Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.
SOLVED

Customizing 403 error pages on AEMaaCS Publish?

Avatar

Level 5

We are implementing authentication on our AEMaaCS website. We have created a custom Authentication Handler, and have login working correctly.

 

Our login is unique and we needed to roll our own implementation, with an integration to our in-house user group and permissions service.  Within our authentication handler, we are checking if the user's permissions (coming from a 3rd party integration) matches the permissions demanded by the page.  If they do, we return a valid auth result and let the user view the page.  If they don't, we set the response code to a 403 and do not allow the user to view the contents.

 

In the event that a user does not have permissions to a page, we are sending back a 403 status code.  This results in a default 403 error page being shown.

 

How can we customize the 403 behavior such that:

  • The URL is preserved.  For instance, if the user accesses /content/mysite/home/protected-page.html via mysite.com/protected-page (we use sling mappings to shorten urls and remove html extensions), we need to keep the user on mysite.com/protected-page but show an error.
  • The response contains a 403 status code
  • The page contents contains the output of another page in our website.  For instance, we store a content authorable 403 page at /content/mysite/error-pages/403.html.  When the user access mysite.com/protected-page, and encounters a 403 error, we need to show the contents of the /content/mysite/error-pages/403.html resource.

 

Is there a customization we can make in the Dispatcher to pull this off, or do we need to implement java code?

 

Thanks!

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Level 5

For anyone else looking for a solution to this- we were able to configure ACS Common's error page handler so that it handles this scenario.

 

The trick to trigger it, is to clear the response and set an explicit 403 from either a servlet or filter.  The ACS commons package will detect this and render your 403 error page.

View solution in original post

1 Reply

Avatar

Correct answer by
Level 5

For anyone else looking for a solution to this- we were able to configure ACS Common's error page handler so that it handles this scenario.

 

The trick to trigger it, is to clear the response and set an explicit 403 from either a servlet or filter.  The ACS commons package will detect this and render your 403 error page.