Adobe Experience Manager Sites & More

srinivasc110177 · 13/04/2016

When user tries to login on publish instance with userid/password .It shows 403 forbidden error on dispacther url http://abc.com/product/catalog/j_security_check

we are using CUG concept for login with j_security_check

currently we are having the rule on dispacther with Rule :: { /type "allow" /glob "*/product*" }. But still 403 forbidden error is coming .

Could some provide inputs as what could be done.

Thanks

srinivasc110177 · 25/04/2016

Thanks,

I was able to resolve the issue when i changed the form action which was pointing to /content/product/catalog/en_US/login/j_security_check to just point to /product/catalog/en_US/login/j_security_check

Ver solução na publicação original

justin_at_adobe · 13/04/2016

It is hard to tell from this information what is going on. You first need to determine whether or not that request is getting to AEM. You can check this by comparing the web server access logs with the AEM access log. It sounds like it isn't (but that warrants doublechecking) in which case you may have conflicting dispatcher rules. You can enable debug logging on the dispatcher module to confirm that the request is being rejected by the dispatcher.

srinivasc110177 · 15/04/2016

In the CQ error logs i keep getting this error

*WARN* GET /content/product/catalog/en_US/login/j_security_check HTTP/1.1]
org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity:AuthenticationHandler did not block request; access denied

Could you please provide inputs as what could be done

Thanks

Jörg_Hoh · 15/04/2016

Can you set the log facility "org.apache.sling.auth.core.impl.SlingAuthenticator" to DEBUG and retry the request?

Jörg

srinivasc110177 · 18/04/2016

Hi,

I have attached the debug logs org.apache.sling.auth.core.impl.SlingAuthenticator. Please suggest how i could resolve the issue

Thanks

Jörg_Hoh · 18/04/2016

Hi

Sadly I cannot deduce how much requests (and what kind of requests) went into this log, so just some remarks;

2016-04-18 14:17:38.056 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null 2016-04-18 14:17:38.057 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null 2016-04-18 14:17:38.059 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null

comes from this code in SlingAuthenticator [1] (line 496, you might want to to validate your installation, which version of the bundle "org.apache.sling.auth.core" you have)

log.debug("doHandleSecurity: Trying to get a session for {}", authInfo.getUser()); return getResolver(request, response, authInfo);

so I would say, that this request is not using authentication.

Jörg

[1] https://github.com/apache/sling/blob/61f3a17e46f568df992ceb94712d9727cdab7ebe/bundles/auth/core/src/...

srinivasc110177 · 25/04/2016

Thanks,

I was able to resolve the issue when i changed the form action which was pointing to /content/product/catalog/en_US/login/j_security_check to just point to /product/catalog/en_US/login/j_security_check

Adobe Experience Manager Sites & More

403 forbidden error on dispacther url for j_security_check

Aprender

Documentação

Eventos

Comunidade

Suporte

Recursos

Conta de Adobe

Adobe