Hi,
I have two portions of site. One is public to all where as other one is secure (which will have couple of pages) . User will login from the public portion of the site (from Sign-In link in public navigation) and will redirect to Secure portion home page.
How I have implemented this is by making redirect page in default login component to /content/<mysite>/<secure-home-page>. I have created a secure-user group and only this group will have read access to the secure portion of the site. So if any user who doesnt belong to this group tries to login, he gets 404 page. But what i want is a custom page or pop-up where user will get a message that He doesnt have access to visit this area.
Can someone please help how this can be done?
Thanks
Solved! Go to Solution.
Views
Replies
Total Likes
Rohit,
If user do not have access to page then they get 403 status code. But since for CQ no access = pages does not exist, thats why you are seeing 404 page. You can always extend your 404 under /apps/sling/servlet/errorhandler/default.jsp and 404.jsp to show correct behavior. You can also manage your custom redirect or pop up here.
Sample code snippet for default.jsp
int statusCode = (scObject != null) ? scObject.intValue() : HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
if(statusCode==404){
boolean pageExist = true;
ResourceResolverFactory rrfac = sling.getService(ResourceResolverFactory.class);
Map<String,Object> authInfo = new HashMap<String,Object>();
//Change this code in future to use read only user
authInfo.put(ResourceResolverFactory.USER_IMPERSONATION,"SOME USER WITH READ ACCESS");
ResourceResolver rr=null;
try{
rr = rrfac.getAdministrativeResourceResolver(authInfo);
//You want to ideally check for .html resources. All other resources should be egnored
pageExist = (!slingRequest.getRequestURI().endsWith(".json") && !slingRequest.getRequestURI().endsWith(".xml") && !(rr.resolve(slingRequest,slingRequest.getRequestURI()) instanceof NonExistingResource));
}catch(Exception e){
pageExist=false;
}finally{
if(rr!=null){
rr.close();
}
}
// Handle 403
if(pageExist && statusCode==404){
Externalizer externalizer = sling.getService(Externalizer.class);
if ( url.contains("/SOMELINK/") ){
pageURL = YOUR CUSTOM 403 PAGE;
}else{
pageURL = SOME OTHER CUSTOM 403;
}
statusCode = 403;
}
Yogesh
Views
Replies
Total Likes
Rohit,
If user do not have access to page then they get 403 status code. But since for CQ no access = pages does not exist, thats why you are seeing 404 page. You can always extend your 404 under /apps/sling/servlet/errorhandler/default.jsp and 404.jsp to show correct behavior. You can also manage your custom redirect or pop up here.
Sample code snippet for default.jsp
int statusCode = (scObject != null) ? scObject.intValue() : HttpServletResponse.SC_INTERNAL_SERVER_ERROR;
if(statusCode==404){
boolean pageExist = true;
ResourceResolverFactory rrfac = sling.getService(ResourceResolverFactory.class);
Map<String,Object> authInfo = new HashMap<String,Object>();
//Change this code in future to use read only user
authInfo.put(ResourceResolverFactory.USER_IMPERSONATION,"SOME USER WITH READ ACCESS");
ResourceResolver rr=null;
try{
rr = rrfac.getAdministrativeResourceResolver(authInfo);
//You want to ideally check for .html resources. All other resources should be egnored
pageExist = (!slingRequest.getRequestURI().endsWith(".json") && !slingRequest.getRequestURI().endsWith(".xml") && !(rr.resolve(slingRequest,slingRequest.getRequestURI()) instanceof NonExistingResource));
}catch(Exception e){
pageExist=false;
}finally{
if(rr!=null){
rr.close();
}
}
// Handle 403
if(pageExist && statusCode==404){
Externalizer externalizer = sling.getService(Externalizer.class);
if ( url.contains("/SOMELINK/") ){
pageURL = YOUR CUSTOM 403 PAGE;
}else{
pageURL = SOME OTHER CUSTOM 403;
}
statusCode = 403;
}
Yogesh
Views
Replies
Total Likes
Thanks Yogesh,
That was a nice explanation. So by your reply i believe my approach using the groups is ok.
I have another use case here. I have multiple sites and every site will have its own security group. So will this 404 jsp be able to handle for all?
Thanks
Rohit
Views
Replies
Total Likes