Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

AEM SDK Custom Authentication Handler

Avatar

Level 1

Hi Experts,

I have implemented a custom authentication handler MysiteAuthHandler in AEM SDK.

I want admin pages /content/mysite/admin (including child-pages) should be authenticated via custom authentication handler MysiteAuthHandler.

In admin page properties, I have enabled the Authentication Requirements and passing /content/mysite/login as a Login Page. Also, I have given permission to authors and administrators group.

dv333_1-1664426941236.png

On local Author instance it is working fine. On Publish /content/mysite/admin pages are redirecting to login page but the problem is when user clicks the submit button an error comes up.
http://localhost:4503/j_mysite_security_check Access to localhost was denied.

dv333_0-1664426851428.png

This is how code and configs looks like.

1. Adobe Granite Login Selector Authentication Handler

Login Mapping
/content/mysite/login:/content/mysite/admin

2. Apache Sling Authentication Service

auth.uri.suffix as /j_mysite_security_check

3. Apache Sling Login Admin Whitelist (enable whitelist)

4. loginForm

<form id="loginForm" method="POST" action="j_mysite_security_check">
Username: <input type="text" name="username" required />
Password: <input type="password" name="password" required />

<input type="submit" value="Login" />
<p style="color:red" data-sly-include="message.jsp"></p>

<input type="hidden" name="successPage" value="/content/mysite/welcome"/>
<input type="hidden" name="failurePage" value="/content/mysite/login"/>
</form>

5. MysiteAuthHandler

@component(service = AuthenticationHandler.class, immediate = true,
		property = {AuthenticationHandler.PATH_PROPERTY + "=/content/mysite"})
@ServiceDescription("Mysite Authentication Handler")
@ServiceRanking(60000)
public class MysiteAuthHandler implements AuthenticationHandler, AuthenticationFeedbackHandler {

	public AuthenticationInfo extractCredentials(...) {
		AuthenticationInfo authenticationInfo = null;
		if ("POST".equals(request.getMethod()) && request.getRequestURI().endsWith("/j_mysite_security_check")) {
			if (!AuthUtil.isValidateRequest(request))
				AuthUtil.setLoginResourceAttribute(request, request.getContextPath());

			final SimpleCredentials creds = new SimpleCredentials(request.getParameter("username"),
					request.getParameter("password").toCharArray());

			authenticationInfo = new AuthenticationInfo(HttpServletRequest.FORM_AUTH, creds.getUserID());
			authenticationInfo.put(JcrResourceConstants.AUTHENTICATION_INFO_CREDENTIALS, creds);
			authenticationInfo.put("user.name", request.getParameter("username"));
		}
		return authenticationInfo;
	}

	public boolean authenticationSucceeded(...) {
		if (null == authInfo)
			return false;

		response.sendRedirect(request.getParameter("successPage"));
		return true;
	}

	public void authenticationFailed(...) {
		response.sendRedirect(request.getParameter("failurePage") + "?message=loginFail");
	}
}

Below are the SlingAuthenticator logs from publish env.

29.09.2022 10:42:59.103 *DEBUG* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator getAuthenticationInfo: no handler could extract credentials; assuming anonymous
29.09.2022 10:42:59.103 *DEBUG* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator doHandleSecurity: No credentials in the request, anonymous
29.09.2022 10:42:59.103 *DEBUG* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator setAttributes: ResourceResolver stored as request attribute: user=anonymous
29.09.2022 10:42:59.103 *WARN* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied

If anyone has any pointers please share.

Kind Regards,

Dishant

 

1 Accepted Solution

Avatar

Correct answer by
Level 1

Hi @Jörg_Hoh,

I debugged and got to know that the `resource.resolver.mapping` in the project was not allowing this Authentication Handler to work. I updated the path to `/` and it worked.

Thanks

View solution in original post

2 Replies

Avatar

Employee Advisor

Can you check if your authenticator is even invoked (e.g. by adding some log statements in there)?

 

29.09.2022 10:42:59.103 *DEBUG* [qtp467406488-331] org.apache.sling.auth.core.impl.SlingAuthenticator getAuthenticationInfo: no handler could extract credentials; assuming anonymous

This message makes me think that the authenticator is not invoked.

Avatar

Correct answer by
Level 1

Hi @Jörg_Hoh,

I debugged and got to know that the `resource.resolver.mapping` in the project was not allowing this Authentication Handler to work. I updated the path to `/` and it worked.

Thanks