Cq5 permissions problems viewing content on publish


I'm having a very interesting problem w/ content appearing on my publish instance. Let me just run down the situation and see if anyone can help.

  1. I have an author and publish instance set up.
  2. Authors have and still do successfully replicate items from Author to Publish with no issue.
  3. All of my code base has been migrated over, my jars are fine — i even rebuilt the individual jars in the publish instance crx just to make sure.

——- now for the issue.

I went to publish a new page and it did not show up on the publish instance. It's not a new template or component type, just another page to add to the list. These are the actions I took and what i found. I currently have 2 publish instances set up, but will refer to them synonymously as "publish" since their states appear to be identical.

  1. Activated to publish — did not show up in publish

  2. logged into publish/crx/de/index.jsp to make sure it was replicated properly.

  3. the content did make it fine and is in the proper path in /content

  4. The ACL and access control permissions are the same as all the other content nodes of the same type. (Just to note, those content nodes are perfectly viewable).

  5. No stacktrace errors in my logs. However, when going through the dispatcher I get this error: org.apache.sling.servlets.get.impl.DefaultGetServlet No renderer for extension js, cannot render resource JcrNodeResource, type=XXX, superType=null, path=/content/XXX/jcr:content

  6. I went ahead and logged in as admin in my publish/crx/de and hit the content page in question and everything looked fine. What this means is the content is available to administrators but not anonymous users.

  7. edit: I made sure to check the anonymous context in all 3 instances — both publish instances directly and through dispatcher.

  8. From here I figured it had to be an issue w/ the access control, but the new node has identical permissions to nodes that are available to the anonymous user context.

  9. To check if it was a matter of replication, I went and deactivated some of the other similar nodes, saw they disappeared, reactived them and saw them come back. Following this train of thought I deactived the group (old nodes + my new node) and then reactived them — all the old nodes showed up, and still the same permissions issues w/ the new node.

Is the access control available anywhere else? I'm curious if there are other places for me to look at in order to figure out what's wrong with this piece of content.

thank you,

Best Solution

You can set "read" permissions for the group "everyone". Ultimately, you will want to put a dispatcher in front of your publishers, and prevent public access to your publish instances directly (preferably sitting behind a VPN).

This means that your dispatcher will be denying access to /apps anyway, and your instances will still be secure, and the ACL for the publisher won't really matter as long as an anonymous user can render the page under /content

Related Question