Adobe Experience Manager Sites & More

StevenRymenans · 12/3/15

Hi,

I have a question about "sling:alias". I have a few pages with a sling:alias configured. During development everything works and when we publish the page, the page is available and can be opened on the publish instance. As I'm setting up the dispatcher and configuring the sling mappings (/etc/map/) I noticed that the pages can't be resolved using the sling alias. When I tested the page on the publish again, when I wasn't logged in, I couldn't retrieve the page as well. It seems like I have to allow access to the page, I already configured access to the content root for the website.

When reading through the documentation I noticed that the SlingGetServlet does not allow anonymous requests that retrieve html pages, this could be the cause of my problem.

Im wondering what the best solution is to allow the sling:alias to be used from the dispatcher? Is there a configuration setting to allow a tree of pages?

Regards

Steven

StevenRymenans · 12/8/15

Another update: I debugged the sling engine code to determine when the alias was resolved and the sling code tries several strategies to resolve the content node, one of them is starting at the root node ('/') and adding everything until the path is resolved or an alias is found in the aliasMap. Granting the anonymous user access to root ('/') solves the issue.

I should add that the hotfix cq-6.1.0-hotfix-7700-2.2.zip is also necessary for this to work.

Everyone who tried to help, thank you very much. I'm glad this issue is resolved, on to the next one!

Regards

Steven

View solution in original post

Opkar_Gill · 12/4/15

When reading through the documentation I noticed that the SlingGetServlet does not allow anonymous requests that retrieve html pages, this could be the cause of my problem.

Can you provide the link for this please.

The publish instance is set up to give anonymous access, so not sure why you are required to log in to access a page, unless you have specifically setup authentication for a content path.

Vanity URL's are usually an issue in Dispatcher as they often do not follow the allowed patterns for passing through requests.

Regards,

Opkar

StevenRymenans · 12/4/15

Hi,

This link describes that a "production-ready" aem secures the sling get servlet: https://docs.adobe.com/docs/en/aem/6-1/administer/security/production-ready.html

I don't know whether this could be the cause of my issue.

The publish is indeed setup with anonymous access and I am able to request every page of my website. But when I try to access the page using it's "sling:alias" the page is not found.

Regards,

Steven

Feike_Visser1 · 12/7/15

Do you see anything in the AEM-logs when requesting it from the dispatcher?

You should see something in the access.log / error.log

StevenRymenans · 12/7/15

In the dispatcher.log I can see the following

Found farm ac2-company-com-aws-intranet for ac2.company.com.aws.intranet checking [/nl/categories/ladies.html] cachefile does not exist: /var/www/html/content/www-company-com/nl/categories/ladies.html try to create new cachefile: /var/www/html/content/www-company-com/nl/categories/ladies.html cache-action for [/nl/categories/ladies.html]: CREATE Creating new socket: publish-a.ac2.aws.intranet:4503 Connected to backend rend01 (publish-a.ac2.aws.intranet:4503) Adding request header: Host Adding request header: Cache-Control Adding request header: Accept Adding request header: Upgrade-Insecure-Requests Adding request header: User-Agent Adding request header: Accept-Encoding Adding request header: Accept-Language Adding request header: Via Adding request header: X-Forwarded-For Adding request header: Server-Agent response.status = 404 response.headers[Date] = "Mon, 07 Dec 2015 12:24:56 GMT" response.headers[X-Content-Type-Options] = "nosniff" response.headers[Content-Type] = "text/html; charset=UTF-8" response.headers[X-Powered-By] = "Jetty(9.2.9.v20150224)" "GET /nl/categories/ladies.html" 404 461 9ms

In the error.log file I can see that the request is processed:

GET /content/www-company-com/nl/categories/ladies.html HTTP/1.1] org .apache.sling.engine.impl.SlingRequestProcessorImpl service: Resource /content/www-company-com/nl/categories/ladies.html not found

Peter_Puzanovs · 12/7/15

Hi Steven,

Resource /content/www-company-com/nl/categories/ladies.html not found

Means that your Publish instance can't resolve this path to anything useful.

Looks like it's problem with your sling:alias configuration

Could you try to use: BOX_URL:PORT/system/console/jcrresolver to find out why /content/www-company-com/nl/categories/ladies.html does not resolve to a page. [1]

[1] https://docs.adobe.com/docs/en/cq/5-6-1/deploying/resource_mapping.html

Thanks,

Peter

StevenRymenans · 12/7/15

That is where it get's strange. When I go to my publish instance and open the jcrresolver page, I enter my url: "http://ac2.company.com.aws.intranet/nl/catelog/ladies.html" and I select resolve. It successfully resolves the url to a page under /content/www-company-com/nl/categories/5 which is the page containing the "sling:alias".

When I navigate to http://publish-a.ac2.aws.intranet:4503/content/www-company-com/nl/categories/ladies.html it also displays the page, but when I log out on the crx, I'm no longer able to open the page.

It seems like something about the permissions is wrong, but normal content pages (without a sling alias) are available.

When I try to open the page without the sling alias, http://publish-a.ac2.aws.intranet:4503/content/www-company-com/nl/categories/5.html the page also opens.

Regards

Steven

Peter_Puzanovs · 12/7/15

Hi Steven,

Looking at this phrase "but when I log out on the crx, I'm no longer able to open the page." Gives us a clue that Authentication Service or Access control for /content node might be configured incorrectly.

Could you kindly check what are the settings in the system/console: Apache Sling Authentication Service for a test set the Allow Anonymous Access to true. Try to access your page whilst not logged in.

Could you also check access config with CRX/DE for your /content node and make sure that everyone is allowed to read your nodes.

*These are not production settings, but rather settings that can be used to check why sling:alias is not resolving.

Thanks,

Peter

StevenRymenans · 12/7/15

I checked the security settings, the "Allow Anonymous Access" was already selected. And I provided read-only access to everyone on the /content/www-company-com/ node (and all the subnodes).

Still no success, the page is "not found"

Regards

Steven

Feike_Visser1 · 12/7/15

is this AEM6.1?

StevenRymenans · 12/7/15

Yes it is AEM 6.1

StevenRymenans · 12/7/15

After trying to reproduce the issue on a new publish instance I noticed that a request filter is also not working. Is it possible that some filters are disabled?

StevenRymenans · 12/8/15

Update: I am able to reproduce the issue on a "new" publish instance, I also installed all the hotfixes for AEM 6.1 just to make sure that isn't an old problem.

I changed the Sling Authentication to allow anonymous access. I even gave the anonymous user access to read/write/.... for all the paths using the useradmin screen, but still the sling:alias is not resolved.

I'm going to set logging for sling on debug now and hopefully I can extract the issue from the log file.

StevenRymenans · 12/8/15

Another update: I debugged the sling engine code to determine when the alias was resolved and the sling code tries several strategies to resolve the content node, one of them is starting at the root node ('/') and adding everything until the path is resolved or an alias is found in the aliasMap. Granting the anonymous user access to root ('/') solves the issue.

I should add that the hotfix cq-6.1.0-hotfix-7700-2.2.zip is also necessary for this to work.

Everyone who tried to help, thank you very much. I'm glad this issue is resolved, on to the next one!

Regards

Steven

Adobe Experience Manager Sites & More

Sling:alias not working on dispatcher

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe