Change user session for Anonymous URLs | Community
Skip to main content
B
bsr78033597
Level 2
July 15, 2020
Solved

Change user session for Anonymous URLs

  • July 15, 2020
  • 1 reply
  • 1248 views

Hi Experts,

 

Is it not possible to intercept a URL ( that is whitelisted for anonymous usage through "Apache Sling Authentication Service" configuration ) in AEM's Sling Filter and change it's User session ?

 

I'm trying to implement it with HttpServletRequestWrapper by adding a valid basic authorization token to request header. But, as I do requestWrapper.getUserPrincipal().getName().toString(), is still returning "anonymous" user. Any idea?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by joerghoh

Hi,

Is my understanding correct that based on certain criteria you want to switch an anonymous session into an authenticated session of a different user?

Technically it should be possible (wrap the HttpRequest and inject a different session), but that's a lot of of work to make it right in all circumstances.

 

What do you want to achieve with that? I am quite sure that there might be a simpler way to solve your requirement.

 

Jörg

1 reply

joerghoh
Adobe Employee
joerghohAdobe EmployeeAccepted solution
Adobe Employee
July 15, 2020

Hi,

Is my understanding correct that based on certain criteria you want to switch an anonymous session into an authenticated session of a different user?

Technically it should be possible (wrap the HttpRequest and inject a different session), but that's a lot of of work to make it right in all circumstances.

 

What do you want to achieve with that? I am quite sure that there might be a simpler way to solve your requirement.

 

Jörg

    B
    bsr78033597Author
    Level 2
    July 23, 2020
    Hi Jörg, yes, you are right. I want an external system to access /bin/querybuilder.json, but since it is an authenticated service, I've taken an approach to creating an anonymous servlet that acts like a controller that collects request, check the header for token, authorize against an external OAuth server and if successful, want to create a system user session and pass it to the Querybuilder API using sling's org.apache.sling.engine.SlingRequestProcessor. Please suggest any better approach.
    Terms & ConditionsAccessibility statement

    Loading footer...