Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Custom Authentication Handler

Avatar

Former Community Member

Hi I have a requirement where App A consumes restful services exposed by CQ. Some of these are from author and some are from publisher. In case of author we need to provide authentication for consuming restful services exposed by CQ. This authentication should be done against client DS server before passing credentials to CQ. For this I planned to create Custom Authentication handler. Some issue in this custom authentication handler. Here there is no form based authentication.

Public class CustomAuthHandler implements AuthenticationHandler {

//implements

extractCredentials():

requestCredentials():

dropCredentials():

}

I will be mapping this handler to my restful service path (it is servlet path). This authentication handler triggers and extractCredentials() method will be called. Here I am doing 3rd party authentication if it is success I will extract credentials from request header and send AuthenticationInfo object. It works fine. In case of failure also it works fine. But I just added return false in requestCredentials() method and nothing in dropCredentials(). As per API we need to give login form in requestCredentials and cleanup any sessions in dropCredentials but I am not sure what exactly I need to implement in these 2 methods for my requirement.

1 Accepted Solution

Avatar

Correct answer by
Level 10

You can always returns false at requestCredentials because looking at your handler implementation never requests credentials itself. Instead it is provided through a different form.

In dropCredentials  can be used to remove the token node/ cookie that needs cleanup on logout .

View solution in original post

3 Replies

Avatar

Level 10

Here is a good community artilce that may help you. It talks about creating a custom authentication handler:

http://www.wemblog.com/2013/03/how-to-create-custom-authentication.html

HTH

Avatar

Former Community Member

Hey Smac,

I was trying to reply to this thread but I don't know this blog is going down very frequently.

I saw that blog but in that Yogesh talks more about form authentication in my case there is no form.

Avatar

Correct answer by
Level 10

You can always returns false at requestCredentials because looking at your handler implementation never requests credentials itself. Instead it is provided through a different form.

In dropCredentials  can be used to remove the token node/ cookie that needs cleanup on logout .