Expand my Community achievements bar.

SOLVED

403 forbidden error on dispacther url for j_security_check

Avatar

Level 4

When user tries  to  login  on publish instance with userid/password .It  shows  403 forbidden  error on dispacther url http://abc.com/product/catalog/j_security_check

we are  using CUG concept for login   with j_security_check

currently we are  having the rule on dispacther with Rule :: { /type "allow" /glob "*/product*" }. But  still 403 forbidden  error is coming  .

Could some provide  inputs  as what  could be done.

Thanks

1 Accepted Solution

Avatar

Correct answer by
Level 4

Thanks,

 

I was able to resolve  the issue when i changed the form action which was pointing to /content/product/catalog/en_US/login/j_security_check to just point to /product/catalog/en_US/login/j_security_check

View solution in original post

6 Replies

Avatar

Employee

It is hard to tell from this information what is going on. You first need to determine whether or not that request is getting to AEM. You can check this by comparing the web server access logs with the AEM access log. It sounds like it isn't (but that warrants doublechecking) in which case you may have conflicting dispatcher rules. You can enable debug logging on the dispatcher module to confirm that the request is being rejected by the dispatcher.

Avatar

Level 4

In the CQ error logs i keep getting this error

*WARN* GET /content/product/catalog/en_US/login/j_security_check HTTP/1.1] 
org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity:AuthenticationHandler did not block request; access denied

Could you please provide inputs as what could be done

Thanks

Avatar

Employee Advisor

Can you set the log facility "org.apache.sling.auth.core.impl.SlingAuthenticator" to DEBUG and retry the request?

Jörg

Avatar

Level 4

Hi,

I have attached the debug logs org.apache.sling.auth.core.impl.SlingAuthenticator. Please suggest how i could resolve the issue

Thanks

Avatar

Employee Advisor

Hi

Sadly I cannot deduce how much requests (and what kind of requests) went into this log, so just some remarks;

2016-04-18 14:17:38.056 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null 2016-04-18 14:17:38.057 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null 2016-04-18 14:17:38.059 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null

comes from this code in SlingAuthenticator [1] (line 496, you might want to to validate your installation, which version of the bundle "org.apache.sling.auth.core" you have)

log.debug("doHandleSecurity: Trying to get a session for {}", authInfo.getUser()); return getResolver(request, response, authInfo);

so I would say, that this request is not using authentication.

Jörg

 

[1] https://github.com/apache/sling/blob/61f3a17e46f568df992ceb94712d9727cdab7ebe/bundles/auth/core/src/...

Avatar

Correct answer by
Level 4

Thanks,

 

I was able to resolve  the issue when i changed the form action which was pointing to /content/product/catalog/en_US/login/j_security_check to just point to /product/catalog/en_US/login/j_security_check