Expand my Community achievements bar.

Join us in celebrating the outstanding achievement of our AEM Community Member of the Year!
Celebrate the Success!
SOLVED

Authentication Handler vs Filter

Avatar

Level 5
Level 5
12/16/24 12:05:48 PM

Using AEM Sites 6.5, I have incorporated a custom authentication solution into my website. It revolves around MSAL (Microsoft Authentication Library) and asking users to login with their Microsoft accounts.

 

When intercepting requests, detecting that the user is not logged in, and asking them to login before a page is rendered- what is the real benefit / difference in handling this logic in an AuthenticationHandler as opposed to a Filter?

 

For instance, I am noticing that in a custom authentication handler, I can detect that the page requires login and the user isn't logged in- so I can send them to go login by manipulating the response and exiting. I can do similarly in a filter- if the request is for an authenticated area and the user isn't logged in, then I send them through the login flow.

 

What's the real benefit in doing this via one method or another?  It seems the AuthenticationHandler should be responsible for extracting the user out of the request (e.g., via session cookie) and returning that to AEM... is it sketchy to have the AuthenticationHandler also issue 302 redirects to instruct the user to login?

Views

313

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
12/16/24 2:08:00 PM

Hi @dylanmccurry,

you can indeed achieve the same logic with both Authentication Handlers and Filters, but the more appropriate interface to use in your case is the Authentication Handler. Also, I don't see a problem with 302 responses.

The difference between the two can be summarized in two points:

1) Lifecycle Management

  • Authentication Handlers are executed early in the request processing cycle before the request is passed to Sling or any other processing layers
  • Filters are invoked after the Authentication Handler but before the request is handled by Sling or other components

2) Purpose/Responsibility

  • Authentication Handlers determine if a request contains valid credentials and redirect unauthenticated requests to an authentication endpoint
  • Filters provide a mechanism to process or modify requests and responses at various stages of the request lifecycle. They can be used for different tasks like logging, modifying headers, applying security policies, caching, etc.

 

Hope this helps,

Daniel

View solution in original post

Views

299

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Level 10
Level 10
12/16/24 2:08:00 PM

Hi @dylanmccurry,

you can indeed achieve the same logic with both Authentication Handlers and Filters, but the more appropriate interface to use in your case is the Authentication Handler. Also, I don't see a problem with 302 responses.

The difference between the two can be summarized in two points:

1) Lifecycle Management

  • Authentication Handlers are executed early in the request processing cycle before the request is passed to Sling or any other processing layers
  • Filters are invoked after the Authentication Handler but before the request is handled by Sling or other components

2) Purpose/Responsibility

  • Authentication Handlers determine if a request contains valid credentials and redirect unauthenticated requests to an authentication endpoint
  • Filters provide a mechanism to process or modify requests and responses at various stages of the request lifecycle. They can be used for different tasks like logging, modifying headers, applying security policies, caching, etc.

 

Hope this helps,

Daniel

Views

300

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 5
Level 5
12/18/24 9:15:48 AM
In response to daniel-strmecki

Thanks, I suppose coming from a .NET and Node background- the filters feel a lot like middleware from those platforms, and middleware is indeed where this sort of logic would belong.

 

Are there any downsides to holding all of this logic in the filter layer?

Views

248

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
12/18/24 2:10:41 PM
In response to dylanmccurry

Hi @dylanmccurry,

IMO not really, besides not aligning with Adobe/Sling's vision on how to implement it. However, keep in mind that AEM is also constantly evolving, and aligning with the creator's visions and avoiding too much customization usually proves to be the correct strategy.

 

Good luck,

Daniel

Views

237

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Table of contents - Custom filter Solved

Views

138

Likes

0

Replies

3
Debug Adobe IO runtime application using VS Code Solved

Views

191

Likes

0

Replies

4
Dispatcher Filter Blocking HTTPS requests Solved

Views

386

Likes

0

Replies

14
Pathfinder paths handling difference in AEM Cloud vs AMS Solved

Views

195

Likes

0

Replies

2
AEM XF (Experience Fragments) vs. CF (Content Fragment)

Views

101

Likes

0

Replies

3