Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

AEM 6550 - Log AEM Form Login User (j_username) Password (j_password) doing j_security_check Authentication | AEM Community Blog Seeding

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,162 likes

Total Posts

6,265 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,162 likes

Total Posts

6,265 posts

Correct Reply

1,144 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

05-08-2020

BlogImage.jpg

AEM 6550 - Log AEM Form Login User (j_username) Password (j_password) doing j_security_check Authent... by Sreekanth Choudry Nalabotu

Abstract

If you are unsure the user authentication information like j_username, j_password are passed to /libs/granite/core/content/login.html/j_security_check or being stripped off from the request by intermediate proxies before reaching AEM, you can use the following code to log them...

Solution

Add the following custom authentication handler in a separate bundle (independent of your project) or install this package with the auth handler and log configuration logging to http://localhost:4502/system/console/slinglog/tailer.txt?tail=10000&grep=*&name=%2Flogs%2Feaem-jsecurity.log


package apps.experienceaem.assets;

import org.apache.sling.auth.core.spi.AuthenticationHandler;
import org.apache.sling.auth.core.spi.AuthenticationInfo;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.auth.core.spi.AuthenticationFeedbackHandler;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import java.io.IOException;

import static org.osgi.framework.Constants.SERVICE_RANKING;

@Component(
service = { AuthenticationHandler.class },
immediate = true,
property = {
SERVICE_RANKING + ":Integer=" + 9999,
AuthenticationHandler.PATH_PROPERTY + "=/libs/granite/core/content/login.html/j_security_check",
AuthenticationHandler.TYPE_PROPERTY + "=" + "EAEM_RECORD_CREDS",
"service.description=Experience AEM Log j_security_check User Password Credentials"
})
public class EAEMRecordUserPassAuthHandler implements AuthenticationHandler, AuthenticationFeedbackHandler {

private static final Logger log = LoggerFactory.getLogger(EAEMRecordUserPassAuthHandler.class);

private static final String REQUEST_METHOD = "POST";
private static final String REQUEST_URL_SUFFIX = "/j_security_check";

@Reference
private SlingRepository repository;

@Reference(target = "(service.pid=com.day.crx.security.token.impl.impl.TokenAuthenticationHandler)")
private AuthenticationHandler wrappedAuthHandler;

public AuthenticationInfo extractCredentials(HttpServletRequest request, HttpServletResponse response) {
if (REQUEST_METHOD.equals(request.getMethod()) && request.getRequestURI().endsWith(REQUEST_URL_SUFFIX)) {
AuthenticationInfo authInfo = wrappedAuthHandler.extractCredentials(request, response);

SimpleCredentials sc = (SimpleCredentials) authInfo.get("user.jcr.credentials");

log.debug("User: " + sc.getUserID() + ", Password : " + new String(sc.getPassword()));

return authInfo;
}

return null;
}

public boolean requestCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
return wrappedAuthHandler.requestCredentials(httpServletRequest, httpServletResponse);
}

public void dropCredentials(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
wrappedAuthHandler.dropCredentials(httpServletRequest, httpServletResponse);
}

@Override
public void authenticationFailed(HttpServletRequest request, HttpServletResponse response, AuthenticationInfo authInfo) {
if (wrappedAuthHandler instanceof AuthenticationFeedbackHandler) {
((AuthenticationFeedbackHandler) wrappedAuthHandler).authenticationFailed(request, response, authInfo);
}
}

@Override
public boolean authenticationSucceeded(HttpServletRequest request, HttpServletResponse response, AuthenticationInfo authInfo) {
if (wrappedAuthHandler instanceof AuthenticationFeedbackHandler) {
return ((AuthenticationFeedbackHandler) wrappedAuthHandler).authenticationSucceeded(request, response, authInfo);
}
return false;
}
}

Read Full Blog

AEM 6550 - Log AEM Form Login User (j_username) Password (j_password) doing j_security_check Authent...

Q&A

Please use this thread to ask the related questions.

AEM AEMEBlogSeeding Experience Manager

Replies

Avatar

Avatar
Give Back
Level 1
Mohan_BMS
Level 1

Likes

0 likes

Total Posts

3 posts

Correct Reply

0 solutions
Top badges earned
Give Back
View profile

Avatar
Give Back
Level 1
Mohan_BMS
Level 1

Likes

0 likes

Total Posts

3 posts

Correct Reply

0 solutions
Top badges earned
Give Back
View profile
Mohan_BMS
Level 1

27-09-2020

Hi @kautuk_sahni , I am facing below error while trying to use this service. Please let me know if got into similar issue?

java.lang.ClassCastException: class org.apache.jackrabbit.api.security.authentication.token.TokenCredentials cannot be cast to class javax.jcr.SimpleCredentials (org.apache.jackrabbit.api.security.authentication.token.TokenCredentials is in unnamed module of loader org.apache.felix.framework.BundleWiringImpl$BundleClassLoader @2267c547; javax.jcr.SimpleCredentials is in unnamed module of loader org.apache.felix.framework.BundleWiringImpl$BundleClassLoader @2a20564b)
	at com.shared.core.service.impl.AuthorLoginHookAuthenticationHandler.extractCredentials(AuthorLoginHookAuthenticationHandler.java:72)
	at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(AuthenticationHandlerHolder.java:76)
	at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(AbstractAuthenticationHandlerHolder.java:60)
	at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticator.java:735)
	at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:483)
	at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:460)
	at org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:69)
	at org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103)
	at org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:406)
	at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:58)
	at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)
	at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1002)
	at org.apache.sling.security.impl.ReferrerFilter.doFilter(ReferrerFilter.java:326)
	at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandler.java:136)
	at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1008)
	at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)
	at org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandler.java:136)
	at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1008)
	at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(WhiteboardManager.java:1012)
	at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)
	at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:755)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:547)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1607)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1297)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:485)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1577)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1212)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:221)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:500)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:547)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:270)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:117)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:388)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
	at java.base/java.lang.Thread.run(Thread.java:834)