Expand my Community achievements bar.

SOLVED

AEM SDK Custom Authentication Handler

Avatar

Level 1

Hi Experts,

I have implemented a custom authentication handler MysiteAuthHandler in AEM SDK.

I want admin pages /content/mysite/admin (including child-pages) should be authenticated via custom authentication handler MysiteAuthHandler.

In admin page properties, I have enabled the Authentication Requirements and passing /content/mysite/login as a Login Page. Also, I have given permission to authors and administrators group.

dv333_1-1664426941236.png

On local Author instance it is working fine. On Publish /content/mysite/admin pages are redirecting to login page but the problem is when user clicks the submit button an error comes up.
http://localhost:4503/j_mysite_security_check Access to localhost was denied.

dv333_0-1664426851428.png

This is how code and configs looks like.

1. Adobe Granite Login Selector Authentication Handler

Login Mapping
/content/mysite/login:/content/mysite/admin

2. Apache Sling Authentication Service

auth.uri.suffix as /j_mysite_security_check

3. Apache Sling Login Admin Whitelist (enable whitelist)

4. loginForm

<form id="loginForm" method="POST" action="j_mysite_security_check">
Username: <input type="text" name="username" required />
Password: <input type="password" name="password" required />

<input type="submit" value="Login" />
<p style="color:red" data-sly-include="message.jsp"></p>

<input type="hidden" name="successPage" value="/content/mysite/welcome"/>
<input type="hidden" name="failurePage" value="/content/mysite/login"/>
</form>

5. MysiteAuthHandler

@component(service = AuthenticationHandler.class, immediate = true,
		property = {AuthenticationHandler.PATH_PROPERTY + "=/content/mysite"})
@ServiceDescription("Mysite Authentication Handler")
@ServiceRanking(60000)
public class MysiteAuthHandler implements AuthenticationHandler, AuthenticationFeedbackHandler {

	public AuthenticationInfo extractCredentials(...) {
		AuthenticationInfo authenticationInfo = null;
		if ("POST".equals(request.getMethod()) && request.getRequestURI().endsWith("/j_mysite_security_check")) {
			if (!AuthUtil.isValidateRequest(request))
				AuthUtil.setLoginResourceAttribute(request, request.getContextPath());

			final SimpleCredentials creds = new SimpleCredentials(request.getParameter("username"),
					request.getParameter("password").toCharArray());

			authenticationInfo = new AuthenticationInfo(HttpServletRequest.FORM_AUTH, creds.getUserID());
			authenticationInfo.put(JcrResourceConstants.AUTHENTICATION_INFO_CREDENTIALS, creds);
			authenticationInfo.put("user.name", request.getParameter("username"));
		}
		return authenticationInfo;
	}

	public boolean authenticationSucceeded(...) {
		if (null == authInfo)
			return false;

		response.sendRedirect(request.getParameter("successPage"));
		return true;
	}

	public void authenticationFailed(...) {
		response.sendRedirect(request.getParameter("failurePage") + "?message=loginFail");
	}
}

Below are the SlingAuthenticator logs from publish env.

29.09.2022 10:42:59.103 *DEBUG* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator getAuthenticationInfo: no handler could extract credentials; assuming anonymous
29.09.2022 10:42:59.103 *DEBUG* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator doHandleSecurity: No credentials in the request, anonymous
29.09.2022 10:42:59.103 *DEBUG* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator setAttributes: ResourceResolver stored as request attribute: user=anonymous
29.09.2022 10:42:59.103 *WARN* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied

If anyone has any pointers please share.

Kind Regards,

Dishant

 

1 Accepted Solution

Avatar

Correct answer by
Level 1

Hi @Jörg_Hoh,

I debugged and got to know that the `resource.resolver.mapping` in the project was not allowing this Authentication Handler to work. I updated the path to `/` and it worked.

Thanks

View solution in original post

2 Replies

Avatar

Employee Advisor

Can you check if your authenticator is even invoked (e.g. by adding some log statements in there)?

 

29.09.2022 10:42:59.103 *DEBUG* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator getAuthenticationInfo: no handler could extract credentials; assuming anonymous

This message makes me think that the authenticator is not invoked.

Avatar

Correct answer by
Level 1

Hi @Jörg_Hoh,

I debugged and got to know that the `resource.resolver.mapping` in the project was not allowing this Authentication Handler to work. I updated the path to `/` and it worked.

Thanks