New Participant

Auth Check servlet is not getting called every time and it is printing 404 page

Forum|Forum|2 years ago
June 12, 2023
2 replies
1171 views

Hi Team,

I have a requirement for sensitive permission caching in AEM. I followed the documentation
https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-cache.html?lang=en#page-is-cached-and-user-is-authorized

Some times Auth check servlet is receiving the call from dispatcher when ever we hit the page.
Sometimes auth check servlet nor getting called when we hit the page ( no logs from auth check servlet )

Sometimes it is getting 404.

It very strange behavior. Can some one please guide me on this. Any help is highly appreciated.

Below are the complete details.

I created a servlet

@Component(service = Servlet.class, property = {
        Constants.SERVICE_DESCRIPTION + "= Authenticate the page based on tags added on the page.",
        "sling.servlet.paths=" + "/bin/mysite/authcheck"
})
public class RequestAuthenticationServlet extends SlingSafeMethodsServlet {

I override the DO head method

@Override
public void doHead(SlingHttpServletRequest request, SlingHttpServletResponse response) {

    String uri = request.getParameter("uri").replace(".html", "");
    logger.debug("Request URL {}", uri);
    logger.debug("RequestAuthenticationServlet:Time before validating the user  is {}.", new Date().getTime());
    Map<String, Object> serviceParams = new HashMap<>();
    serviceParams.put(ResourceResolverFactory.SUBSERVICE, MYSITE_ADMINISTRATIVE_SERVICE);
    ResourceResolver resourceResolver = null;
    try {
        logger.debug("Inside Try block of Auth_Checker_Servlet");

        resourceResolver = resolverFactory.getServiceResourceResolver(serviceParams);
        boolean isInValid = userGroupService.validateTheUser(resourceResolver, request.getResourceResolver(), uri);
        if (isInValid) {
            logger.debug("user don't have access on the page {}", uri);
            response.setStatus(SC_FORBIDDEN);
        } else {
            logger.debug("user have access on the page {}", uri);
            response.setStatus(SC_OK);
        }
    } catch (Exception e) {
        logger.error("auth checker says READ access DENIED!");
        response.setStatus(SC_FORBIDDEN);
    }
    finally {
        if (resourceResolver != null && resourceResolver.isLive()) {
            resourceResolver.close();
        }
    }
    logger.debug("RequestAuthenticationServlet:Time after validating the user  is {}.", new Date().getTime());
}

and I enabled Auth checker in dispatcher : src/conf.dispatcher.d/enabled_farms/mysite.farm

/auth_checker
   {
     # request is sent to this URL with '?uri=<page>' appended
     /url "/bin/mysite/authcheck"

     # only the requested pages matching the filter section below are checked,
     # all other pages get delivered unchecked
     /filter
       {
       /0000
         {
         /glob "*"
         /type "deny"
         }
       /0001
         {
         /glob "/content/mysite/*"
         /type "allow"
         }
       }
     # any header line returned from the auth_checker's HEAD request matching
     # the section below will be returned as well
     /headers
       {
       /0000
         {
         /glob "*"
         /type "deny"
         }
       /0001
         {
         /glob "Set-Cookie:*"
         /type "allow"
         }
       }
   }

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

TarunKumar

New Participant

Hi @rudra-2024 ,

Please confirm on few things.
1. Do you have CDN placed on top of dispatcher. Then you might need to by pass the caching from CDN.
2. Also check when the auth checker servlet is not called, in case of non-cached document, it wont get called.