Sling Servlets in AEM

 

SLING SERVLETS IN AEM

 

Writing a Sling Servlet in AEM is one of the basic building block to start working with AEM.

Sling servlet are basically used when developers need to make ajax call and want to get response in form of json. There are two ways in which a developer can register a servlet:

 

1.    Using path (“/bin/custom/path”)

2.    Resource type and Selector (“geometrixx/components/homepage”)

 

Servlet in AEM can be registered as OSGi service: we can extend SlingSafeMethodsServlet for read-only implementation or SlingAllMethodsServlet in order to implement all RESTFul operations.

 

SlingSafeMethodsServlet - Used for HTTP methods that are idempotent.

SlingAllMethodsServlet – Used for write operations.

1. Using Path

 

@SuppressWarnings("serial")

@SlingServlet(paths = "/bin/socialservlet")

public class RolloutUrlServlet extends SlingAllMethodsServlet{

       protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException {

              JSONArray jsonArray = new JSONArray();

              JSONObject obj = new JSONObject(); 

              try {               

                     obj.put("url1","www.linkedin.com");

                     obj.put("url2","www.facebook.com");

                     obj.put("url3","www.instagram.com");

                     jsonArray.put(obj);

                     response.setContentType("application/json");

                     response.getWriter().write(jsonArray.toString());

                    

              } catch (JSONException e) {

                     e.printStackTrace();

              }            

       }

       }

 

Open http://localhost:4502/bin/socialservlet to get the json response.

 

 

2. Using resource type and selector

 

@SuppressWarnings("serial")

@SlingServlet(resourceTypes = "geometrixx/components/homepage",

selectors = "data",

extensions = "html",

methods = "GET",

metatype =true)

public class SimpleServlet extends SlingSafeMethodsServlet {

@Reference     

private Repository repository;     

@Override     

protected void doGet(final SlingHttpServletRequest req, final SlingHttpServletResponse resp) throws ServletException, IOException {         

resp.setContentType("application/json");         

String keys[] = repository.getDescriptorKeys();

JSONObject jsonobject = new JSONObject();            

for(int i=0;i<keys.length;i++) {

try {

Jsonobject.put(keys[i], repository.getDescriptor(keys[i]))

} catch(JSONException e) {

       e.printStackTrace();

}

       }

Resp.getWriter().write(jsonobject.toString());

}

}

 

Developer can hit http://localhost:4502/content/geometrixx/en.data.html to get the json response.

Adobe recommends using resourceType instead of using path because of following reasons:-

 

1.     When we register a servlet using path, we must be specific what all paths are allowed, If we define something randomly, our servlet might not be function properly.

Only a limited set of paths are allowed and the rest are blocked. We can add more path using Apache Sling Servlet / Script Resolver and Error Handler as follow:

 

Go to http://localhost:4502/system/console/configMgr, and search for apache sling servlet/Script Resolver and Error Handler

 

 

Here we can add more paths but,

 

2.     Allowing more paths to execute servlet make you application vulnerable. That’s why you should not open more doors for servlets to run until and unless it is required.

 

3.     You might also need to tell specific paths to your consumers, who are consuming servlet response using ajax and any change in that path could have a serious affect. This might not be the case when you use resourceType.

      4.     Sling Engine will take care of permissions if you register servlet using Resource Type. Users who cannot access a particular resource will not be able to invoke the servlet.