How to Associate CUG with DAM asset in CQ / WEM

Use Case: You want to secure DAM content.

Pre requisite: http://dev.day.com/docs/en/cq/current/howto/create_apply_cug.html

Current Issue: There is no way to configure CUG OOTB on DAM resource.

Solution:

In order for CUG to work we need to have following properties for DAM asset,

1. Enabled - cq:cugEnabled
2. Login Page - cq:cugLoginPage
3. Principals - cq:cugPrincipals
4. Realm - cq:cugRealm

For this we have to customize the DAM Asset Editors forms. 

These are stored in a node structure under /libs/dam/content/asseteditors. 

For example at /libs/dam/content/asseteditors/application/pdf/formitems is for PDFs,

/libs/dam/content/asseteditors/image/jpeg/formitems is for JPEGs.

First, we need to create the necessary folder structure:

curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam

curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam/content/asseteditors/application/pdf

curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam/content/asseteditors/image/jpeg

curl -u admin:admin -Fjcr:primaryType=sling:Folder http://localhost:4502/apps/dam/content/asseteditors/image/tiff


Then we can copy the nodes from libs:

curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/ http://localhost:4502/libs/dam/content/asseteditors/formitems

curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/application/pdf/ http://localhost:4502/libs/dam/content/asseteditors/application/pdf/formitems

curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/image/ http://localhost:4502/libs/dam/content/asseteditors/image/formitems

curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/image/jpeg/ http://localhost:4502/libs/dam/content/asseteditors/image/jpeg/formitems

curl -u admin:admin -F:operation=copy -F:dest=/apps/dam/content/asseteditors/image/tiff/ http://localhost:4502/libs/dam/content/asseteditors/image/tiff/formitems

For the CUG to be properly created, these properties must be set on the protected item’s jcr:content node. By default, the form fields on a DAM Asset Editor form are set on thejcr:content/metadata node, so we need to use a relative path like ../cq:cugEnabled in the form field definition to set the proeprty on the correct node.

However, when the form is rendered, the data used to populate the form fields will only contain the metadata node. As a result, a custom beforeloadcontent listener must be created.

 Then we have to add properties for CUG in DAM.

curl commands to create the fields for the image editor:

curl -u admin:admin "-FfieldLabel=CUG Enabled" -FinputValue=true -Fjcr:primaryType=cq:Widget -Fname=../cq:cugEnabled -Ftype=checkbox -Fxtype=selection "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../','');  var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugEnabled

curl -u admin:admin "-FfieldLabel=CUG Login Page" -Fjcr:primaryType=cq:Widget -Fname=../cq:cugLoginPage -Fxtype=pathfield "-Fsuffix=.html" "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../','');  var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugLoginPage

curl -u admin:admin "-FfieldLabel=CUG Admitted Groups" -Fjcr:primaryType=cq:Widget -Fname=../cq:cugPrincipals -Fxtype=multifield -FfieldConfig/displayField=principal -FfieldConfig/filter=groups -FfieldConfig/xtype=authselection "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../','');  var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugPrincipals

curl -u admin:admin "-FfieldLabel=CUG Realm" -Fjcr:primaryType=cq:Widget -Fname=../cq:cugRealm -Fxtype=textfield "-Flisteners/beforeloadcontent=function(field, record, path) { var targetField=field.getName().replace('../','');  var jcrContentPath=path + '/jcr:content'; var response = CQ.utils.HTTP.get(jcrContentPath +'.json'); eval('var data ='+response.responseText); field.setValue(data[targetField]); return false; }" http://localhost:4502/apps/dam/content/asseteditors/image/formitems/cugRealm

This will also need to be run for the generic, PDF, JPEG, and TIFF forms.

After that you can test

1. Go to http://localhost:4502/, log in, and go to the DAM Admin.
2. Open the Asset Editor for an image.

1. Enable CUG for the asset and at least specify one group.
2. Activate the asset.

Now you can go to /system/console/cug on your publish instance (e.g. http://localhost:4503/system/console/cug) and see that the CUG was successfully created on the publish instance. 

Note: This might not work in CQ5.6 due to some changes in how composite field work. Please do following to fix that issue

* Remove all the listener node created for cugRealm,cugPrincipals,cugLoginPage,cugEnabled 
* Install the simple workaround patch from here
* Clear the browser cache and verify. 

Special Thanks to Justin and Adobe to provide this information.