Adobe Experience Manager Sites & More

Rudra-2024 · 6/12/23

Hi Team,

I have a requirement for sensitive permission caching in AEM. I followed the documentation
https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-...

Some times Auth check servlet is receiving the call from dispatcher when ever we hit the page.
Sometimes auth check servlet nor getting called when we hit the page ( no logs from auth check servlet )

Sometimes it is getting 404.

It very strange behavior. Can some one please guide me on this. Any help is highly appreciated.

Below are the complete details.

I created a servlet

@Component(service = Servlet.class, property = {
        Constants.SERVICE_DESCRIPTION + "= Authenticate the page based on tags added on the page.",
        "sling.servlet.paths=" + "/bin/mysite/authcheck"
})
public class RequestAuthenticationServlet extends SlingSafeMethodsServlet {

I override the DO head method

@Override
public void doHead(SlingHttpServletRequest request, SlingHttpServletResponse response) {

    String uri = request.getParameter("uri").replace(".html", "");
    logger.debug("Request URL {}", uri);
    logger.debug("RequestAuthenticationServlet:Time before validating the user  is {}.", new Date().getTime());
    Map<String, Object> serviceParams = new HashMap<>();
    serviceParams.put(ResourceResolverFactory.SUBSERVICE, MYSITE_ADMINISTRATIVE_SERVICE);
    ResourceResolver resourceResolver = null;
    try {
        logger.debug("Inside Try block of Auth_Checker_Servlet");

        resourceResolver = resolverFactory.getServiceResourceResolver(serviceParams);
        boolean isInValid = userGroupService.validateTheUser(resourceResolver, request.getResourceResolver(), uri);
        if (isInValid) {
            logger.debug("user don't have access on the page {}", uri);
            response.setStatus(SC_FORBIDDEN);
        } else {
            logger.debug("user have access on the page {}", uri);
            response.setStatus(SC_OK);
        }
    } catch (Exception e) {
        logger.error("auth checker says READ access DENIED!");
        response.setStatus(SC_FORBIDDEN);
    }
    finally {
        if (resourceResolver != null && resourceResolver.isLive()) {
            resourceResolver.close();
        }
    }
    logger.debug("RequestAuthenticationServlet:Time after validating the user  is {}.", new Date().getTime());
}

and I enabled Auth checker in dispatcher : src/conf.dispatcher.d/enabled_farms/mysite.farm

/auth_checker
   {
     # request is sent to this URL with '?uri=<page>' appended
     /url "/bin/mysite/authcheck"

     # only the requested pages matching the filter section below are checked,
     # all other pages get delivered unchecked
     /filter
       {
       /0000
         {
         /glob "*"
         /type "deny"
         }
       /0001
         {
         /glob "/content/mysite/*"
         /type "allow"
         }
       }
     # any header line returned from the auth_checker's HEAD request matching
     # the section below will be returned as well
     /headers
       {
       /0000
         {
         /glob "*"
         /type "deny"
         }
       /0001
         {
         /glob "Set-Cookie:*"
         /type "allow"
         }
       }
   }

aanchal-sikka · 6/12/23

Hello @Rudra-2024

I guess you are already following it via Issues with Auth check servlet in AEM - Adobe Experience League Community - 598659

Lets keep the thread in one place. It just becomes easy to understand all the inputs coming from various people.

Aanchal Sikka

Rudra-2024 · 6/20/23

Hi @aanchal-sikka
By mistake I submitted twice and not able to delete the post. Is there any way we can delete this question.

TarunKumar · 6/13/23

Hi @Rudra-2024 ,

Please confirm on few things.
1. Do you have CDN placed on top of dispatcher. Then you might need to by pass the caching from CDN.
2. Also check when the auth checker servlet is not called, in case of non-cached document, it wont get called.

Rudra-2024 · 6/20/23

Hi @TarunKumar

We have default CDN (Fastly). I disabled CDN cache by un commenting below from global.vars file
# Define DISABLE_DEFAULT_CACHING

It is hitting the servlet for every request but it always passing 404.html

Adobe Experience Manager Sites & More

Auth Check servlet is not getting called every time and it is printing 404 page

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe