Adobe Experience Manager Sites & More

srinivasc110177 · 4/13/16

When user tries to login on publish instance with userid/password .It shows 403 forbidden error on dispacther url http://abc.com/product/catalog/j_security_check

we are using CUG concept for login with j_security_check

currently we are having the rule on dispacther with Rule :: { /type "allow" /glob "*/product*" }. But still 403 forbidden error is coming .

Could some provide inputs as what could be done.

Thanks

srinivasc110177 · 4/25/16

Thanks,

I was able to resolve the issue when i changed the form action which was pointing to /content/product/catalog/en_US/login/j_security_check to just point to /product/catalog/en_US/login/j_security_check

View solution in original post

justin_at_adobe · 4/13/16

It is hard to tell from this information what is going on. You first need to determine whether or not that request is getting to AEM. You can check this by comparing the web server access logs with the AEM access log. It sounds like it isn't (but that warrants doublechecking) in which case you may have conflicting dispatcher rules. You can enable debug logging on the dispatcher module to confirm that the request is being rejected by the dispatcher.

srinivasc110177 · 4/15/16

In the CQ error logs i keep getting this error

*WARN* GET /content/product/catalog/en_US/login/j_security_check HTTP/1.1]
org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity:AuthenticationHandler did not block request; access denied

Could you please provide inputs as what could be done

Thanks

Jörg_Hoh · 4/15/16

Can you set the log facility "org.apache.sling.auth.core.impl.SlingAuthenticator" to DEBUG and retry the request?

Jörg

srinivasc110177 · 4/18/16

Hi,

I have attached the debug logs org.apache.sling.auth.core.impl.SlingAuthenticator. Please suggest how i could resolve the issue

Thanks

Jörg_Hoh · 4/18/16

Hi

Sadly I cannot deduce how much requests (and what kind of requests) went into this log, so just some remarks;

2016-04-18 14:17:38.056 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null 2016-04-18 14:17:38.057 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null 2016-04-18 14:17:38.059 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null

comes from this code in SlingAuthenticator [1] (line 496, you might want to to validate your installation, which version of the bundle "org.apache.sling.auth.core" you have)

log.debug("doHandleSecurity: Trying to get a session for {}", authInfo.getUser()); return getResolver(request, response, authInfo);

so I would say, that this request is not using authentication.

Jörg

[1] https://github.com/apache/sling/blob/61f3a17e46f568df992ceb94712d9727cdab7ebe/bundles/auth/core/src/...

srinivasc110177 · 4/25/16

Thanks,

I was able to resolve the issue when i changed the form action which was pointing to /content/product/catalog/en_US/login/j_security_check to just point to /product/catalog/en_US/login/j_security_check

Adobe Experience Manager Sites & More

403 forbidden error on dispacther url for j_security_check

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe