Expand my Community achievements bar.

Internal Server Error for j_security_check post request.

Avatar

Level 4

Hi guys, I'm using AEM 6.4 in which I've set up a login page. On the server we have a dispatcher configured and I confirm that without the dispatcher everything it's working alright. When I'm doing that post request to the j_security_check I get as a response an Internal Server Error.

1704607_pastedImage_1.png

I'm out of ideas with this. I mention, if I make the request bypassing the dispatcher, everything works.
I've also set the

/0099 { /type "allow" /global "*j_security_check*" }

Re: CUG Login Authentication

6 Replies

Avatar

Level 10

If both positive & negative use cases are working fine on publish server directly, then you may want to check Apache Sling Referrer Filter and CSRF configuration on publish server that would play a role when you request via dispatcher.

Could you also validate token.json is allowed in dispatcher or share dispatcher filter restrictions.

Avatar

Level 4

I've checked the Apache Sling Referrer Filter, it looks like this:

1706012_pastedImage_0.png

This is my CSRF Filter

1706013_pastedImage_1.png

I have these rules set

/0038 { /type "allow" /glob "* *j_security_check*" }

/0039 { /type "allow" /glob "POST *saml_login*" }

/0040 { /type "allow" /glob "* /libs/granite/csrf/token.json*" }

Avatar

Level 4

Also, I've noticed the following message on console for successfully login:

   07.03.2019 08:40:50.337 *INFO* [sling-oak-observation-10] com.adobe.cq.social.sync.impl.PublisherSyncServiceImpl Handing these paths to the distribution subsystem: [/home/users/D/DZ03D2XUETM29ZIM-ks4/profile] 07.03.2019 08:40:50.337 *INFO* [sling-oak-observation-10] org.apache.sling.distribution.agent.impl.SimpleDistributionAgent [agent][socialpubsync-reverse] REQUEST-START DSTRQ118: ADD paths=[/home/users/D/DZ03D2XUETM29ZIM-ks4/profile], user=communities-user-admin 07.03.2019 08:40:50.342 *WARN* [sling-oak-observation-19] org.apache.jackrabbit.oak.jcr.observation.ChangeProcessor Error while dispatching observation events for /home/users//*[10001b]@com.adobe.social.integrations.livefyre.user.pingforpull.impl.PingPullServlet

Avatar

Level 4

POST /content/project.html HTTP/1.1] org.apache.sling.servlets.post.impl.operations.ModifyOperation Exception during response processing. java.lang.IllegalArgumentException: Value for key resource can't be put into node: /content/project/en.html

Avatar

Level 10

Either check 'Allow Empty' to allow empty hosts for testing or if you plan to use a host header then configure the same in 'Allow Hosts' of Sling Referrer Filter -- that should fix the current issue if it works on publish directly.

POST method is removed in 'Filter Methods' which is fine for testing but not from security viewpoint.

The other error -

When you execute 'POST /content/project.html' then make sure your user has appropriate write permissions on /content/project node. The error says that you're trying to post on the content page node itself. I'm not sure of your use case that why would you want to post to a content page node in publish server.

Avatar

Employee Advisor

Can you share any details about the message in the AEM error.log, when you do the post via dispatcher? Is the request in question reaching AEM at all (check the request.log)?

The error message you posted looks like an Apache error message, and not coming from Sling. it could be that's it is originating from Apache itself (mis-configuration? you might also check apache's error.log or the dispatcher log file) or it is masking an internal server error it received from AEM. I guess that's the very first step you need to do to understand the issue.