Adobe Experience Manager Sites & More

BenZahler · 10/15/15

Hi all,

I am implementing the permission sensitive caching as documented here:

http://dev.day.com/docs/en/cq/current/deploying/dispatcher/permissions_cache.html

However, I have a conceptual Problem:

When the Authorization fails, the user should be redirected to a page. The page to be redirected should ideally come from the authorization servlet. I have implemented that in a way that the authorization servlet sends a HTTP 302 response.

This is the HTTP when I invoke authorization servlet directly:

# curl -u admin:admin -v -X GET http://localhost:4502/bin/disclaimercheck
* About to connect() to localhost port 4502 (#0)
* Trying 127.0.0.1... connected
* Connected to localhost (127.0.0.1) port 4502 (#0)
* Server auth using Basic with user 'admin'
> GET /bin/disclaimercheck HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.20.1 (i686-pc-cygwin) libcurl/7.20.1 OpenSSL/0.9.8r zlib/1.2.5 libidn/1.18 libssh2/1.2.5
> Host: localhost:4502
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Connection: Keep-Alive
< Server: Day-Servlet-Engine/4.1.52
< Content-Length: 0
< Date: Wed, 27 Nov 2013 09:08:09 GMT
< Location: http://dev.day.com
< Set-Cookie: cq-authoring-mode=CLASSIC; Path=/
<
* Connection #0 to host localhost left intact
* Closing connection #0

When I invoke this in Dispatcher, the communication is:

# curl -v -X HEAD http://******.ch/de/gs/dispatcher/test4ben_dcl.html
* About to connect() to *******.ch port 80 (#0)
* Trying ******... connected
* Connected to****** port 80 (#0)
> HEAD /de/gs/dispatcher/test4ben_dcl.html HTTP/1.1
> User-Agent: curl/7.20.1 (i686-pc-cygwin) libcurl/7.20.1 OpenSSL/0.9.8r zlib/1.2.5 libidn/1.18 libssh2/1.2.5
> Host:*********
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Wed, 27 Nov 2013 09:14:40 GMT
< Server: Apache/2.2.25 (Win32) Communique/4.1.4
< X-Frame-Options: SAMEORIGIN
< Location: http://dev.day.com
< Content-Type: text/html;charset=utf-8
* no chunk, no close, no size. Assume close to signal end
<
* Closing connection #0

As you can see, the location header is configured to be returned to the client, but the HTTP Response status is changed to 200 by Dispatcher. Can this be changed in any way?

And here is the log from the dispatcher:

[Wed Nov 27 10:14:40 2013] [D] [4224(748)] checking [/content/test/de/gs/dispatcher/test4ben_dcl.html]
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] cache file is newer than lastflush -> use cache [C:\***\test\de\gs\dispatcher\test4ben_dcl.html]
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] AuthChecker: connected to render rend01 (localhost:4503)
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] AuthChecker: sending accept: */*
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] AuthChecker: sending host: *****
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] AuthChecker: sending user-agent: curl/7.20.1 (i686-pc-cygwin) libcurl/7.20.1 OpenSSL/0.9.8r zlib/1.2.5 libidn/1.18 libssh2/1.2.5
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] response.headers[Location] = " http://dev.day.com"
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] response.headers[Date] = " Wed, 27 Nov 2013 09:14:40 GMT"
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] response.headers[Content-Length] = " 0"
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] response.headers[Server] = " Day-Servlet-Engine/4.1.52 "
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] response.headers[Connection] = " Close"
[Wed Nov 27 10:14:40 2013] [I] [4224(748)] Authorization Checker did not allow spooling file 'C:\*****\content\test\de\gs\dispatcher\test4ben_dcl.html'
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] cache-action for [/content/test/de/gs/dispatcher/test4ben_dcl.html]: NONE
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] connected to render rend01 (localhost:4503)
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] Spooling request header: accept
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] Spooling request header: host
[Wed Nov 27 10:14:40 2013] [D] [4224(748)] Spooling request header: user-agent
[Wed Nov 27 10:14:42 2013] [D] [4224(748)] Detected: chunked transfer encoding
[Wed Nov 27 10:14:42 2013] [D] [4224(748)] response.status = 200
[Wed Nov 27 10:14:42 2013] [D] [4224(748)] response.headers[Server] = "Day-Servlet-Engine/4.1.52 "
[Wed Nov 27 10:14:42 2013] [D] [4224(748)] response.headers[Content-Type] = "text/html;charset=utf-8"
[Wed Nov 27 10:14:42 2013] [D] [4224(748)] response.headers[Date] = "Wed, 27 Nov 2013 09:14:42 GMT"
[Wed Nov 27 10:14:42 2013] [D] [4224(748)] Content length: -1, written: 25919
[Wed Nov 27 10:14:42 2013] [I] [4224(748)] "HEAD /content/test/de/gs/dispatcher/test4ben_dcl.html" 200 25906 1531ms

Dispatcher version is (4.1.4) on Apache 2.2.25

Does anyone have an idea if or how this should work?

thanks,

Ben

BenZahler · 10/15/15

found the way this works: if the authorization fails, dispatcher serves the page from CQ5 uncached.

That means that any redirection can be implemented in CQ5.

Note that this also means that the authorization must be implemented in the CQ5 content as well!

View solution in original post

BenZahler · 10/15/15

found the way this works: if the authorization fails, dispatcher serves the page from CQ5 uncached.

That means that any redirection can be implemented in CQ5.

Note that this also means that the authorization must be implemented in the CQ5 content as well!

Adobe Experience Manager Sites & More

Permission Sensitive Caching: Action if failed

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe