Hi If I have a servlet that is not based on a resource how would I secure access in Sling?
This is what I came up with on doPost(): userManager = AccessControlUtil.getUserManager(session); Authorizable authorizable = userManager.getAuthorizable(request.getUserPrincipal()); if(authorizable == null) { // handle anonymous user return; } boolean ok = false; if("admin".equals(authorizable.getID())) { ok = true; } else { Iterator<Group> i = authorizable.declaredMemberOf(); while(i.hasNext()) { Group group = i.next(); if("sling-node".equals(group.getID())) { ok = true; break; } } } if(!ok) { // Handle wrong permissions return; }