AEM SDK Custom Authentication Handler
Hi Experts,
I have implemented a custom authentication handler MysiteAuthHandler in AEM SDK.
I want admin pages /content/mysite/admin (including child-pages) should be authenticated via custom authentication handler MysiteAuthHandler.
In admin page properties, I have enabled the Authentication Requirements and passing /content/mysite/login as a Login Page. Also, I have given permission to authors and administrators group.
On local Author instance it is working fine. On Publish /content/mysite/admin pages are redirecting to login page but the problem is when user clicks the submit button an error comes up.
http://localhost:4503/j_mysite_security_check Access to localhost was denied.
This is how code and configs looks like.
1. Adobe Granite Login Selector Authentication Handler
Login Mapping
/content/mysite/login:/content/mysite/admin
2. Apache Sling Authentication Service
auth.uri.suffix as /j_mysite_security_check
3. Apache Sling Login Admin Whitelist (enable whitelist)
4. loginForm
<form id="loginForm" method="POST" action="j_mysite_security_check">
Username: <input type="text" name="username" required />
Password: <input type="password" name="password" required />
<input type="submit" value="Login" />
<p style="color:red" data-sly-include="message.jsp"></p>
<input type="hidden" name="successPage" value="/content/mysite/welcome"/>
<input type="hidden" name="failurePage" value="/content/mysite/login"/>
</form>
5. MysiteAuthHandler
@8220494(service = AuthenticationHandler.class, immediate = true,
property = {AuthenticationHandler.PATH_PROPERTY + "=/content/mysite"})
@ServiceDescription("Mysite Authentication Handler")
@ServiceRanking(60000)
public class MysiteAuthHandler implements AuthenticationHandler, AuthenticationFeedbackHandler {
public AuthenticationInfo extractCredentials(...) {
AuthenticationInfo authenticationInfo = null;
if ("POST".equals(request.getMethod()) && request.getRequestURI().endsWith("/j_mysite_security_check")) {
if (!AuthUtil.isValidateRequest(request))
AuthUtil.setLoginResourceAttribute(request, request.getContextPath());
final SimpleCredentials creds = new SimpleCredentials(request.getParameter("username"),
request.getParameter("password").toCharArray());
authenticationInfo = new AuthenticationInfo(HttpServletRequest.FORM_AUTH, creds.getUserID());
authenticationInfo.put(JcrResourceConstants.AUTHENTICATION_INFO_CREDENTIALS, creds);
authenticationInfo.put("user.name", request.getParameter("username"));
}
return authenticationInfo;
}
public boolean authenticationSucceeded(...) {
if (null == authInfo)
return false;
response.sendRedirect(request.getParameter("successPage"));
return true;
}
public void authenticationFailed(...) {
response.sendRedirect(request.getParameter("failurePage") + "?message=loginFail");
}
}
Below are the SlingAuthenticator logs from publish env.
29.09.2022 10:42:59.103 *DEBUG* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator getAuthenticationInfo: no handler could extract credentials; assuming anonymous
29.09.2022 10:42:59.103 *DEBUG* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator doHandleSecurity: No credentials in the request, anonymous
29.09.2022 10:42:59.103 *DEBUG* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator setAttributes: ResourceResolver stored as request attribute: user=anonymous
29.09.2022 10:42:59.103 *WARN* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied
If anyone has any pointers please share.
Kind Regards,
Dishant