = "/apps/mysite/components/page/basepage",
    selectors = "directory",
    extensions = "html",
    methods = "GET")
public class MyServlet extends SlingSafeMethodsServlet {
    @Override
    protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException {
        response.setStatus(HttpStatus.OK_200);
        response.setContentType(APPLICATION_JSON_UTF8);
        response.setHeader(HttpHeaders.EXPIRES, EXPIRE_IN_SECONDS);
        response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=" + EXPIRE_IN_SECONDS);
        String json = new ObjectMapper().writeValueAsString(getDirectories());
        response.getWriter().write(json);
    }
}

Example 2: StoresServlet.Java doGet Servlet Implementation (json extension):
This is an example how a servlet in AEM to retrieve the stores JSON data.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
// example for /content/mysite.stores.json
@SlingServlet(
    resourceTypes = "/apps/mysite/components/page/basepage",
    selectors = "stores",
    extensions = "json",
    methods = "GET")
public class MyServlet extends SlingSafeMethodsServlet {
    @Override
    protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException {
        response.setStatus(HttpStatus.OK_200);
        response.setContentType(APPLICATION_JSON_UTF8);
        response.setHeader(HttpHeaders.EXPIRES, EXPIRE_IN_SECONDS);
        response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=" + EXPIRE_IN_SECONDS);
        String json = new ObjectMapper().writeValueAsString(getStores());
        response.getWriter().write(json);
    }
}

JSON Request:
Typically, multi-channel implementations such as mobile, smartwatches, kiosks, 3rd party websites, etc… will be requesting for JSON data with the path of:

1
2
/content/mysite.directories.html
/content/mysite.stores.json

As you can tell, the path stated above looks unfinished. In such, Sling Servlet Resolver scripts/paths may not be acceptable to present to the end-users. Revealing custom selectors or custom extensions are not suitable for security reasons and detailed information exposure; this can be easily resolved. We can add a layer of security, and also sugar-coat the revealed scripts/paths by utilising the Apache Web Server’s Rewrite Flag, PT, as one of the many good practises to follow.

What is the Apache Web Server’s Rewrite Flag, PT

The [PT] flag causes the result of the RewriteRule to be passed back through URL mapping as an Alias. Simply the end-users will only see an alias of the JSON file while the request is internally mapped to the correct path to the AEM publisher.

Examples of PT:

1
2
RewriteRule ^/api/directories.json$ /content/mysite.directories.html [PT,L]
RewriteRule ^/api/stores.json$ /content/mysite.stores.json [PT,L]

Finally, after the Rewrite rule has been set up, multi-channel implementations can request for the JSON with this path:

1
2
/api/directories.json
/api/stores.json
In summary, this is a standard way to secure your Servlets in AEM, and also to sugar-coat an AEM site’s Sling Servlet Resolver scripts/paths.

Also, do remember to add caching strategies for optimize the load against your AEM production publish instances.


Looking for Help? Or need a mentor?

If you need help to super drive your AEM career road map, you can hire me for a one-hour session on codementor.io; We can work together on a price works just for you. https://www.codementor.io/@briankasingli. I'd be happy to help you along your way to becoming a high-quality AEM full-stack engineer.

Was this post helpful?

Hello, I am an enthusiastic Adobe Community Advisor and a seasoned Lead AEM Developer. I am currently serving as an AEM Technical Lead at MNPDigital.ca, bringing over a decade of extensive web engineering experience and more than eight years of practical AEM experience to the table. My goal is to give back to the AEM Full Stack Development community by sharing my wealth of knowledge with others. You can connect with me on LinkedIn.

One thought on “Sugar Coat Registered AEM Servlet Scripts and Paths Endpoint

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top