Hi, On Mon, Apr 10, 2017 at 10:15 PM, Andreas Schaefer Sr. <[email protected]> wrote: > ...If I have a servlet that is not based on a resource how would > I secure access in Sling?..
IIUC in your code you check for membership in a specific group - that would probably work but it might be more flexible and manageable to check that the current user has access to a specific "permissions shadow" resource. You could have a /permissions resource with specific children for various operations like /permissions/send-email-to-example_com, and have your servlet check read access to those based on operations names. -Bertrand
