3 Replies Latest reply on May 14, 2012 6:45 AM by nicolas peltier

    Configuring Anonymous access for Sling Servlet

    durganuvvula

      Hello Team,


      My use case scenario is Apache webserver directs all the requests to the Sling servlet and Sling servlet would forward the calls to CQ or our internal webapp depending upon the url. I need the anonymous access for accessing my Sling Servlet.

       

      When I call my Sling Servlet from the Apache webserver, it is redirected to libs/cq/core/content/login.html. When I hit in the CQ server direcly for that servlet thats not redirecting to the login page and directly the servlet is served. Only when apache webserver dispatches the request, its being redirected to /libs/cq/core/content/login.html.

       

      [rid#18017320/initial] (4) RewriteCond: input='/mcdonalds' pattern='^/(.*)$' => matched

      [rid#18017320/initial] (2) rewrite '/mcdonalds' -> '/apps/myvanity/forwardvanity?category=mcdonalds'

      [rid#18017320/initial] (3) split uri=/apps/myvanity/forwardvanity?category=mcdonalds -> uri=/apps/myvanity/forwardvanity, args=category=mcdonalds

      [rid#18017320/initial] (2) local path result: /apps/myvanity/forwardvanity

      [rid#18017320/initial] (2) prefixed with document_root to /u/apache/htdocs/apps/myvanity/forwardvanity

      [rid#18017320/initial] (1) go-ahead with /u/apache/htdocs/apps/myvanity/forwardvanity [OK]

      [rid#180092b0/initial] (2) init rewrite engine with requested uri /libs/cq/core/content/login.html

       

      When I look into the configuration in the Apache Sling Authentication Service, I could see the AllowAnonymouAccess option is being checked. Also I tried to configure the AuthenticationRequirements property to

      -/apps/myvanity/forwardvanity to allow this url anonymous access explicitly. After the configuration I could even see that my entry got added in the Authenticator tab.

       

      Authentication Requirement Configuration
      PathAuthentication RequiredDefining Service (Description or ID)
      /system/sling/logoutNoApache Sling Request Authenticator
      /system/sling/loginNoApache Sling Request Authenticator
      /system/sling/cqform/defaultloginNoDefault Login Form for CQ Login Selector Authentication Handler
      /loginNoDay Communique LoginServlet
      /libs/cq/core/content/loginNoDay CQ Login Selector Authentication Handler
      /bin/loginNoDay Communique LoginServlet
      /apps/myvanity/forwardvanityNoApache Sling Request Authenticator
      /apps/myvanity/forwardvanityNoApache Sling Request Authenticator
      /NoApache Sling Request Authenticator

       

      Could some one please suggest how to allow the anonymous access for that servlet such that my apache webserver would not redirect to login page. Any suggestions/pointers would be appreciated.

       

      Best Regards,

      Durga

        • 1. Re: Configuring Anonymous access for Sling Servlet
          nicolas peltier Adobe Employee

          Hi Durga,

           

          could you please check HTTPAuthHandler configuration? Think you've an CQ author, right?

           

          if you look at default publish configuration, /libs/cq/security/config.publish/com.day.cq.wcm.foundation.impl.HTTPAuthHandler, no login is set to true.

           

          Be cautious though as if normal authoring is done except from your servlet, first access to / will give 404...

           

          Hth,

          Nicolas

          1 person found this helpful
          • 2. Re: Configuring Anonymous access for Sling Servlet
            durganuvvula Level 1

            Hi Nicolas,

             

            Thanks for your response.

             

            I have an authoring instance. Right now my apache is pointing to the authoring instance for testing. I could see no login is set to true by default in the publish HttpAuthHandler as u stated.

             

            I did not get your last point though, Could you please elaborate if possible.

             

            Couple of things to update:

             

            1) Approach of having Sling Servlet serving the vanity urls and forwarding to CQ or our internal webapp design was discouraged by Adobe when we consulted, as we were not using the dispatcher caching. we are reconsidering this approach.

             

            2) Second thing is there is some disconnect in the mod_rewrite and mod_dispatcher configuration. some how my rewrite hits the servlet correctly from the logs but there is some disconnect that rewrite url is not passed thru and as a result it is not hitting the proper url in the access_log.

             

            rewrite conf:

             

            RewriteCond %{REQUEST_URI} ^/(.*)$
            RewriteRule ^/(.*)$ /apps/myvanity/forwardvanity?category=$1 [QSA]

             

             

            The problem is when we are hitting the apache server with url, http://myowncompany.com/abc

            rewrite logs looks like working correctly

            rewrite '/abc' -> '/apps/myvanity/forwardvanity?category=abc'

            but when we see the access log, we are seeing the entry

            "GET /abc HTTP/1.1" 404 201.

             

             

            Best Regards,

            Durga

            • 3. Re: Configuring Anonymous access for Sling Servlet
              nicolas peltier Adobe Employee

              - even for testing, you should use a publish instance as its behavior really differs. My last point was that setting the parameter to false will never get you authenticated, but forget about my 2nd sentence, and just use a publish instance :-)

              - i'm not a mod_rewrite expert, but i just can say that the rewrite rule, even if it logs something correct, doesn't work as you have /abc on CQSE's access.log :-)

              1 person found this helpful