How to Configure Anonymous Access to SlingServlet | Community
Skip to main content
A
Anonymous
October 16, 2015
Solved

How to Configure Anonymous Access to SlingServlet

  • October 16, 2015
  • 5 replies
  • 4955 views

Hi there

I’ve written a custom SlingServlet that transforms custom XML feeds into RSS format.  I’ve deployed the servlet and can hit it directly when logged in into AEM via a URL like http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz.  That call returns an xml document.

Now, I'm trying to use that servlet call as the value for the "URL" field in the Feed Importer e.g.:

However, the polling importer is returning a HTTP 401; here is the output from the logs:

19.12.2013 15:11:35.462 *INFO* [ObservationManager] com.day.cq.polling.importer.impl.PollingImporterImpl addResource: Registering PollConfig PollConfig(/etc/importers/polling/1_1387483895125): scheme=rss,source=http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz,target=/content/usergenerated/content/,interval=1800s,enabled=true

19.12.2013 15:11:35.464 *INFO* [ObservationManager] com.day.cq.cq-polling-importer Service [PollConfig(/etc/importers/polling/1_1387483895125): scheme=rss,source=hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz,target=/content/usergenerated/content/,interval=1800s,enabled=true,3353] ServiceEvent REGISTERED

19.12.2013 15:11:35.469 *INFO* [pool-6-thread-5] com.day.cq.polling.importer.impl.PollingImporterImpl importData: Importing data from rss:hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz to /content/usergenerated/content/ as admin by com.adobe.cq.social.blog.impl.importer.FeedImporter@2c4bbdb7

19.12.2013 15:11:35.469 *INFO* [pool-6-thread-5] com.adobe.cq.social.blog.impl.importer.FeedImporter fetching feed 'hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz'

19.12.2013 15:11:35.476 *INFO* [127.0.0.1 [1387483895476] GET /bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

19.12.2013 15:11:35.496 *INFO* [pool-6-thread-5] org.apache.commons.httpclient.auth.AuthChallengeProcessor basic authentication scheme selected

19.12.2013 15:11:35.497 *INFO* [pool-6-thread-5] org.apache.commons.httpclient.HttpMethodDirector No credentials available for BASIC 'Sling (Development)'@localhost:4502

19.12.2013 15:11:35.497 *WARN* [pool-6-thread-5] com.adobe.cq.social.blog.impl.importer.FeedImporter Could not fetch feed 'http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz'. The requested resource could not be found. HTTP Response code was:401

 

My question is, how do I resolve this?  Only AEM will ever call this servlet, specifically the AEM Feed Importer, so how do I give it access?  Alternatively, how do I configure anonymous access to the sling servlet?  I've read a lot of Sling documentation, but don't see a clear way of how to do this.

 

Thanks in advance

KRB

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by smacdonald2008

We have an example of a outside client hitting a Sling Servlet that does not require authentication. See this article:

http://helpx.adobe.com/experience-manager/using/post_files.html

5 replies

smacdonald2008
smacdonald2008Accepted solution
Level 10
October 16, 2015

We have an example of a outside client hitting a Sling Servlet that does not require authentication. See this article:

http://helpx.adobe.com/experience-manager/using/post_files.html

smacdonald2008
smacdonald2008
Level 10
October 16, 2015

We have an old community forum thread on this question:

http://forums.adobe.com/message/4405166

Sham_HC
Sham_HC
Level 10
October 16, 2015

Define using sling.auth.requirements service property with "-" so that you get anonymous access http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html#anonymous-login

A
Anonymous
October 16, 2015

Hi Scott,

I saw that thread, but it didn't seem as though there was a clear answer i.e. no reply marked correct.

This is occurring on my authoring server, but is the answer to set /libs/cq/security/config.publish/com.day.cq.wcm.foundation.impl.HTTPAuthHandler > auth.http.nologin to false?  If so, what are the consequences of that change?

Thanks.

RKB

O
Ove_Lindström
Level 6
October 16, 2015

IMHO, you should not allow anything to read from the Author environment without authorization. If it is not public on an publish instance, then it should not be able to get the info without having the correct security credentials.

 

/Ove

Terms & ConditionsAccessibility statement

Loading footer...