Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now

Mark Solution

This conversation has been locked due to inactivity. Please create a new post.

SOLVED

Problem with AuthenticationHandler

Avatar

Level 2
Level 2
10/15/15 7:26:30 PM

Hi All,

I'm facing an Authentication issue in my web app (AEM6, authentication via form login). I implemented an AuthenticationHandler that is involved for a specific path (/content/it).

It works well and it is invoked also for the login page url (/content/it/login.html).  Following the Sling documentation (http://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html) I tried to exclude this path, register it inside the AuthenticationHandler using service registration property sling.auth.requirements.

I understood this is the configuration to ensure the login form can be rendered without requiring authentication.

Now login page path appears in 'Adobe Experience Manager Web Console' (/system/console/slingauth) as a path for which Authentication is NO Required correctly.

Unfortunately, the method extractCredentials of my AuthenticationHandler continue to be invoked. Is this correct? Or in other words what did I fail or what I did misunderstand?

Thanks in advance for your help.

Emilio

Views

707

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee
Employee
10/15/15 7:26:30 PM

Hi,

You've done everything correctly. This is the expected behavior and you actually indicated why in your post (emphasis added by me):

I understood this is the configuration to ensure the login form can be rendered without requiring authentication.

In other words, the sling.auth.requirements property says that a path can be rendered without authentication, but not only without authentication. So since /content/it/login.html is under /content/it, your AuthenticationHandler will still get asked to extract credentials. If there are no credentials to extract, your extractCredentials method should return null.

Regards,

Justin

View solution in original post

Views

655

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Employee
Employee
10/15/15 7:26:30 PM

Hi,

You've done everything correctly. This is the expected behavior and you actually indicated why in your post (emphasis added by me):

I understood this is the configuration to ensure the login form can be rendered without requiring authentication.

In other words, the sling.auth.requirements property says that a path can be rendered without authentication, but not only without authentication. So since /content/it/login.html is under /content/it, your AuthenticationHandler will still get asked to extract credentials. If there are no credentials to extract, your extractCredentials method should return null.

Regards,

Justin

Views

656

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Problem with URL with selector Solved

Views

136

Likes

0

Replies

2
Issue with Receiving Duplicate Emails in AEM Cloud Scheduler Solved

Views

1.6K

Likes

0

Replies

4
Can we use Microsoft OpenJDK11 with AEMaaCS ? Solved

Views

338

Likes

0

Replies

2
AdobeDataLayer Custom attribute issue with Dispatcher Facing URL Solved

Views

345

Likes

0

Replies

1
Issues with AEM Target integration

Views

347

Likes

0

Replies

5