I am having a weird issue and not sure how to resolve it! We are in the process of upgrading from AEM 6.0 to 6.3. In 6.3 we have created several web services to support almost all the UI features like Upload Asset, Get Asset, Lock/Unlock Asset etc. I am testing the same services from my local Eclipse client and Chrome Postman REST client.
Basically during testing, I am providing my user id as "AUTH_USER" header key. AEM 6.0 authenticates me using SlingAuthenticator and my ID is available as principal in the servlet code (request.getUserPrincipal()).
In case of 6.3, the web service invocation works fine first time. But then it fails to authenticate my ID for next 1 hour or so. After that period, it again works one time and so on. Following is the message I get in error.log during that "period"
16.06.2017 14:52:09.420 INFO [qtp1065074294-107] org.apache.sling.auth.core.impl.SlingAuthenticator handleLoginFailure: Unable to authenticate apaldhik: Login Failure: all modules ignored
As per Adobe support recommendation, I also added the CSRF-Token but that doesn't help (it does work without CSRF token once every hour !).