Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Bypassing specific url from custom sling authentication handler

Avatar

Level 3

Hi Experts,

We want to bypass a specific url from custom authentication handler means whenever this url is browsed, it should not be authenticated. I am using standalone AEM server so updating tomcat web.xml is not possible. Another way, lot of post says to update "Apache Sling Authentication Service" configuration and allow anonymous access with the url (with -/ prefix) but, somehow it is not working for me.

Wanted to do this through code in the custom authentication handler where Path value is given to be authenticated. But, there we can only give the allowed paths to be authenticated and rightnow it is root. So, if we allow specific paths, it will be too many and in future each time if some new url needs to be authenticated will needs to be updated here - Can we give the list of excluded urls in custom authentication handler?

Just wondering, is there any other way of doing this through filters or anything else. Thanks in advance!

1 Accepted Solution

Avatar

Correct answer by
Level 1

Well you can do it on the servlet if you're using the SlingServlet

How to disable authentication in CQ?

If you have sling config that you deploy you can always just add the path there like you mentioned and configure Apache Sling Authentication Service to have Authentication Requirements ​have the added path you want to disable authentication on.

View solution in original post

1 Reply

Avatar

Correct answer by
Level 1

Well you can do it on the servlet if you're using the SlingServlet

How to disable authentication in CQ?

If you have sling config that you deploy you can always just add the path there like you mentioned and configure Apache Sling Authentication Service to have Authentication Requirements ​have the added path you want to disable authentication on.