Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

How to Configure Anonymous Access to SlingServlet

Avatar

Former Community Member
10/15/15 7:26:27 PM

Hi there

I’ve written a custom SlingServlet that transforms custom XML feeds into RSS format.  I’ve deployed the servlet and can hit it directly when logged in into AEM via a URL like http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz.  That call returns an xml document.

Now, I'm trying to use that servlet call as the value for the "URL" field in the Feed Importer e.g.:

However, the polling importer is returning a HTTP 401; here is the output from the logs:

19.12.2013 15:11:35.462 *INFO* [ObservationManager] com.day.cq.polling.importer.impl.PollingImporterImpl addResource: Registering PollConfig PollConfig(/etc/importers/polling/1_1387483895125): scheme=rss,source=http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz,target=/content/u...

19.12.2013 15:11:35.464 *INFO* [ObservationManager] com.day.cq.cq-polling-importer Service [PollConfig(/etc/importers/polling/1_1387483895125): scheme=rss,source=hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz,target=/content/u...] ServiceEvent REGISTERED

19.12.2013 15:11:35.469 *INFO* [pool-6-thread-5] com.day.cq.polling.importer.impl.PollingImporterImpl importData: Importing data from rss:hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz to /content/usergenerated/content/ as admin by com.adobe.cq.social.blog.impl.importer.FeedImporter@2c4bbdb7

19.12.2013 15:11:35.469 *INFO* [pool-6-thread-5] com.adobe.cq.social.blog.impl.importer.FeedImporter fetching feed 'hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz'

19.12.2013 15:11:35.476 *INFO* [127.0.0.1 [1387483895476] GET /bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

19.12.2013 15:11:35.496 *INFO* [pool-6-thread-5] org.apache.commons.httpclient.auth.AuthChallengeProcessor basic authentication scheme selected

19.12.2013 15:11:35.497 *INFO* [pool-6-thread-5] org.apache.commons.httpclient.HttpMethodDirector No credentials available for BASIC 'Sling (Development)'@localhost:4502

19.12.2013 15:11:35.497 *WARN* [pool-6-thread-5] com.adobe.cq.social.blog.impl.importer.FeedImporter Could not fetch feed 'http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz'. The requested resource could not be found. HTTP Response code was:401

 

My question is, how do I resolve this?  Only AEM will ever call this servlet, specifically the AEM Feed Importer, so how do I give it access?  Alternatively, how do I configure anonymous access to the sling servlet?  I've read a lot of Sling documentation, but don't see a clear way of how to do this.

 

Thanks in advance

KRB

Views

4.5K

Replies

5

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:26:27 PM

We have an example of a outside client hitting a Sling Servlet that does not require authentication. See this article:

http://helpx.adobe.com/experience-manager/using/post_files.html

View solution in original post

Views

1.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:26:27 PM

We have an example of a outside client hitting a Sling Servlet that does not require authentication. See this article:

http://helpx.adobe.com/experience-manager/using/post_files.html

Views

1.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 10
Level 10
10/15/15 7:26:27 PM

Define using sling.auth.requirements service property with "-" so that you get anonymous access http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html#...

Views

1.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Former Community Member
10/15/15 7:26:27 PM

Hi Scott,

I saw that thread, but it didn't seem as though there was a clear answer i.e. no reply marked correct.

This is occurring on my authoring server, but is the answer to set /libs/cq/security/config.publish/com.day.cq.wcm.foundation.impl.HTTPAuthHandler > auth.http.nologin to false?  If so, what are the consequences of that change?

Thanks.

RKB

Views

1.9K

Replies

0

Total Likes

Translate
Translate

Avatar

Level 6
Level 6
10/15/15 7:26:27 PM

IMHO, you should not allow anything to read from the Author environment without authorization. If it is not public on an publish instance, then it should not be able to get the info without having the correct security credentials.

 

/Ove

Views

2.0K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
I want to disable the delete copy move and all the other options for the child components Solved

Views

105

Likes

0

Replies

5
Sharing common data to multiple features in Tab component

Views

18

Likes

0

Replies

1
Ability to preview or thumbnail to preview for XF

Views

61

Likes

0

Replies

2
AEM session management and user access

Views

62

Likes

0

Replies

2
How to restrict number of items that can be added in carousel?

Views

84

Likes

0

Replies

3