Expand my Community achievements bar.

Auth Check servlet is not getting called every time and it is printing 404 page

Avatar

Level 4

Hi Team,

 

I have a requirement for sensitive permission caching in AEM. I followed the documentation
https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-...


Some times Auth check servlet is receiving the call from dispatcher when ever we hit the page.
Sometimes auth check servlet nor getting called  when we hit the page ( no logs from auth check servlet )

Sometimes it is getting 404.

 

It very strange behavior. Can some one please guide me on this. Any help is highly appreciated. 

Below are the complete details. 

I created a servlet

@Component(service = Servlet.class, property = {
Constants.SERVICE_DESCRIPTION + "= Authenticate the page based on tags added on the page.",
"sling.servlet.paths=" + "/bin/mysite/authcheck"
})
public class RequestAuthenticationServlet extends SlingSafeMethodsServlet {

 

I override the DO head method

 

@Override
public void doHead(SlingHttpServletRequest request, SlingHttpServletResponse response) {

String uri = request.getParameter("uri").replace(".html", "");
logger.debug("Request URL {}", uri);
logger.debug("RequestAuthenticationServlet:Time before validating the user is {}.", new Date().getTime());
Map<String, Object> serviceParams = new HashMap<>();
serviceParams.put(ResourceResolverFactory.SUBSERVICE, MYSITE_ADMINISTRATIVE_SERVICE);
ResourceResolver resourceResolver = null;
try {
logger.debug("Inside Try block of Auth_Checker_Servlet");

resourceResolver = resolverFactory.getServiceResourceResolver(serviceParams);
boolean isInValid = userGroupService.validateTheUser(resourceResolver, request.getResourceResolver(), uri);
if (isInValid) {
logger.debug("user don't have access on the page {}", uri);
response.setStatus(SC_FORBIDDEN);
} else {
logger.debug("user have access on the page {}", uri);
response.setStatus(SC_OK);
}
} catch (Exception e) {
logger.error("auth checker says READ access DENIED!");
response.setStatus(SC_FORBIDDEN);
}
finally {
if (resourceResolver != null && resourceResolver.isLive()) {
resourceResolver.close();
}
}
logger.debug("RequestAuthenticationServlet:Time after validating the user is {}.", new Date().getTime());
}

 

and I enabled Auth checker in dispatcher :  src/conf.dispatcher.d/enabled_farms/mysite.farm

/auth_checker
{
# request is sent to this URL with '?uri=<page>' appended
/url "/bin/mysite/authcheck"

# only the requested pages matching the filter section below are checked,
# all other pages get delivered unchecked
/filter
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "/content/mysite/*"
/type "allow"
}
}
# any header line returned from the auth_checker's HEAD request matching
# the section below will be returned as well
/headers
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "Set-Cookie:*"
/type "allow"
}
}
}

 

4 Replies

Avatar

Community Advisor

Hello @Rudra-2024 

 

I guess you are already following it via Issues with Auth check servlet in AEM - Adobe Experience League Community - 598659 

Lets keep the thread in one place. It just becomes easy to understand all the inputs coming from various people.


Aanchal Sikka

Avatar

Level 4

Hi @aanchal-sikka 
By mistake I submitted twice and not able to delete the post. Is there any way we can delete this question.

Avatar

Community Advisor

Hi @Rudra-2024 ,

Please confirm on few things.
1. Do you have CDN placed on top of dispatcher. Then you might need to by pass the caching from CDN.
2. Also check when the auth checker servlet is not called, in case of non-cached document, it wont get called.

Avatar

Level 4

Hi @TarunKumar  

We have default CDN (Fastly). I disabled CDN cache by un commenting below from global.vars file
# Define DISABLE_DEFAULT_CACHING

 

It is hitting the servlet for every request but it always passing 404.html