Expand my Community achievements bar.

SOLVED

How to Configure Anonymous Access to SlingServlet

Avatar

Former Community Member
10/15/15 7:26:27 PM

Hi there

I’ve written a custom SlingServlet that transforms custom XML feeds into RSS format.  I’ve deployed the servlet and can hit it directly when logged in into AEM via a URL like http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz.  That call returns an xml document.

Now, I'm trying to use that servlet call as the value for the "URL" field in the Feed Importer e.g.:

However, the polling importer is returning a HTTP 401; here is the output from the logs:

19.12.2013 15:11:35.462 *INFO* [ObservationManager] com.day.cq.polling.importer.impl.PollingImporterImpl addResource: Registering PollConfig PollConfig(/etc/importers/polling/1_1387483895125): scheme=rss,source=http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz,target=/content/u...

19.12.2013 15:11:35.464 *INFO* [ObservationManager] com.day.cq.cq-polling-importer Service [PollConfig(/etc/importers/polling/1_1387483895125): scheme=rss,source=hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz,target=/content/u...] ServiceEvent REGISTERED

19.12.2013 15:11:35.469 *INFO* [pool-6-thread-5] com.day.cq.polling.importer.impl.PollingImporterImpl importData: Importing data from rss:hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz to /content/usergenerated/content/ as admin by com.adobe.cq.social.blog.impl.importer.FeedImporter@2c4bbdb7

19.12.2013 15:11:35.469 *INFO* [pool-6-thread-5] com.adobe.cq.social.blog.impl.importer.FeedImporter fetching feed 'hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz'

19.12.2013 15:11:35.476 *INFO* [127.0.0.1 [1387483895476] GET /bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

19.12.2013 15:11:35.496 *INFO* [pool-6-thread-5] org.apache.commons.httpclient.auth.AuthChallengeProcessor basic authentication scheme selected

19.12.2013 15:11:35.497 *INFO* [pool-6-thread-5] org.apache.commons.httpclient.HttpMethodDirector No credentials available for BASIC 'Sling (Development)'@localhost:4502

19.12.2013 15:11:35.497 *WARN* [pool-6-thread-5] com.adobe.cq.social.blog.impl.importer.FeedImporter Could not fetch feed 'http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz'. The requested resource could not be found. HTTP Response code was:401

 

My question is, how do I resolve this?  Only AEM will ever call this servlet, specifically the AEM Feed Importer, so how do I give it access?  Alternatively, how do I configure anonymous access to the sling servlet?  I've read a lot of Sling documentation, but don't see a clear way of how to do this.

 

Thanks in advance

KRB

Views

4.5K

Replies

5

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:26:27 PM

We have an example of a outside client hitting a Sling Servlet that does not require authentication. See this article:

http://helpx.adobe.com/experience-manager/using/post_files.html

View solution in original post

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:26:27 PM

We have an example of a outside client hitting a Sling Servlet that does not require authentication. See this article:

http://helpx.adobe.com/experience-manager/using/post_files.html

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 10
Level 10
10/15/15 7:26:27 PM

Define using sling.auth.requirements service property with "-" so that you get anonymous access http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html#...

Views

1.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Former Community Member
10/15/15 7:26:27 PM

Hi Scott,

I saw that thread, but it didn't seem as though there was a clear answer i.e. no reply marked correct.

This is occurring on my authoring server, but is the answer to set /libs/cq/security/config.publish/com.day.cq.wcm.foundation.impl.HTTPAuthHandler > auth.http.nologin to false?  If so, what are the consequences of that change?

Thanks.

RKB

Views

1.8K

Replies

0

Total Likes

Translate
Translate

Avatar

Level 6
Level 6
10/15/15 7:26:27 PM

IMHO, you should not allow anything to read from the Author environment without authorization. If it is not public on an publish instance, then it should not be able to get the info without having the correct security credentials.

 

/Ove

Views

1.9K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM Text component Source Edit doesn't allow to have Id with "?" Solved

Views

103

Likes

0

Replies

2
Is it possible to use the sightly htl as a templating ?

Views

27

Likes

0

Replies

0
Context aware configuration

Views

48

Likes

0

Replies

1
Yaml file to create CICD pipeline for Adobe Cloud Manager

Views

86

Likes

0

Replies

4
How to customize create button on content/dam

Views

71

Likes

0

Replies

1