Hi All,
I an novice in AEM and recently have gotten a use case to do gated AEM assets (images, pdf & etc) for external users that do not sits in AEM's user/group, I've studied the CUG authentication features from a few Internet sources, I notice the authentication is mainly performed against the OOTB AEM login module, and seldom elaborate on how it works if I were to provide a custom login page link. Hence, I have a few related queries here, hopefully any folks with similar experiences or experts can shed some light.
I appreciate any responses with comments/corrections, advises, better solutions or references on this matter.
Sorry for the long read, I just wanted to ensure that my words fully express my ideas and thoughts.
Thanks for your time.
Solved! Go to Solution.
Views
Replies
Total Likes
You can create a custom logic page and have custom authentication handler written to validate the behavior, below are the steps to do so.
Custom Authentication Handler Example:
@component(service = Authenticator.class)
public class MyCustomAuthHandler implements AuthenticationHandler {
@reference
private ResourceResolverFactory resourceResolverFactory;
@Override
public AuthenticationInfo extractCredentials(SlingHttpServletRequest request,
AuthenticateCallback callback)
throws NoAuthenticationHandlerException {
// Extract the login token from the request
String loginToken = request.getParameter("loginToken");
// Call your external login API to authenticate the user and retrieve their details
// If authentication succeeds, create a session for the user
ResourceResolver resourceResolver = null;
try {
resourceResolver = resourceResolverFactory.getServiceResourceResolver(null);
UserManager userManager = resourceResolver.adaptTo(UserManager.class);
// Create a session for the user and return the authentication info
return new AuthenticationInfo("myCustomAuthType", "userId",
"UserPassword".toCharArray());
} catch (Exception e) {
// Handle any exceptions that may occur
// ...
} finally {
if (resourceResolver != null && resourceResolver.isLive()) {
resourceResolver.close();
}
}
return null;
}
}
Hope this is helpful.
You can create a custom logic page and have custom authentication handler written to validate the behavior, below are the steps to do so.
Custom Authentication Handler Example:
@component(service = Authenticator.class)
public class MyCustomAuthHandler implements AuthenticationHandler {
@reference
private ResourceResolverFactory resourceResolverFactory;
@Override
public AuthenticationInfo extractCredentials(SlingHttpServletRequest request,
AuthenticateCallback callback)
throws NoAuthenticationHandlerException {
// Extract the login token from the request
String loginToken = request.getParameter("loginToken");
// Call your external login API to authenticate the user and retrieve their details
// If authentication succeeds, create a session for the user
ResourceResolver resourceResolver = null;
try {
resourceResolver = resourceResolverFactory.getServiceResourceResolver(null);
UserManager userManager = resourceResolver.adaptTo(UserManager.class);
// Create a session for the user and return the authentication info
return new AuthenticationInfo("myCustomAuthType", "userId",
"UserPassword".toCharArray());
} catch (Exception e) {
// Handle any exceptions that may occur
// ...
} finally {
if (resourceResolver != null && resourceResolver.isLive()) {
resourceResolver.close();
}
}
return null;
}
}
Hope this is helpful.
@VeenaK great reply. Good to see great AEM SMEs in this community. Looking forward to your continuous contribution here.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies