Expand my Community achievements bar.

SOLVED

How to Configure Anonymous Access to SlingServlet

Avatar

Former Community Member

Hi there

I’ve written a custom SlingServlet that transforms custom XML feeds into RSS format.  I’ve deployed the servlet and can hit it directly when logged in into AEM via a URL like http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz.  That call returns an xml document.

Now, I'm trying to use that servlet call as the value for the "URL" field in the Feed Importer e.g.:

However, the polling importer is returning a HTTP 401; here is the output from the logs:

19.12.2013 15:11:35.462 *INFO* [ObservationManager] com.day.cq.polling.importer.impl.PollingImporterImpl addResource: Registering PollConfig PollConfig(/etc/importers/polling/1_1387483895125): scheme=rss,source=http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz,target=/content/u...

19.12.2013 15:11:35.464 *INFO* [ObservationManager] com.day.cq.cq-polling-importer Service [PollConfig(/etc/importers/polling/1_1387483895125): scheme=rss,source=hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz,target=/content/u...] ServiceEvent REGISTERED

19.12.2013 15:11:35.469 *INFO* [pool-6-thread-5] com.day.cq.polling.importer.impl.PollingImporterImpl importData: Importing data from rss:hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz to /content/usergenerated/content/ as admin by com.adobe.cq.social.blog.impl.importer.FeedImporter@2c4bbdb7

19.12.2013 15:11:35.469 *INFO* [pool-6-thread-5] com.adobe.cq.social.blog.impl.importer.FeedImporter fetching feed 'hhttp://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz'

19.12.2013 15:11:35.476 *INFO* [127.0.0.1 [1387483895476] GET /bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz HTTP/1.1] org.apache.sling.auth.core.impl.SlingAuthenticator getAnonymousResolver: Anonymous access not allowed by configuration - requesting credentials

19.12.2013 15:11:35.496 *INFO* [pool-6-thread-5] org.apache.commons.httpclient.auth.AuthChallengeProcessor basic authentication scheme selected

19.12.2013 15:11:35.497 *INFO* [pool-6-thread-5] org.apache.commons.httpclient.HttpMethodDirector No credentials available for BASIC 'Sling (Development)'@localhost:4502

19.12.2013 15:11:35.497 *WARN* [pool-6-thread-5] com.adobe.cq.social.blog.impl.importer.FeedImporter Could not fetch feed 'http://localhost:4502/bin/wcm/external-feeds/transform?urlParam1=abc&urlParam2=xyz'. The requested resource could not be found. HTTP Response code was:401

 

My question is, how do I resolve this?  Only AEM will ever call this servlet, specifically the AEM Feed Importer, so how do I give it access?  Alternatively, how do I configure anonymous access to the sling servlet?  I've read a lot of Sling documentation, but don't see a clear way of how to do this.

 

Thanks in advance

KRB

1 Accepted Solution

Avatar

Correct answer by
Level 10

We have an example of a outside client hitting a Sling Servlet that does not require authentication. See this article:

http://helpx.adobe.com/experience-manager/using/post_files.html

View solution in original post

5 Replies

Avatar

Correct answer by
Level 10

We have an example of a outside client hitting a Sling Servlet that does not require authentication. See this article:

http://helpx.adobe.com/experience-manager/using/post_files.html

Avatar

Level 10

Define using sling.auth.requirements service property with "-" so that you get anonymous access http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html#...

Avatar

Former Community Member

Hi Scott,

I saw that thread, but it didn't seem as though there was a clear answer i.e. no reply marked correct.

This is occurring on my authoring server, but is the answer to set /libs/cq/security/config.publish/com.day.cq.wcm.foundation.impl.HTTPAuthHandler > auth.http.nologin to false?  If so, what are the consequences of that change?

Thanks.

RKB

Avatar

Level 6

IMHO, you should not allow anything to read from the Author environment without authorization. If it is not public on an publish instance, then it should not be able to get the info without having the correct security credentials.

 

/Ove