Hi,
I might be wrong, but I think the problem is that as soon as you
configure the forms based auth handler, you don't have a handler for
other paths like /system/console. Your logs show this statement
"No handler for request (1 handlers available)"
So, you have two options: define a default handler for "/" or configure
SlingAuthenticator to treat everything that is not handled by a handler
via basic auth (auth.http configuration)
Regards
Carsten
Am 30.03.2021 um 15:43 schrieb JCR:
Hello,
I post this issue here because I have not got any answer on the user's
list.
The thread comprises of two messages, whereas the second details the
error from error.log. I use Sling 11 and Java 11.
Thanks,
Juerg Meier
***************************************
On 12.03.21 12:30, JCR wrote:
I tried to configure form based authentication for a certain subtree
under /content.
So I added the path in the Felix console the Sling Form Based
Authentication Handler configuration, providing the absolute path
/content/a/b, being the admin user.
But saving the changed configuration resulted in this error:
HTTP ERROR 500
Problem accessing
/system/console/configMgr/org.apache.sling.auth.form.FormAuthenticationHandler.
Reason:
Server Error
Caused by:
org.apache.sling.api.auth.NoAuthenticationHandlerException
at
org.apache.sling.auth.core.impl.SlingAuthenticator.login(SlingAuthenticator.java:588)
at
org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:91)
at
org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103)
at
org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:406)
at
org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:58)
at
org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)
at
org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1014)
at
org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)
Note that at that point in time, the Apache Sling Form Based
Authentication Handlerorg.apache.sling.auth.form bundle (V 1.0.12) was
active.
And, the changed record got actually written to file
/sling/config/org/apache/sling/auth/form/FormAuthenticationHandler.config :
:org.apache.felix.configadmin.revision:=L"1"^M
form.auth.name="sling.formauth"^M
form.auth.storage="cookie"^M
form.auth.timeout=I"30"^M
form.credentials.name="sling.formauth"^M
form.default.cookie.domain=""^M
form.login.form="/system/sling/form/login"^M
form.onexpire.login=B"false"^M
form.token.fastseed=B"false"^M
form.token.file="cookie-tokens.bin"^M
jaas.controlFlag="sufficient"^M
jaas.ranking=I"1000"^M
jaas.realmName="jackrabbit.oak"^M
path=[ \^M
"/content/a/b", \^M
]^M
preferReasonCode=B"false"^M
service.pid="org.apache.sling.auth.form.FormAuthenticationHandler"^M
service.ranking=I"0"^M
useInclude=B"false"^M
The login page (/system/sling/login.html) returned with Http status 403:
The requested URL /system/sling/login.html resulted in an error in
org.apache.sling.auth.core.impl.LoginServlet.
Request Progress:
0 TIMER_START{Request Processing}
3 COMMENT timer_end format is {<elapsed microseconds>,<timer
name>} <optional message>
13 LOG Method=GET, PathInfo=null
14 TIMER_START{handleSecurity}
1277 TIMER_END{1260,handleSecurity} authenticator
org.apache.sling.auth.core.impl.SlingAuthenticator@232f04d8 returns true
2061 TIMER_START{ResourceResolution}
2254 TIMER_END{189,ResourceResolution} URI=/system/sling/login.html
resolves to Resource=ServletResource,
servlet=org.apache.sling.auth.core.impl.LoginServlet,
path=/system/sling/login
2273 LOG Resource Path Info: SlingRequestPathInfo:
path='/system/sling/login', selectorString='null', extension='html',
suffix='null'
2274 TIMER_START{ServletResolution}
2282 TIMER_START{resolveServlet(/system/sling/login)}
2306 TIMER_END{23,resolveServlet(/system/sling/login)} Using servlet
org.apache.sling.auth.core.impl.LoginServlet
2311 TIMER_END{36,ServletResolution} URI=/system/sling/login.html
handled by Servlet=org.apache.sling.auth.core.impl.LoginServlet
2328 LOG Applying Requestfilters
2339 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter
2347 LOG Calling filter:
org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter
2355 LOG Applying Componentfilters
2370 TIMER_START{org.apache.sling.auth.core.impl.LoginServlet#0}
2753 LOG Applying Error filters
2758 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter
2769 TIMER_START{handleError:status=403}
3509 TIMER_END{736,handleError:status=403} Using handler
org.apache.sling.servlets.resolver.internal.defaults.DefaultErrorHandlerServlet
4880 TIMER_END{4878,Request Processing} Dumping
SlingRequestProgressTracker Entries
The login page only returns back to normal after completely removing
(manually) the three path lines in FormAuthenticationHandler.config. So
there seems to be a problem with the path entry.
What goes wrong here?
Thanks,
Juerg
************************************
Here are further details on the NoAuthenticationHandlerException below
(from error.log, upon saving the configuration change.
20.03.2021 19:46:06.617 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.sling.auth.form Service
[org.apache.sling.auth.form.FormAuthenticationHandler,244,
[org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent
UNREGISTERING
20.03.2021 19:46:06.620 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.sling.auth.form Service [LoginModule Support for
FormAuthenticationHandler,245,
[org.apache.felix.jaas.LoginModuleFactory]] ServiceEvent UNREGISTERING
20.03.2021 19:46:06.622 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.felix.jaas Deregistering LoginModuleFactory
OsgiLoginModuleProvider{className=org.apache.sling.auth.form.impl.jaas.JaasHelper$1,
ranking=1000, flag=LoginModuleControlFlag: sufficient,
realmName='jackrabbit.oak'}
20.03.2021 19:46:06.624 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.sling.auth.form Service
[org.apache.sling.auth.form.FormAuthenticationHandler,1101,
[org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent
REGISTERED
20.03.2021 19:46:06.625 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.sling.auth.form Service [LoginModule Support for
FormAuthenticationHandler,1102,
[org.apache.felix.jaas.LoginModuleFactory]] ServiceEvent REGISTERED
20.03.2021 19:46:06.627 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.felix.jaas Registering LoginModuleFactory LoginModule Support
for FormAuthenticationHandler
(org.apache.sling.auth.form.impl.jaas.FormLoginModule)
20.03.2021 19:46:06.627 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.sling.auth.form.impl.jaas.JaasHelper Registered
FormLoginModuleFactory
20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.sling.auth.form.impl.FormAuthenticationHandler Login Form URL
/system/sling/form/login
20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.sling.auth.form.impl.FormAuthenticationHandler Using Cookie
store with name sling.formauth
20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.sling.auth.form.impl.FormAuthenticationHandler Setting Auth
Data attribute name sling.formauth
20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.sling.auth.form.impl.FormAuthenticationHandler Setting
session timeout 30 minutes
20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.sling.auth.form.impl.FormAuthenticationHandler Storing tokens
in /home/juerg/bin/sling11/sling/felix/bundle114/data/cookie-tokens.bin
20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
ConfigurationEvent:
pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
org.apache.sling.auth.form.impl.TokenStore Seeding the secure random
number generator can take up to several minutes on some operating
systems depending upon environment factors. If this is a problem for
you, set the system property 'java.security.egd' to
'file:/dev/./urandom' or enable the Fast Seed Generator in the Web Console
20.03.2021 19:46:06.661 *ERROR*[qtp128006962-1044]
org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2
authenticate: Expected user ID anonymous to refer to a user
20.03.2021 19:46:06.661 *INFO*[qtp128006962-1044]
org.apache.sling.auth.core.impl.SlingAuthenticator login: No handler for
request (1 handlers available)
20.03.2021 19:46:06.662 *ERROR*[qtp128006962-1044]
org.apache.felix.http.jetty Exception while processing request to
/system/console/configMgr
(org.apache.sling.api.auth.NoAuthenticationHandlerException)
org.apache.sling.api.auth.NoAuthenticationHandlerException: null
at
org.apache.sling.auth.core.impl.SlingAuthenticator.login(SlingAuthenticator.java:588)
[org.apache.sling.auth.core:1.4.2]
at
org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:91)
[org.apache.sling.extensions.webconsolesecurityprovider:1.2.0]
at
org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103)
[org.apache.felix.webconsole:4.3.8]
at
org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:406)
[org.apache.felix.http.jetty:4.0.6]
at
org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:58)
[org.apache.felix.http.jetty:4.0.6]
at
org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)
[org.apache.felix.http.jetty:4.0.6]
at
org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1014)
[org.apache.felix.http.jetty:4.0.6]
at
org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)
[org.apache.felix.http.sslfilter:1.2.6]
at
org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandler.java:133)
[org.apache.felix.http.jetty:4.0.6]
at
org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1020)
[org.apache.felix.http.jetty:4.0.6]
at
org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(WhiteboardManager.java:1024)
[org.apache.felix.http.jetty:4.0.6]
at
org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)
[org.apache.felix.http.jetty:4.0.6]
at
org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49)
[org.apache.felix.http.jetty:4.0.6]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
[org.apache.felix.http.servlet-api:1.1.2]
....
A few comments:
- no idea what role user id 'anonymous' plays in here. What I do know,
however, is that it is a registered user in the system:
"anonymous": {
"memberOf": [],
"declaredMemberOf": [],
"path": "/home/users/g/gktXr8UiIxG9fmuKU5sM7"
}
- the change in the config was done with user 'admin'
- generating a token "taking minutes": would be no problem.
Thanks for any help on this!
Regards,
Juerg
--
--
Carsten Ziegeler
Adobe Research Switzerland
cziege...@apache.org
