Hi Team,
I have a requirement for sensitive permission caching in AEM. I followed the documentation
https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-...
Some times Auth check servlet is receiving the call from dispatcher when ever we hit the page.
Sometimes auth check servlet nor getting called when we hit the page ( no logs from auth check servlet )
Sometimes it is getting 404.
It very strange behavior. Can some one please guide me on this. Any help is highly appreciated.
Below are the complete details.
I created a servlet
@Component(service = Servlet.class, property = {
Constants.SERVICE_DESCRIPTION + "= Authenticate the page based on tags added on the page.",
"sling.servlet.paths=" + "/bin/mysite/authcheck"
})
public class RequestAuthenticationServlet extends SlingSafeMethodsServlet {
I override the DO head method
@Override
public void doHead(SlingHttpServletRequest request, SlingHttpServletResponse response) {
String uri = request.getParameter("uri").replace(".html", "");
logger.debug("Request URL {}", uri);
logger.debug("RequestAuthenticationServlet:Time before validating the user is {}.", new Date().getTime());
Map<String, Object> serviceParams = new HashMap<>();
serviceParams.put(ResourceResolverFactory.SUBSERVICE, MYSITE_ADMINISTRATIVE_SERVICE);
ResourceResolver resourceResolver = null;
try {
logger.debug("Inside Try block of Auth_Checker_Servlet");
resourceResolver = resolverFactory.getServiceResourceResolver(serviceParams);
boolean isInValid = userGroupService.validateTheUser(resourceResolver, request.getResourceResolver(), uri);
if (isInValid) {
logger.debug("user don't have access on the page {}", uri);
response.setStatus(SC_FORBIDDEN);
} else {
logger.debug("user have access on the page {}", uri);
response.setStatus(SC_OK);
}
} catch (Exception e) {
logger.error("auth checker says READ access DENIED!");
response.setStatus(SC_FORBIDDEN);
}
finally {
if (resourceResolver != null && resourceResolver.isLive()) {
resourceResolver.close();
}
}
logger.debug("RequestAuthenticationServlet:Time after validating the user is {}.", new Date().getTime());
}
and I enabled Auth checker in dispatcher : src/conf.dispatcher.d/enabled_farms/mysite.farm
/auth_checker
{
# request is sent to this URL with '?uri=<page>' appended
/url "/bin/mysite/authcheck"
# only the requested pages matching the filter section below are checked,
# all other pages get delivered unchecked
/filter
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "/content/mysite/*"
/type "allow"
}
}
# any header line returned from the auth_checker's HEAD request matching
# the section below will be returned as well
/headers
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "Set-Cookie:*"
/type "allow"
}
}
}
Views
Replies
Total Likes
Hello @Rudra-2024
I guess you are already following it via Issues with Auth check servlet in AEM - Adobe Experience League Community - 598659
Lets keep the thread in one place. It just becomes easy to understand all the inputs coming from various people.
Hi @aanchal-sikka
By mistake I submitted twice and not able to delete the post. Is there any way we can delete this question.
Hi @Rudra-2024 ,
Please confirm on few things.
1. Do you have CDN placed on top of dispatcher. Then you might need to by pass the caching from CDN.
2. Also check when the auth checker servlet is not called, in case of non-cached document, it wont get called.
Hi @TarunKumar
We have default CDN (Fastly). I disabled CDN cache by un commenting below from global.vars file
# Define DISABLE_DEFAULT_CACHING
It is hitting the servlet for every request but it always passing 404.html
Views
Likes
Replies