CQ5.6 - CUG enabling for protecting pages breaks other components - aem

We have implemented login functionality like geometrixx site in our existing website(with close to 700+ pages).
We want to show protected pages only to logged in user, every user who is registered gets assigned a group/ CUG lets say "listed users".
now in page hierarchy I have products page and under product page I have 8 products pages.somewhere On homepage I have a nav bar component which fetches all product children pages and shows a left nav bar with 8 entries.
If I enable CUG in a way that only "listed users" should have access to 2 out of 8 product pages, any access to direct links are redirected to login page. Which is fine.
But the nav bar component which earlier used to show all 8 product pages now shows only 6 pages.
The main idea behind putting pages behind login is lead generation.So if non logged in users dont see the link itself where would they click to get redirected to login page and subsequently feel like registering with our site.
Requirement is that my existing nav bar should continue showing 8 links and on click of 2 protected page links, he should get login/ register option.
We are using most of things Out of the Box.
any pointers helping in how do we achieve this would be great help ? PS: i have given a nav bar as one such component affected in existing site like this there could be many more components fetching their content from site hierarchy and stand chance to get broken in such case.

There are two entities involved, JCR and Sling.By default any un-authenticated request is associated with a user called Anonymous, the JCR sessions will have ACL's associated with anonymous.
In JCR, if a user does not have access to nodes, that session will not see those nodes.We access the JCR via Sling ,by default if you don't have permission the request will result in a 404 error(because for underlying JCR session the resource does not exist). Sling can be explicitly instructed to request for authentication for specific paths.
The combination of these concepts are leveraged to create the CUG functionality. Sling is instructed to force for authentication for CUG enabled pages. The JCR is instructed to show these nodes only for users who have access.
When you directly request the product pages without login, it is sling that is redirecting you to login page. When your navigation component is looping over nodes to create the menu for anonymous users JCR is only showing it 6 pages as the other two are out of reach for anonymous.
The only* way to work around this is to make the Navigation component configurable. Instead of node iteration, the content author will have to configure the the url and page title so that the links show up for everyone.
You can ignore the session associated with the request and use a custom JCR session that has access to all the product pages, but that would be disregarding the ACLs and you don't want to do that .

The nav bar can pick up all child pages as per page structure. That should not restrict the page title display on the nav bar.
As for the pages the access can be controlled by template level page properties by adding the 'listed users' group over there. In the jsp you can give an initial check for the user if they are a member of 'listed users' else redirect to login page
Hope that helps

Thanks for all your suggestions
Below is how we ended up doing it.
- Protect the page you want to enable CUG with proper CUG.
- Hide the page in nav.
- Create a redirect page in same hierarchy with same title as the one you wanted to protect.redirect it to your protected page.

Related

caching of personalized content pages in AEM 6.1

We are on AEM 6.1 and we have personalized content on the home page of our website based on the user profile attributes. Section of page is personalized using the out of box teaser functionality where we can browse the campaigns. When the home page gets loaded, I believe it makes the ajax call to load the personalized content from campaigns. What i need to confirm is when it loads the page, content is cached in dispatcher, and section of page which comes from campaigns, gets cached in /content/campaigns directory. if this is true then every personalized page will be pulled from cq publisher first time and other times this will be served from dispatcher. So in overall, home page content will be cached in two places. one is /content/homepage(regular content) and personalized content in /content/campaigns in dispatcher. And when home page request comes again, cq will collate the content from above two dispatcher locations and show the final page content on home page.
Can somebody please confirm this?
Yes , the OOTB teaser component loads the campaigns via javascript. Hence the page can be cached and it would still load the right campaigns. If you check the source of a page which has the teaser component , you'll see that it'll have a call to a function called initializeTeaserLoader with details of the campaigns to be displayed in that location and the path to the associated user segments. The campaign to be displayed is then fetched via an ajax call.

Display pages tree

I have problem with showing tree of display pages in display pages section of web content creation form.
I created some pages with asset publishers on them. I set these publishers to be the default asset publishers for these pages. I created these pages and asset publishers under role admin. When I open display pages section in creation form of any web content it shows me site map where can I see pages on which is asset publisher, see image:
You can see that black color is for pages with asset publishers.
But when I login with another user I cannot expand this tree. The only thing I can see is "1st level" of this site map:
I tried to add all possible rights to this user, all possible rights to any resources but without assigning role "administrator" for this user I cannot browse this tree.
When I click on little "plus icon" in this tree I can see that it is making request on "/c/layouts_admin/get_layouts" but in request I can see only html which is telling me that I haven't sufficient roles to obtain right content.
I made some investigation. I tried to make request under this user from jsonws api ("/api/jsonws?signature=%2Flayout%2Fget-layouts-6-groupId-privateLayout-parentLayoutId-incomplete-start-end"). I tried the same method with same parameters as they were in request from site map tree and it returned me right content.
So from "Choose Display Page" window it tells me that I haven't good role but when I call api from jsonws with same parameters it returns me good result. Where can be problem?
Thanks,
Patrik
Hi dear Add this Snippet in com.liferay.portal.struts.PortalRequestProcessor.java
processRoles(HttpServletRequest, HttpServletResponse, ActionMapping)
After user O bject is Created.
if(user!=null){
if(path.equals("/layouts_admin/get_layouts")){
return true;
}
}

How to hide a page based on the logged-in user in CQ5?

I want to hide a page in navigation component based on the logged in user. I have two approaches in mind. Set permissions on the page's node in CRX-DE; denying it for all users; and then allowing it for specific groups. I have been trying it; not found much success. Else; I can get the id of the logged in user in the jsp and based on the user group; I can set the page's property 'Hide in Navigation' . But I am not able to find how to set that property in jsp. Please suggest.
Edit:
I am using the default authentication.I wanted to hide a page from navigation in the default 'list' component. If I use CUG; the users belonging to that group will still be able to see that particular page's link in the list component; and would be asked for login on clicking on that page.I want the link itself to be hidden if the user belonged to a particular group
Thanks.
If you are using the default authentication features in AEM (like Geometrixx), which rely on users that exist in AEM, you can use Closed User Groups. CUG allows you to set what users or groups can or cannot see a specific page. You can see where to set CUGs in the page properties dialog for each page. I'm pretty sure CUG settings inherit down the page hierarchy as well.
Using the JCR permissions for this is a good deal more complex, because it's such a low-level architectural thing. However, for more complex solutions, sometimes it's a necessary part of the equation.
I agree with ryanluka that going for JCR permissions should be avoided when the problem can be solved by much simpler approach. I modified the list.jsp of the default list component. Extracted the login user's id using Userpropertiesutil; and based on the group; wrote the code in jQuery to remove that particular page's div from list component.

TYPO3 restricted page is accessible from url

I am using TYPO3 and i have a restricted area for members.
If a guest knows the URL of a restricted page in the members area, he is able to see its content. That's not the way it should be.
Do you know how to fix this issue?
If you have a restricted area, you should have at least one FE usergroup created and this usergroup should be assigned at Access tab of your members only page. If you want subpages of this page to be restricted as well, you have to set Extend to subpages checkbox on that tab.

passing variables into new page tab installations

I would like to build a customized Facebook page tab for other page owners to instal onto their Facebook pages. Each page tab will need to have its own ID in the links that lead out of the page tab in order for us to track that page activity.
For example each page tab will have a list of products that link to the relevant product pages on an external website. Each of those links will have a unique ID parameter to we can track clicks and purchases. [e.g http://www.mydomain.com/products/product123.aspx?userid=12345]
So I need to create the userid variable in the link. Possibly using GET (or Request.QueryString for asp) to receive from the initial page tab installation.
From what i can see I might be able to use the app_data parameter to pass data over to the page, but when i tried it, it didn't work.
This is what i am using to install the page tabs
[https://www.facebook.com/dialog/pagetab?app_id=YOUR_APP_ID&app_data=12345]
I thought that this will pass the userid over to the new page tab, but it doesnt seem to work.
If anyone could point me in the right direction i would be very grateful.
Cheers
From what i can see I might be able to use the app_data parameter to pass data over to the page, but when i tried it, it didn't work.
This is what i am using to install the page tabs [https://www.facebook.com/dialog/pagetab?app_id=YOUR_APP_ID&app_data=12345]
But you are aware, that appending &app_data=12345 does not mean you will get a GET parameter by the name 'app_data', right …?
The app_data will be passed as a property inside the signed_request parameter – so you’ll have to decode that one, and inside you’ll find your app_data value.
Why does 'each page tab' need to have an ID?
The Page ID should be enough for you to determine which content to show (and it's passed to your app on each page load via the signed_request, and the page ID is also passed back to your app in the callback to the pagetab dialog
You could also request manage_pages Permission from the user to determine the list of pages they administer and if your app is installed on each