DEV Community: Avi Dalal

Safeguarding Third-Party Integrations: Secure HTTP Calls in AEM as a Cloud

Avi Dalal — Wed, 21 Jun 2023 18:16:38 +0000

Introduction:
In today's digital landscape, integrating with third-party systems is crucial for delivering seamless and personalized experiences. However, ensuring the security of these integrations is paramount. In this blog post, we will explore a robust solution that allows Adobe Experience Manager (AEM) as a Cloud users to make secure third-party HTTP calls using certificates, safeguarding sensitive data and maintaining the integrity of their AEM deployments.

Section 1: The Challenge of Secure Third-Party Integrations
Integrating third-party systems into AEM as a Cloud brings numerous benefits, but it also introduces security concerns. Unsecured HTTP calls can expose sensitive data and compromise the integrity of the entire system. Therefore, a comprehensive security mechanism is crucial to protect against potential vulnerabilities.

Section 2: Introducing the Solution: Creating Service Users and Keystores
To establish secure integrations, we need to start by creating a service user in AEM as a Cloud. The service user acts as a bridge between AEM and the third-party API. Follow these steps to create the service user:

Create the file in the following directory structure:

path:
../ui.config/src/main/content/jcr_root/apps/[your-project-name]/osgiconfig/config

Name the file with the following convention:

org.apache.sling.jcr.repoinit.RepositoryInitializer~[generic-name].cfg.json

Open the file and add the necessary configurations. For example, you can include the OSGi configuration JSON object that we discussed earlier:

{
    "scripts": [
        "create path (sling:OrderedFolder) /content/dam/[folder-name]",
        "create path (nt:unstructured) /content/dam/[folder-name]/jcr:content",
        "set properties on /content/dam/[folder-name]/jcr:content\n  set cq:conf{String} to /conf/[folder-name]\n  set jcr:title{String} to \"[folder-name]\"\nend",
        "create service user [your-service-user-name]\n set ACL for [your-service-user-name]\n allow jcr:read on /content \nend"
    ]
}

In the above code, replace [folder-name] with a generic folder name and [your-service-user-name] with a generic service user name.

add config file to map the user service

user.mapping=["[project-name].core:[your-service-user-name]\=[[your-service-user-name]]"]

name the file somthing like that:

org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-[project-name-service-user-name].config

Section 3: Storing Certificates in Keystores
Once the service user is created, we need to store the certificates in keystores within AEM as a Cloud. To accomplish this, follow these steps:

Extract the necessary information, list the aliases in a PFX keystore, it will prompt for the keystore password. Run the following command in a command prompt or terminal:

keytool -v -list -keystore certificatename.pfx

Replace certificatename.pfx with the actual filename of your PFX file. Enter the password for the PFX file when prompted.

You can access the trust store by going to Tools -> Security -> Users

the complete guide of uploading the pfx : here

create a class to get the keystore

package [your-project-name].core.utils;

import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;

import javax.security.auth.login.LoginException;

import org.apache.sling.api.SlingIOException;
import org.apache.sling.api.resource.ResourceResolver;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

import com.adobe.granite.keystore.KeyStoreNotInitialisedException;
import com.adobe.granite.keystore.KeyStoreService;

@Component(service = PrivateKeyCertificate.class)
public class PrivateKeyCertificate {

    @Reference
    private KeyStoreService keyStoreService;

    public KeyStore getKeyStore(ResourceResolver resourceResolver) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException, LoginException, org.apache.sling.api.resource.LoginException, IOException {
        KeyStore keyStore = keyStoreService.getKeyStore(null, "[service-user-name]");
        return keyStore;
    }
}

With the extracted alias and password, use the following code snippet to generate the SSL socket factory:

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.KeyManagementException;
import java.security.UnrecoverableKeyException;

public class SSLFactoryUtil {

    public static SSLSocketFactory setKeyStoreSSLFactories(KeyStore keyStore, String keystoreType, char[] keyStorePassword) throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException {

        KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

        keyFactory.init(keyStore, keyStorePassword);

        KeyManager[] keyManagers = keyFactory.getKeyManagers();

        SSLContext sslContext = SSLContext.getInstance("SSL");

        sslContext.init(keyManagers, null, null);
        SSLContext.setDefault(sslContext);

        return sslContext.getSocketFactory();
    }
}

Replace [your-project-name] with the appropriate name for your project or module. Customize the code according to your specific requirements.

Section 4: Applying Secure HTTP Calls in AEM as a Cloud
Now that we have the necessary components, let's utilize them to establish secure HTTP calls in AEM as a Cloud. Use the following code snippet as an example:

import [your-project-name].core.utils.PrivateKeyCertificate;
import javax.inject.Inject;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.ResourceResolver;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.HttpsURLConnection;
import java.io.InputStream;
import java.net.URL;

public class YourServlet {

    @Inject
    PrivateKeyCertificate privateKeyCertificate;

    protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) {
        try {
            ResourceResolver resourceResolver = request.getResourceResolver();
            KeyStore keyStore = privateKeyCertificate.getKeyStore(resourceResolver);
            char[] keyStorePassword = "your_keystore_password".toCharArray(); // Replace with your keystore password
            SSLSocketFactory sslSocketFactory = SSLFactoryUtil.setKeyStoreSSLFactories(keyStore, "JKS", keyStorePassword);

            // URL of the target resource
            URL targetUrl = new URL("https://www.example.com");

            // Open HTTPS connection
            HttpsURLConnection connection = (HttpsURLConnection) targetUrl.openConnection();
            connection.setSSLSocketFactory(sslSocketFactory);

            try (InputStream is = connection.getInputStream()) {
                // Process the input stream
            }

            // Rest of your servlet code...
        } catch (Exception e) {
            // Handle exception
        }
    }
}

Customize the code to fit your specific requirements, including the project name, keystore password, target URL, and processing of the input stream.

Conclusion: Advancing Integrations with Enhanced Security
In this blog post, we explored a comprehensive solution for making secure third-party HTTP calls from AEM as a Cloud using certificates. By following the step-by-step instructions, AEM users can strengthen the security of their integrations, protecting sensitive data and maintaining the trust of their users. Secure integrations are vital in today's digital landscape, and by implementing this solution, organizations can confidently connect with third-party systems while ensuring data confidentiality and integrity.

We hope this blog post equips you with the knowledge and tools to secure your AEM as a Cloud integrations. If you have any questions or would like to share your experiences, feel free to leave a comment below. Secure integrations await!

Dynamic Navigation in AEM using Sling Models and HTL

Avi Dalal — Sat, 11 Mar 2023 21:38:44 +0000

Navigation is an important part of any website or application, allowing users to easily navigate between pages and access the content they're interested in. However, creating and maintaining a navigation menu can be a challenging task, especially for larger websites with many pages. In this article, we'll explore how to create a dynamic navigation menu in AEM using Sling Models and HTL.

What is Sling Models?

Sling Models is a powerful framework for creating Java-based models that map to AEM content. With Sling Models, you can easily create POJOs (Plain Old Java Objects) that represent AEM content and expose them as adaptable services to other components and templates.

Sling Models makes it easy to work with AEM content in a type-safe and efficient way, without having to deal with the complexities of the underlying JCR (Java Content Repository) API.

What is HTL?

HTL (HTML Template Language) is the recommended templating language for AEM, providing a lightweight and efficient way to generate HTML output from Sling Models and other data sources. HTL is easy to learn and use, and provides a number of powerful features for creating dynamic and responsive web pages.

Building a Dynamic Navigation Menu with Sling Models and HTL

To build a dynamic navigation menu in AEM, we'll need to follow a few key steps:

Create a Sling Model to represent the navigation data
Build an HTL template to display the navigation menu
Include the navigation menu in your page using the Sling Model and HTL template
Let's take a closer look at each step in turn.

Step 1: Create a Sling Model for the Navigation Data

The first step in building a dynamic navigation menu is to create a Sling Model that maps to the navigation data in AEM. In this example, we'll create a NavigationModel class that retrieves the current page and its siblings, and builds a list of NavigationItem objects that represent each page in the navigation menu.

Here's an example implementation of the NavigationModel class:



@Model(adaptables = Resource.class)
public class NavigationModel {

    @Inject
    private PageManager pageManager;

    private List<NavigationItem> items;

    @PostConstruct
    protected void init() {
        Page currentPage = pageManager.getContainingPage(context.resource());
        if (currentPage != null) {
            items = buildNavigation(currentPage);
        }
    }

    public List<NavigationItem> getItems() {
        return items;
    }

    private List<NavigationItem> buildNavigation(Page currentPage) {
        List<NavigationItem> navigationItems = new ArrayList<>();
        Iterator<Page> siblings = currentPage.listChildren();
        while (siblings.hasNext()) {
            Page sibling = siblings.next();
            if (sibling.isVisible()) {
                navigationItems.add(new NavigationItem(sibling));
            }
        }
        return navigationItems;
    }

    public static class NavigationItem {
        private String title;
        private String url;
        private boolean isActive;
        private List<NavigationItem> children;

        public NavigationItem(Page page) {
            this.title = page.getTitle();
            this.url = page.getPath() + ".html";
            this.isActive = page.isSelf(currentPage);
            if (page.listChildren().hasNext()) {
                this.children = buildNavigation(page);
            }
        }

        // Getters for title, url, isActive, and children
    }
}

In this code, we create a Sling Model called `NavigationModel that uses the @Model annotation to mark the class as a Sling Model. We inject a PageManager object to retrieve the current page and its siblings, and use the @PostConstruct annotation to initialize the items list with the results of the buildNavigation method.

The buildNavigation method iterates over the siblings of the current page, creates a NavigationItem object for each visible sibling, and adds it to the navigationItems list. If the sibling page has children, the method recursively calls itself to build a nested navigation menu.

The NavigationItem class represents a single item in the navigation menu, and includes properties for the item's title, URL, whether it is currently active, and any child navigation items.

Step 2: Build an HTL Template to Display the Navigation Menu

With our Sling Model in place, we can now create an HTL template that displays the navigation menu. The template will use the data-sly-use attribute to include the NavigationModel Sling Model, and will iterate over the items list to generate the HTML for each navigation item.

Here's an example HTL template for the navigation menu:

In this code, we use the data-sly-use attribute to include the NavigationModel Sling Model, and create a navigation variable that maps to the Sling Model instance. We then use the data-sly-repeat attribute to iterate over the items list, and generate HTML for each navigation item.

The data-sly-if attribute is used to check if the current navigation item has any child navigation items, and if so, generate a nested ul element for the child items.

Step 3: Include the Navigation Menu in Your Page

With our Sling Model and HTL template in place, we can now include the navigation menu in our page. To do this, we'll need to create a new component that includes the HTL template and exposes the NavigationModel Sling Model as an adaptable service.

Here's an example implementation of the navigation component:

/apps/myproject/components/navigation - navigation.html - NavigationModel.java

In this code, we create a new AEM component called navigation under the /apps/myproject/components directory. The component includes two files: navigation.html, which contains the HTL template, and NavigationModel.java, which contains the Sling Model implementation.

To include the navigation menu in a page, we can simply drag-and-drop the navigation component onto the page in AEM's edit mode. The component will render the navigation menu using the HTL template and the NavigationModel Sling ModelOnce we have added the navigation component to our page, we can preview the page to see the navigation menu in action. The menu will dynamically display the current page and its siblings, along with any child navigation items.

If we need to customize the behavior or appearance of the navigation menu, we can modify the NavigationModel Sling Model or the HTL template as needed. For example, we might add support for multi-level navigation menus, or modify the HTML structure of the menu to better match our design.

By using a Sling Model and an HTL template, we can create a dynamic and flexible navigation menu that is easy to customize and maintain. The Sling Model separates the logic for building the navigation menu from the presentation layer, while the HTL template provides a flexible and powerful way to generate HTML output based on the Sling Model data.

Overall, this approach can help us create more maintainable and reusable components in AEM, and can simplify the process of building complex UI elements like navigation menus.