Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

caching secure pages in AEM

Avatar

Avatar
Validate 1
Level 2
Ravi_KS
Level 2

Likes

0 likes

Total Posts

40 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Affirm 1
View profile

Avatar
Validate 1
Level 2
Ravi_KS
Level 2

Likes

0 likes

Total Posts

40 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Affirm 1
View profile
Ravi_KS
Level 2

16-05-2016

Dear All,

I have a requirement where the user has to login to see the pages. I have implemented the way explained in the https://docs.adobe.com/docs/en/dispatcher/permissions-cache.html.

But its not really working. Our requirement is not that the user has access to the page or not as all users have access to all the pages. Only constraint I need to check is that the user has a valid session or not. If not I have to ask him to login via SAML. I have configured my dispacther as per the link above and wrote a permission check servlet. But after the first login and once the page is cached, the page is served from the cache though I dont login.

While serving from the cache, it doesnt even hit my servlet to authorize. 

My dispatcher configuration is like this, I have removed some of the filter to hide identity but it should not matter. Yes this is my configuration.

/farms
{
    /website 
    {  
        /clientheaders
        {
            "*"
        }

        /virtualhosts
        {
            "*"
            #"https://*"
        }

        /renders
        {
            /rend01
            {
                /hostname "localhost"
                /port "4503"
                /ipv4 "1"
                /always-resolve "1"
                #/secure "1"
            }
        }

/auth_checker
  {
  # request is sent to this URL with '?uri=<page>' appended
  /url "/bin/permissioncheck"
       
  # only the requested pages matching the filter section below are checked,
  # all other pages get delivered unchecked
  /filter
    {
    /0000
      {
      /glob "*"
      /type "deny"
      }
    /0001
      {
      /glob "/content/*.html"
      /type "allow"
      }
    }
  # any header line returned from the auth_checker's HEAD request matching
  # the section below will be returned as well
  /headers
    {
    /0000
      {
      /glob "*"
      /type "deny"
      }
    /0001
      {
      /glob "Set-Cookie:*"
      /type "allow"
      }
    }
  }

 /sessionmanagement
  {
   /header "Cookie:login-token"
   /directory "C:/AEM/dispatcher_cache/httpd/.sessions"
  }

        /filter
        {
            /0001 { /type "allow" /glob "* /*" }
            /0012 { /type "deny" /url "/system/*"}
            /0013 { /type "deny" /glob "/system/*"}
            /0014 { /type "deny" /url "/libs/*"   }
            /0015 { /type "deny" /glob "/libs/*"   }
            /0016 { /type "deny" /url "* /etc/*" }
            /0017 { /type "allow" /url "* /etc/designs/*" }
            /0018 { /type "allow" /url "* /etc/clientlib/*" }
            /0019 { /type "allow" /url "* /etc/segmentation.segment.js*" }
            /0020 { /type "deny" /url "* /etc/replication.xml*" }
            /0021 { /type "deny" /url "* /etc/replication.infinity.json*" }
            /0022 { /type "deny" /url "* /libs/opensocial/proxy*" }       
            /0023 { /type "allow" /url "/content*" }  # disable this rule to allow mapped content only
            /0024 { /type "deny" /url "/bin/crxde/logs"}
            /0025 { /type "deny" /url "/content/geometrixx.sitemap.txt"}
            /0026 { /type "deny" /url "/var/linkchecker.html"}
            /0027 { /type "deny" /url "/etc/linkchecker.html"}
            /0030 { /type "allow" /url "* /is/image*"   }
            /0031 { /type "allow" /url "* /is/content*"   } 
            /0041 { /type "allow" /url "*.css"   }  # enable css
            /0042 { /type "allow" /url "*.gif"   }  # enable gifs
            /0043 { /type "allow" /url "*.ico"   }  # enable icos
            /0044 { /type "allow" /url "*.js"    }  # enable javascript
            /0045 { /type "allow" /url "*.png"   }  # enable png
            /0046 { /type "allow" /url "*.swf"   }  # enable flash
            /0047 { /type "allow" /url "*.jpg"   }  # enable jpg
            /0048 { /type "allow" /url "*.jpeg"  }  # enable jpeg
            /0049 { /type "allow" /url "*.woff"  }  # enable woff font
            /0050 { /type "allow" /url "*.eot"  }   # enable eot
            /0051 { /type "allow" /url "*.svg"  }   # enable svg
            /0052 { /type "allow" /url "*.ttf"  }   # enable ttf
            /0053 { /type "allow" /url "*.doc"  }   # enable doc
            /0054 { /type "allow" /url "*.docx"  }   # enable docx
            /0055 { /type "allow" /url "*.pdf"  }   # enable pdf
            /0062 { /type "allow" /glob "/libs/cq/personalization/*"  }  # enable personalization
            /0063 { /type "allow" /glob "POST /content/[.]*.form.html" }  # allow POSTs to form selectors under content
            /0064 { /type "allow" /glob "POST /content/[.]*.commerce.cart.json" }  # allow POSTs to update
            /0065 { /type "allow" /glob  "/libs/wcm/stats/tracker.js"  }
            /0066 { /type "allow" /glob  "/libs/cq/personalization/components/clickstreamcloud/content/config.json"  }
            #/0067 { /type "allow" /glob  "/libs/cq/security/userinfo.json"  }
            /0095 { /type "deny"  /url "*.infinity.json" }
            /0096 { /type "deny"  /url "*.tidy.json"     }
            /0097 { /type "deny"  /url "*.sysview.xml"   }
            /0098 { /type "deny"  /url "*.docview.json"  }
            /0099 { /type "deny"  /url "*.docview.xml"  }
            /00100 { /type "deny"  /url "*.*[0-9].json" }
            #/00101 { /type "allow" /method "GET" /url "*.1.json" }  # allow one-level json requests
            /00102 { /type "deny"  /url "GET *.feed*"      }  
            /00103 { /type "deny" /url "GET /content*.json*" } 
            /00104 { /type "deny" /glob "GET /etc/*.json*" }
            /00105 { /type "deny"  /glob "GET *.feed*"  }
            /00106 { /type "deny"  /url "GET *.xml*"  }
            /00107 { /type "deny"  /glob "GET *.xml*"  }
            /00108 { /type "deny" /url "GET *.json*" }
            /00109 { /type "deny" /glob "GET *.json*" }
            /00119 { /type "allow"  /url "/bin/permissioncheck" }
            /00120 { /type "allow"  /url "GET /bin/permissioncheck" }
        }

        /cache
        {
            /docroot "C:/AEM/dispatcher_cache"  #environment specific
            /statfileslevel "0"
            /allowAuthorized "1"
            #/allowAuthorized "0"
            /serveStaleOnError "1"
            /rules
            {
                /0000
                {
                    /glob "*"
                    /type "allow"
                    #/type "deny"
                }
                /0001
                {
                    /glob "/en.sitemap.xml"
                    /type "deny"
                } 
            }

            /invalidate
            {
                /0000
                {
                    /glob "*"
                    /type "deny"
                }
                /0001
                {
                    /glob "*.html"
                    /type "allow"
                }
                /0002
                {
                    /glob "/etc/segmentation.segment.js"
                    /type "allow"
                }
                /0003
                {
                    /glob "*/analytics.sitecatalyst.js"
                    /type "allow"
                }
                #/0004
                    #{
                    #/glob "/en.sitemap.xml"
                    #/type "allow"
                    #}  
            }

            /allowedClients
            {

                /0000
                {
                    /glob "*"
                    /type "deny"
                }
                /0001
                {
                    /glob "127.0.*.*"
                    /type "allow"
                }
            }
            /ignoreUrlParams
            {
                /0001 { /glob "*" /type "allow" }
                /0002 { /glob "q" /type "deny" }
            }
        }

        /statistics
        {
            /categories
            {
                /html
                {
                    /glob "*.html"
                }
                /others
                {
                    /glob "*"
                }
            }
        }
        /retryDelay "2"
        /numberOfRetries "5"
        /unavailablePenalty "5"
        /failover "1"
    }
}

 

My servlet code is 

 

  public void doHead(SlingHttpServletRequest request, SlingHttpServletResponse response) {
        try{ 
            //retrieve the requested URL
            String uri = request.getParameter("uri");
            //obtain the session from the request
            Session session = request.getResourceResolver().adaptTo(javax.jcr.Session.class);
            
            final SlingHttpServletRequest slingRequest = (SlingHttpServletRequest) request;
            final SlingHttpServletResponse slingResponse = (SlingHttpServletResponse) response;
            UserProperties userProps = slingRequest.adaptTo(UserProperties.class);
            
            if(null != userProps && StringUtils.isNotEmpty(userProps.getAuthorizableID())){
                logger.info("authchecker says OK");
                logger.error("authchecker says OK and teh user is " + userProps.getAuthorizableID());
                response.setStatus(SlingHttpServletResponse.SC_OK);
            } else{
                logger.info("AUTHCHECKSERVLET :: authchecker says NO USER ID");
                logger.error("authchecker says OK and teh user is " + userProps.getAuthorizableID());
                System.out.println("AUTH CHECKER SAYS FORBIDDEN::: " + userProps + " Session user id :: " + session.getUserID());
                response.setStatus(SlingHttpServletResponse.SC_FORBIDDEN);
            }

Please suggest on how to make sure the user is logged in before rendering from the cache.

Replies

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,408 likes

Total Posts

12,671 posts

Correct Reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

17-05-2016

I have a requirement where the user has to login to see the pages. I have implemented the way explained in the https://docs.adobe.com/docs/en/dispatcher/permissions-cache.html.

What is happening when you follow the documentation? 

Avatar

Avatar
Validate 1
Level 2
Ravi_KS
Level 2

Likes

0 likes

Total Posts

40 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Affirm 1
View profile

Avatar
Validate 1
Level 2
Ravi_KS
Level 2

Likes

0 likes

Total Posts

40 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Affirm 1
View profile
Ravi_KS
Level 2

18-05-2016

Hi,

I am facing the following issues after I implemented according to the documentation,

1. When we set allowAuthorize to 1, the page caches. But as soon as the page is cached the next user when try to access, the dispatcher serves the page from the cache without asking him to login.

2. When we set allowauthorize to 0, the page wont get cached and works fine asking the user to login if he has not logged in but the page always get rendered from publisher.

What we need is to cache the page and the dispacther should invoke my authorize servlet to check if he has logged in or not, if yes then render from cache if not then redirect him to login.

Avatar

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile

Avatar
Validate 10
Level 2
Veera_kandregul
Level 2

Likes

5 likes

Total Posts

27 posts

Correct Reply

2 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 1
View profile
Veera_kandregul
Level 2

28-08-2017

Hi Ravi,

Following up on your question above, did you get chance to find solution to this problem?