In AEM we tend to write Sling Servlet OSGI Services to expose JSON data using the various service reference properties such as “sling.servlet.paths”, “sling.servlet.resourceTypes”, “sling.servlet.selectors”, and “sling.servlet.extensions”.
Example 1: DirectoriesServlet.Java doGet Servlet Implementation (html extension):
This is an example how a servlet in AEM to retrieve the directories JSON data.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | // example for /content/mysite.directories.html @SlingServlet( resourceTypes = "/apps/mysite/components/page/basepage", selectors = "directory", extensions = "html", methods = "GET") public class MyServlet extends SlingSafeMethodsServlet { @Override protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException { response.setStatus(HttpStatus.OK_200); response.setContentType(APPLICATION_JSON_UTF8); response.setHeader(HttpHeaders.EXPIRES, EXPIRE_IN_SECONDS); response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=" + EXPIRE_IN_SECONDS); String json = new ObjectMapper().writeValueAsString(getDirectories()); response.getWriter().write(json); } } |
Example 2: StoresServlet.Java doGet Servlet Implementation (json extension):
This is an example how a servlet in AEM to retrieve the stores JSON data.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | // example for /content/mysite.stores.json @SlingServlet( resourceTypes = "/apps/mysite/components/page/basepage", selectors = "stores", extensions = "json", methods = "GET") public class MyServlet extends SlingSafeMethodsServlet { @Override protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException { response.setStatus(HttpStatus.OK_200); response.setContentType(APPLICATION_JSON_UTF8); response.setHeader(HttpHeaders.EXPIRES, EXPIRE_IN_SECONDS); response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=" + EXPIRE_IN_SECONDS); String json = new ObjectMapper().writeValueAsString(getStores()); response.getWriter().write(json); } } |
JSON Request:
Typically, multi-channel implementations such as mobile, smartwatches, kiosks, 3rd party websites, etc… will be requesting for JSON data with the path of:
1 2 | /content/mysite.directories.html /content/mysite.stores.json |
As you can tell, the path stated above looks unfinished. In such, Sling Servlet Resolver scripts/paths may not be acceptable to present to the end-users. Revealing custom selectors or custom extensions are not suitable for security reasons and detailed information exposure; this can be easily resolved. We can add a layer of security, and also sugar-coat the revealed scripts/paths by utilising the Apache Web Server’s Rewrite Flag, PT, as one of the many good practises to follow.
What is the Apache Web Server’s Rewrite Flag, PT
The [PT] flag causes the result of the RewriteRule to be passed back through URL mapping as an Alias. Simply the end-users will only see an alias of the JSON file while the request is internally mapped to the correct path to the AEM publisher.
Examples of PT:
1 2 | RewriteRule ^/api/directories.json$ /content/mysite.directories.html [PT,L] RewriteRule ^/api/stores.json$ /content/mysite.stores.json [PT,L] |
Finally, after the Rewrite rule has been set up, multi-channel implementations can request for the JSON with this path:
1 2 | /api/directories.json /api/stores.json |
Also, do remember to add caching strategies for optimize the load against your AEM production publish instances.
This is great!