Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Why @ServiceRanking(60000) is required to handle the authentication request?

Avatar

Level 4

We understand that we need Service Ranking to invoke services (https://helpx.adobe.com/experience-manager/using/osgi_getting_started.html)

 

But is there any reason for using specifically "60000" ServiceRanking to invoke a custom authentication handler? We are following this https://helpx.adobe.com/experience-manager/using/twofactor64.html

 

 

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @surenk ,

 

When looking for an AuthenticationHandler the authentication handler is selected whose path is the longest match on the request URL. If the service is registered with Scheme and Host/Port, these must exactly match for the service to be eligible. If multiple AuthenticationHandler services are registered with the same length matching path, the handler with the higher service ranking is selected[^ranking].

[^ranking]: Service ranking is defined by the OSGi Core Specification as follows: If multiple qualifying service interfaces exist, a service with the highest service.ranking number, or when equal to the lowest service.id, determines which service object is returned by the Framework.

You can refer this for more details https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authentication...

 

So the idea is if you are using a custom authentication handler, it should have the highest ranking for it to be executed and hence a high value number, just to make sure it does not collide with any existing service.

You can take a look at 

http://localhost:4502/system/console/jaas

This will list all the registered authentication handlers, if your service ranking is lower than any of these, then the one with the highest ranking will be executed.

 

Instead of 60000, can you please try with 70000 or 99999, in my opinion, it should work too.

Hope this helps!!

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Hi @surenk ,

 

When looking for an AuthenticationHandler the authentication handler is selected whose path is the longest match on the request URL. If the service is registered with Scheme and Host/Port, these must exactly match for the service to be eligible. If multiple AuthenticationHandler services are registered with the same length matching path, the handler with the higher service ranking is selected[^ranking].

[^ranking]: Service ranking is defined by the OSGi Core Specification as follows: If multiple qualifying service interfaces exist, a service with the highest service.ranking number, or when equal to the lowest service.id, determines which service object is returned by the Framework.

You can refer this for more details https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authentication...

 

So the idea is if you are using a custom authentication handler, it should have the highest ranking for it to be executed and hence a high value number, just to make sure it does not collide with any existing service.

You can take a look at 

http://localhost:4502/system/console/jaas

This will list all the registered authentication handlers, if your service ranking is lower than any of these, then the one with the highest ranking will be executed.

 

Instead of 60000, can you please try with 70000 or 99999, in my opinion, it should work too.

Hope this helps!!

Avatar

Employee

This service.ranking indicates the priority of the filter in the chain. The higher the number the earlier the filter will be invoked. Sling supports filter processing by applying filter chains to the requests before actually dispatching to the servlet or script for processing. They can be used to call a servlet, to redirect to another page, to authenticate request, preprocessing, post-processing of mark up, logging, measuring, decoration or adding/removing request parameters.

 

 

service.rankingIntegerAny Integer valueIndication of where to place the filter in the filter chain. The higher the number the earlier in the filter chain. This value may span the whole range of integer values. Two filters with equal service.ranking property value (explicitly set or default value of zero) will be ordered according to their service.id service property

 

For more details, check https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authentication...

 

Thanks!!