2 Replies Latest reply on Jun 5, 2013 1:57 PM by j_purchase

    Configuring anonymous access for a custom login page


      I am trying to set up a login form that will submit through a custom login module and authentication handler, and I'm finding the configuration for the page confusing.


      Does the Sling Authenticator do anything? Is all anonymous access configured through just the CQ5 security, sling authenticator, or both?


      I have managed to access my page anonymously; if I curl the URL I can get the html. But access it from the browser, things go wrong, presumably because I need to configure some of the other URLs linked by the html. I am trying to work through the list of errors, but the error codes seem backwards. When I haven't granted anonymous access, I appear to get a 404 error and I get a 403 when the resource doesn't exist. What's going on?

        • 1. Re: Configuring anonymous access for a custom login page
          Sham HC Level 7

          Hi j_purchase,



          It goes through various layers like

          *    Filters  (Ex:- Refferer Filter)

          *    sling authenticator handlers (You might have various login handler & based on passed parameters respective handlers get picked up )

          *    Global Acl setup

          *    CQ5 security




          What is going on Can not be predicated with little information & it various.  However following below tips you will find answer yourself.


          1.    Go to http://<host>:<port>/system/console/requests  (Default is 20 request increase it if required)

          2.    Make a request from curl command

          3.    At 1. refresh the page & you will see get request for login. Click on it & will show you the details of all the handler & request it passed through.

          4.    Repeat 3 & 4 for a request from browser.

          5.    See if there is any difference between 3 & 4.

          6.    Based on your symptoms there should be difference & should give you hint what is going on.

          7.    Assume there is no difference then disable each component one by one that is part of login request. Then make a request from browser & will help to find where it get blocked.


          If above steps find difficulty use http://sling.staging.apache.org/documentation/bundles/request-analysis.html and attach requesttracker.txt





          • 2. Re: Configuring anonymous access for a custom login page
            j_purchase Level 1

            "/system/console/requests" sounds like it should be a big help. Unfortunately, it's not working. It is recording requests (I can see the count changing), but only shows "Internal Server Error" in the list of recent requests.


            Fortunately, the request analyzer osgi bundle and app does work, This should allow me to track down the offending request.


            Thanks for the help