Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!

Auth Check servlet is not getting called every time and it is printing 404 page

Avatar

Level 4
Level 4
6/12/23 9:31:57 AM

Hi Team,

 

I have a requirement for sensitive permission caching in AEM. I followed the documentation
https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-...


Some times Auth check servlet is receiving the call from dispatcher when ever we hit the page.
Sometimes auth check servlet nor getting called  when we hit the page ( no logs from auth check servlet )

Sometimes it is getting 404.

 

It very strange behavior. Can some one please guide me on this. Any help is highly appreciated. 

Below are the complete details. 

I created a servlet

@Component(service = Servlet.class, property = {
        Constants.SERVICE_DESCRIPTION + "= Authenticate the page based on tags added on the page.",
        "sling.servlet.paths=" + "/bin/mysite/authcheck"
})
public class RequestAuthenticationServlet extends SlingSafeMethodsServlet {

 

I override the DO head method

 

@Override
public void doHead(SlingHttpServletRequest request, SlingHttpServletResponse response) {

    String uri = request.getParameter("uri").replace(".html", "");
    logger.debug("Request URL {}", uri);
    logger.debug("RequestAuthenticationServlet:Time before validating the user  is {}.", new Date().getTime());
    Map<String, Object> serviceParams = new HashMap<>();
    serviceParams.put(ResourceResolverFactory.SUBSERVICE, MYSITE_ADMINISTRATIVE_SERVICE);
    ResourceResolver resourceResolver = null;
    try {
        logger.debug("Inside Try block of Auth_Checker_Servlet");

        resourceResolver = resolverFactory.getServiceResourceResolver(serviceParams);
        boolean isInValid = userGroupService.validateTheUser(resourceResolver, request.getResourceResolver(), uri);
        if (isInValid) {
            logger.debug("user don't have access on the page {}", uri);
            response.setStatus(SC_FORBIDDEN);
        } else {
            logger.debug("user have access on the page {}", uri);
            response.setStatus(SC_OK);
        }
    } catch (Exception e) {
        logger.error("auth checker says READ access DENIED!");
        response.setStatus(SC_FORBIDDEN);
    }
    finally {
        if (resourceResolver != null && resourceResolver.isLive()) {
            resourceResolver.close();
        }
    }
    logger.debug("RequestAuthenticationServlet:Time after validating the user  is {}.", new Date().getTime());
}

 

and I enabled Auth checker in dispatcher :  src/conf.dispatcher.d/enabled_farms/mysite.farm

/auth_checker
   {
     # request is sent to this URL with '?uri=<page>' appended
     /url "/bin/mysite/authcheck"

     # only the requested pages matching the filter section below are checked,
     # all other pages get delivered unchecked
     /filter
       {
       /0000
         {
         /glob "*"
         /type "deny"
         }
       /0001
         {
         /glob "/content/mysite/*"
         /type "allow"
         }
       }
     # any header line returned from the auth_checker's HEAD request matching
     # the section below will be returned as well
     /headers
       {
       /0000
         {
         /glob "*"
         /type "deny"
         }
       /0001
         {
         /glob "Set-Cookie:*"
         /type "allow"
         }
       }
   }

 

Views

636

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Community Advisor
Community Advisor
6/12/23 10:45:26 PM

Hello @Rudra-2024 

 

I guess you are already following it via Issues with Auth check servlet in AEM - Adobe Experience League Community - 598659 

Lets keep the thread in one place. It just becomes easy to understand all the inputs coming from various people.

Aanchal Sikka

Views

621

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
6/20/23 9:23:40 AM
In response to aanchal-sikka

Hi @aanchal-sikka 
By mistake I submitted twice and not able to delete the post. Is there any way we can delete this question.

Views

561

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Community Advisor
Community Advisor
6/13/23 5:33:14 AM

Hi @Rudra-2024 ,

Please confirm on few things.
1. Do you have CDN placed on top of dispatcher. Then you might need to by pass the caching from CDN.
2. Also check when the auth checker servlet is not called, in case of non-cached document, it wont get called.

Views

610

Replies

1
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 4
Level 4
6/20/23 9:27:12 AM
In response to TarunKumar

Hi @TarunKumar  

We have default CDN (Fastly). I disabled CDN cache by un commenting below from global.vars file
# Define DISABLE_DEFAULT_CACHING

 

It is hitting the servlet for every request but it always passing 404.html

 

Views

561

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Dependency issues when PDF Services SDK is installed on AEM 6.5.21

Views

187

Likes

0

Replies

1
Pages count in AEM Launches

Views

179

Likes

0

Replies

2
I need to remove [publish page] and [unpublish page] options in page list

Views

243

Likes

0

Replies

6
After Page move, not updating all the links where that path is configured in page AEM 6.5 on-premise

Views

307

Likes

0

Replies

8
Dynamic template experience fragment localization is not working

Views

149

Likes

0

Replies

2