Highlighted

Internal Server Error for j_security_check post request.

demd43642519

05-03-2019

Hi guys, I'm using AEM 6.4 in which I've set up a login page. On the server we have a dispatcher configured and I confirm that without the dispatcher everything it's working alright. When I'm doing that post request to the j_security_check I get as a response an Internal Server Error.

1704607_pastedImage_1.png

I'm out of ideas with this. I mention, if I make the request bypassing the dispatcher, everything works.
I've also set the

/0099 { /type "allow" /global "*j_security_check*" }

Re: CUG Login Authentication

Replies

Highlighted

Gaurav-Behl

MVP

05-03-2019

If both positive & negative use cases are working fine on publish server directly, then you may want to check Apache Sling Referrer Filter and CSRF configuration on publish server that would play a role when you request via dispatcher.

Could you also validate token.json is allowed in dispatcher or share dispatcher filter restrictions.

Highlighted

demd43642519

07-03-2019

I've checked the Apache Sling Referrer Filter, it looks like this:

1706012_pastedImage_0.png

This is my CSRF Filter

1706013_pastedImage_1.png

I have these rules set

/0038 { /type "allow" /glob "* *j_security_check*" }

/0039 { /type "allow" /glob "POST *saml_login*" }

/0040 { /type "allow" /glob "* /libs/granite/csrf/token.json*" }

Highlighted

demd43642519

07-03-2019

Also, I've noticed the following message on console for successfully login:

   07.03.2019 08:40:50.337 *INFO* [sling-oak-observation-10] com.adobe.cq.social.sync.impl.PublisherSyncServiceImpl Handing these paths to the distribution subsystem: [/home/users/D/DZ03D2XUETM29ZIM-ks4/profile] 07.03.2019 08:40:50.337 *INFO* [sling-oak-observation-10] org.apache.sling.distribution.agent.impl.SimpleDistributionAgent [agent][socialpubsync-reverse] REQUEST-START DSTRQ118: ADD paths=[/home/users/D/DZ03D2XUETM29ZIM-ks4/profile], user=communities-user-admin 07.03.2019 08:40:50.342 *WARN* [sling-oak-observation-19] org.apache.jackrabbit.oak.jcr.observation.ChangeProcessor Error while dispatching observation events for /home/users//*[10001b]@com.adobe.social.integrations.livefyre.user.pingforpull.impl.PingPullServlet
Highlighted

demd43642519

07-03-2019

POST /content/project.html HTTP/1.1] org.apache.sling.servlets.post.impl.operations.ModifyOperation Exception during response processing. java.lang.IllegalArgumentException: Value for key resource can't be put into node: /content/project/en.html

Highlighted

Gaurav-Behl

MVP

07-03-2019

Either check 'Allow Empty' to allow empty hosts for testing or if you plan to use a host header then configure the same in 'Allow Hosts' of Sling Referrer Filter -- that should fix the current issue if it works on publish directly.

POST method is removed in 'Filter Methods' which is fine for testing but not from security viewpoint.

The other error -

When you execute 'POST /content/project.html' then make sure your user has appropriate write permissions on /content/project node. The error says that you're trying to post on the content page node itself. I'm not sure of your use case that why would you want to post to a content page node in publish server.

Highlighted

Jörg_Hoh

Employee

07-03-2019

Can you share any details about the message in the AEM error.log, when you do the post via dispatcher? Is the request in question reaching AEM at all (check the request.log)?

The error message you posted looks like an Apache error message, and not coming from Sling. it could be that's it is originating from Apache itself (mis-configuration? you might also check apache's error.log or the dispatcher log file) or it is masking an internal server error it received from AEM. I guess that's the very first step you need to do to understand the issue.