Hi,
I have written a filter to check whether user is login, if not, redirect it to the login page. I am referring to this filter code mentioned in this article http://aemfaq.blogspot.sg/2013/05/blocking-anonymous-access-to-crx-in-non.html
But when I tested it, the filter seems not work for the URL: http://localhost:4502/crx/de/index.jsp
I checked the log, the filter seems not go into the doFilter method. Here is my filter code:
import javax.servlet.*; import java.io.IOException; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.Cookie; import javax.servlet.RequestDispatcher; import org.apache.felix.scr.annotations.Activate; import org.apache.felix.scr.annotations.Component; import org.apache.felix.scr.annotations.sling.SlingFilter; import org.apache.felix.scr.annotations.sling.SlingFilterScope; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @SlingFilter(generateComponent = false, generateService = true, order = -50001, scope = SlingFilterScope.REQUEST) @Component(immediate = true, metatype = false) public class CrxLoginFilter implements Filter { protected static final Logger log = LoggerFactory.getLogger(CrxLoginFilter.class); public void init(FilterConfig config) throws ServletException { log.info("Init with config [" + config + "]"); } @Activate protected void activate(final Map<String, Object> props) { log.info("***** activate *****"); } public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { log.info("inside doFilter "); if ( req instanceof HttpServletRequest && res instanceof HttpServletResponse ) { final HttpServletRequest request = (HttpServletRequest)req; final HttpServletResponse response = (HttpServletResponse)res; String pathInfo = request.getPathInfo() ; boolean crxdeAuthenticated = false; boolean crxAuthenticated = false; log.info("============ pathInfo " + pathInfo); if(pathInfo != null){ Cookie[] cookies = request.getCookies(); if(cookies!=null){ for (int i = 0; i < cookies.length; i++) { String name = cookies[i].getName(); String value = cookies[i].getValue(); if(name!=null && name.equals("login-workspace") && value!=null){ crxAuthenticated = true; } if(name!=null && name.equals("login-token") && value!=null){ crxdeAuthenticated = true; } } } log.info("============== ?? pathInfo " + pathInfo + ", crxAuthenticated " + crxAuthenticated); if(pathInfo.startsWith("/crx/explorer/crx_main_files/admin.css")){ //Do nothing log.info("======================== 1 ======================"); }else if ( !pathInfo.startsWith("/crx/explorer/login.jsp") && pathInfo.startsWith("/crx/explorer") && !crxAuthenticated ){ response.sendRedirect("/crx/explorer/login.jsp"); log.info("======================== 2 ======================"); return; }else if( ( pathInfo.startsWith("/crxde") || pathInfo.startsWith("/crx/de") ) && !crxdeAuthenticated ){ RequestDispatcher rd = request.getRequestDispatcher("/libs/granite/core/content/login.html"); log.info("======================== 3 ======================"); rd.forward(request, response); return; } } } chain.doFilter(req, res); } public void destroy() { log.info("Destroyed filter"); } }
Please help to advice what is wrong with the filter. I am using the AEM 6.1 SP1.
Thanks in advance!
Solved! Go to Solution.
Views
Replies
Total Likes
Hi Opkar,
to be exact: CRXDE is directly registered as servlet to the HTTP service, and it isn't a sling application. So a Sling filter isn't executed when you go to CRXDE (same as with the OSGI console). You need to register the filter directly as HTTP servlet filter.
Jörg
Does it work if you use another path? For example under "/content"? For example working code look at the ACS Samples code: http://adobe-consulting-services.github.io/acs-aem-samples/
Regards,
Opkar
Views
Replies
Total Likes
Hi Opkar,
The filter does work for the other path like /content/. It seems not do the filter for /crx/de
Views
Replies
Total Likes
This may be due the fact that crxde is not actually content in the repository, rather it is run from a content bundle, please see this answer from stack overflow:http://stackoverflow.com/questions/23718050/where-is-the-node-for-crx-explorer-stored-in-cq5-resposi...
Regards,
Opkar
Views
Replies
Total Likes
Hi Opkar,
to be exact: CRXDE is directly registered as servlet to the HTTP service, and it isn't a sling application. So a Sling filter isn't executed when you go to CRXDE (same as with the OSGI console). You need to register the filter directly as HTTP servlet filter.
Jörg
Thanks for the clarification Joerg :)
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies