When user tries to login on publish instance with userid/password .It shows 403 forbidden error on dispacther url http://abc.com/product/catalog/j_security_check
we are using CUG concept for login with j_security_check
currently we are having the rule on dispacther with Rule :: { /type "allow" /glob "*/product*" }. But still 403 forbidden error is coming .
Could some provide inputs as what could be done.
Thanks
Solved! Go to Solution.
Views
Replies
Total Likes
Thanks,
I was able to resolve the issue when i changed the form action which was pointing to /content/product/catalog/en_US/login/j_security_check to just point to /product/catalog/en_US/login/j_security_check
Views
Replies
Total Likes
It is hard to tell from this information what is going on. You first need to determine whether or not that request is getting to AEM. You can check this by comparing the web server access logs with the AEM access log. It sounds like it isn't (but that warrants doublechecking) in which case you may have conflicting dispatcher rules. You can enable debug logging on the dispatcher module to confirm that the request is being rejected by the dispatcher.
Views
Replies
Total Likes
In the CQ error logs i keep getting this error
*WARN* GET /content/product/catalog/en_US/login/j_security_check HTTP/1.1]
org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity:AuthenticationHandler did not block request; access denied
Could you please provide inputs as what could be done
Thanks
Views
Replies
Total Likes
Can you set the log facility "org.apache.sling.auth.core.impl.SlingAuthenticator" to DEBUG and retry the request?
Jörg
Views
Replies
Total Likes
Hi,
I have attached the debug logs org.apache.sling.auth.core.impl.SlingAuthenticator. Please suggest how i could resolve the issue
Thanks
Views
Replies
Total Likes
Hi
Sadly I cannot deduce how much requests (and what kind of requests) went into this log, so just some remarks;
2016-04-18 14:17:38.056 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null 2016-04-18 14:17:38.057 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null 2016-04-18 14:17:38.059 DEBUG [org.apache.sling.auth.core.impl.SlingAuthenticator] doHandleSecurity: Trying to get a session for null
comes from this code in SlingAuthenticator [1] (line 496, you might want to to validate your installation, which version of the bundle "org.apache.sling.auth.core" you have)
log.debug("doHandleSecurity: Trying to get a session for {}", authInfo.getUser()); return getResolver(request, response, authInfo);
so I would say, that this request is not using authentication.
Jörg
Views
Replies
Total Likes
Thanks,
I was able to resolve the issue when i changed the form action which was pointing to /content/product/catalog/en_US/login/j_security_check to just point to /product/catalog/en_US/login/j_security_check
Views
Replies
Total Likes
Views
Likes
Replies