AEM 6550 - Log AEM Form Login User (j_username) Password (j_password) doing j_security_check Authentication | AEM Community Blog Seeding | Community
Skip to main content
kautuk_sahni
Community Manager
kautuk_sahniCommunity Manager
Community Manager
August 6, 2020

AEM 6550 - Log AEM Form Login User (j_username) Password (j_password) doing j_security_check Authentication | AEM Community Blog Seeding

  • August 6, 2020
  • 1 reply
  • 2371 views

BlogImage.jpg

AEM 6550 - Log AEM Form Login User (j_username) Password (j_password) doing j_security_check Authentication by Sreekanth Choudry Nalabotu

Abstract

If you are unsure the user authentication information like j_username, j_password are passed to /libs/granite/core/content/login.html/j_security_check or being stripped off from the request by intermediate proxies before reaching AEM, you can use the following code to log them...

Solution

Add the following custom authentication handler in a separate bundle (independent of your project) or install this package with the auth handler and log configuration logging to http://localhost:4502/system/console/slinglog/tailer.txt?tail=10000&grep=*&name=%2Flogs%2Feaem-jsecurity.log


package apps.experienceaem.assets;

import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import static org.osgi.framework.Constants.SERVICE_RANKING;

@Component(
service = { AuthenticationHandler.class },
immediate = true,
property = {
SERVICE_RANKING + ":Integer=" + 9999,
AuthenticationHandler.PATH_PROPERTY + "=/libs/granite/core/content/login.html/j_security_check",
AuthenticationHandler.TYPE_PROPERTY + "=" + "EAEM_RECORD_CREDS",
"service.description=Experience AEM Log j_security_check User Password Credentials"
})
public class EAEMRecordUserPassAuthHandler implements AuthenticationHandler, AuthenticationFeedbackHandler {

private static final Logger log = LoggerFactory.getLogger(EAEMRecordUserPassAuthHandler.class);

private static final String REQUEST_METHOD = "POST";
private static final String REQUEST_URL_SUFFIX = "/j_security_check";

@Reference
private SlingRepository repository;

@Reference(target = "(service.pid=com.day.crx.security.token.impl.impl.TokenAuthenticationHandler)")
private AuthenticationHandler wrappedAuthHandler;

public AuthenticationInfo extractCredentials(HttpServletRequest request, HttpServletResponse response) {
if (REQUEST_METHOD.equals(request.getMethod()) && request.getRequestURI().endsWith(REQUEST_URL_SUFFIX)) {
AuthenticationInfo authInfo = wrappedAuthHandler.extractCredentials(request, response);

SimpleCredentials sc = (SimpleCredentials) authInfo.get("user.jcr.credentials");

log.debug("User: " + sc.getUserID() + ", Password : " + new String(sc.getPassword()));

return authInfo;
}

return null;
}

public boolean requestCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
return wrappedAuthHandler.requestCredentials(httpServletRequest, httpServletResponse);
}

public void dropCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
wrappedAuthHandler.dropCredentials(httpServletRequest, httpServletResponse);
}

@Override
public void authenticationFailed(HttpServletRequest request, HttpServletResponse response, AuthenticationInfo authInfo) {
if (wrappedAuthHandler instanceof AuthenticationFeedbackHandler) {
((AuthenticationFeedbackHandler) wrappedAuthHandler).authenticationFailed(request, response, authInfo);
}
}

@Override
public boolean authenticationSucceeded(HttpServletRequest request, HttpServletResponse response, AuthenticationInfo authInfo) {
if (wrappedAuthHandler instanceof AuthenticationFeedbackHandler) {
return ((AuthenticationFeedbackHandler) wrappedAuthHandler).authenticationSucceeded(request, response, authInfo);
}
return false;
}
}

Read Full Blog

AEM 6550 - Log AEM Form Login User (j_username) Password (j_password) doing j_security_check Authentication

Q&A

Please use this thread to ask the related questions.

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

    1 reply

    L
    lmohanrk
    September 28, 2020

    Hi @kautuk_sahni , I am facing below error while trying to use this service. Please let me know if got into similar issue?

    java.lang.ClassCastException: class org.apache.jackrabbit.api.security.authentication.token.TokenCredentials cannot be cast to class javax.jcr.SimpleCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials is in unnamed module of loader org.apache.felix.framework.BundleWiringImpl$BundleClassLoader @2267c547; javax.jcr.SimpleCredentials is in unnamed module of loader org.apache.felix.framework.BundleWiringImpl$BundleClassLoader @2a20564b)
	at com.shared.core.service.impl.AuthorLoginHookAuthenticationHandler.extractCredentials(AuthorLoginHookAuthenticationHandler.java:72)
	at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(AuthenticationHandlerHolder.java:76)
	at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(AbstractAuthenticationHandlerHolder.java:60)
	at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticator.java:735)
	at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:483)
	at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:460)
	at org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:69)
	at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103)
	at org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:406)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:58)
	at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)
	at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1002)
	at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:326)
	at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandler.java:136)
	at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1008)
	at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)
	at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandler.java:136)
	at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1008)
	at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(WhiteboardManager.java:1012)
	at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)
	at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:547)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1607)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1577)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:500)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
	at java.base/java.lang.Thread.run(Thread.java:834)
    Terms & ConditionsAccessibility statement

    Loading footer...