Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Change user session for Anonymous URLs

Avatar

Level 2
Level 2
7/14/20 9:30:07 PM

Hi Experts,

 

Is it not possible to intercept a URL ( that is whitelisted for anonymous usage through "Apache Sling Authentication Service" configuration ) in AEM's Sling Filter and change it's User session ?

 

I'm trying to implement it with HttpServletRequestWrapper by adding a valid basic authorization token to request header. But, as I do requestWrapper.getUserPrincipal().getName().toString(), is still returning "anonymous" user. Any idea?

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

Experience Manager

Views

924

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
7/15/20 4:48:12 AM

Hi,

Is my understanding correct that based on certain criteria you want to switch an anonymous session into an authenticated session of a different user?

Technically it should be possible (wrap the HttpRequest and inject a different session), but that's a lot of of work to make it right in all circumstances.

 

What do you want to achieve with that? I am quite sure that there might be a simpler way to solve your requirement.

 

Jörg

View solution in original post

Views

907

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Employee Advisor
Employee Advisor
7/15/20 4:48:12 AM

Hi,

Is my understanding correct that based on certain criteria you want to switch an anonymous session into an authenticated session of a different user?

Technically it should be possible (wrap the HttpRequest and inject a different session), but that's a lot of of work to make it right in all circumstances.

 

What do you want to achieve with that? I am quite sure that there might be a simpler way to solve your requirement.

 

Jörg

Views

908

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
7/23/20 10:15:29 AM
In response to Jörg_Hoh
Hi Jörg, yes, you are right. I want an external system to access /bin/querybuilder.json, but since it is an authenticated service, I've taken an approach to creating an anonymous servlet that acts like a controller that collects request, check the header for token, authorize against an external OAuth server and if successful, want to create a system user session and pass it to the Querybuilder API using sling's org.apache.sling.engine.SlingRequestProcessor. Please suggest any better approach.

Views

870

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
7/27/20 12:28:29 PM
In response to Jörg_Hoh
Hm, that sounds quite problematic, because you need to proxy a request. If you are familiar with the QueryBuilder java API, you could write your own servlet, which checks against the external system and then uses the QueryBuilder API directly. You don't start a new HTTP request, but instead approach the API directly. And then you can also pass a different JCR session than the session the user is using; for example you can use a JCR system user.

Views

859

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
how to set up cache invalidation on webserver for multiple domain Solved

Views

164

Likes

0

Replies

5
Regarding User Roles and Permissions API of Adobe commerce

Views

37

Likes

0

Replies

0
Permissions for usersgroups for pages

Views

66

Likes

0

Replies

1
Getting 406 Not Acceptable error code for below API request

Views

126

Likes

0

Replies

3
Minifying not working for Cloud environments

Views

110

Likes

0

Replies

3