Wednesday, 11 February 2015

Building Secure Adobe Experience Manager Web Sites

You can create secure Adobe Experience Manager web sites that require users to login in order to view a site's content. AEM supports form-based authentication that requires a web site visitor to enter a user name and password, as shown in the following illustration.


AEM form-based authentication displays a login form (as shown in the previous illustration). When the user fills in the login form and submits the data, AEM stores the successful authentication in a Cookie or an HTTP Session. If the authentication is unsuccessful, then an error message is displayed.

By default, the URL of a form submission has to end with /j_security_check. That is, a login Form Action can POST to <anything>/j_security_check. For example:

<form action="${homePage.path}/j_security_check

The user name and password names must be j_username and j_password. For example:

<div class="form-group">
<label for="j_username">Username</label> <input type="text"
name="j_username">
</div>
<div class="form-group">
<label for="j_password">Password</label> <input type="password"
name="j_password">
</div>

To read this development article, click https://helpx.adobe.com/experience-manager/using/secure_sites.html.

Adobe Digital Marketing Community

Join the Adobe Digital Marketing Community. Start by clicking this banner

About the Author


I (Scott Macdonald) am a Senior Digital Marketing Community Manager at Adobe Systems with over 16 years in the high tech industry. I am also a programmer with knowledge in Java, JavaScript, C#,C++, HTML, XML and ActionScript. If  you would like to see more CQ or other Adobe Digital Marketing end to end articles like this, then leave a comment and let me know what content you would like to see.
TwitterFollow the Digital Marketing Customer Care team on Twitter @AdobeMktgCare.

6 comments:

  1. Hi Scott, Awaiting to see more on this... Not sure whether this is the correct forum but i have a query regarding the usage of AEM for a large scale solution where we deal with millions of user and will AEM internal LDAP be able to handle this volume of user profiles. Won't this be a cluttered view even if we sync with a corporate LDAP. Looking forward to see more on this article and my query :)

    ReplyDelete
    Replies
    1. We are going to do a series of authentication/LDAP articles. This one is the starting point. How to build an AEM secure site that uses form-based authentication.

      Delete
    2. This comment has been removed by the author.

      Delete
  2. This comment has been removed by the author.

    ReplyDelete
  3. I'm curious with how this would work with the dispatcher? We have a secure site and ended up not caching those pages because we found you could bypass the security once the page was cached.

    ReplyDelete
  4. Hey Brain - can you post this question to the online forums at http://help-forums.adobe.com/content/adobeforums/en/experience-manager-forum/adobe-experience-manager.html.

    ReplyDelete