We want to bypass a specific url from custom authentication handler means whenever this url is browsed, it should not be authenticated. I am using standalone AEM server so updating tomcat web.xml is not possible. Another way, lot of post says to update "Apache Sling Authentication Service" configuration and allow anonymous access with the url (with -/ prefix) but, somehow it is not working for me.
Wanted to do this through code in the custom authentication handler where Path value is given to be authenticated. But, there we can only give the allowed paths to be authenticated and rightnow it is root. So, if we allow specific paths, it will be too many and in future each time if some new url needs to be authenticated will needs to be updated here - Can we give the list of excluded urls in custom authentication handler?
Just wondering, is there any other way of doing this through filters or anything else. Thanks in advance!
Are these answers useful? Help other community members by marking useful answers as accepted.
If you have sling config that you deploy you can always just add the path there like you mentioned and configure Apache Sling Authentication Service to have Authentication Requirements have the added path you want to disable authentication on.