Hi Juerg, I can see Carsten's message at [1], not sure why you did not receive it.
Thanks, Robert [1]: https://lists.apache.org/thread.html/rdd3579eff90c213d08958ebc0f71b35befbc10a7cc334279f65dd940%40%3Cdev.sling.apache.org%3E On Wed, 2021-04-14 at 14:17 +0200, JCR wrote: > Carsten, Cris > > Solved. > > Many thanks for the feedback. Unfortunately, Carsten's original message > thanks for repeating. > > I think the confusion is that > https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html > > talks about changes to the form authentication service only, omitting > to > mention necessary changes to the Authentication Service config. > > The following changes now work for me: > > The auth.http is set to "Enabled (Preemptive)", which is the default. > > I added to the requirements section (of Authentication Service): > -/content > -/system/sling/login > /content/a/b > > There was no change necessary in the form based authentication service > config, the path (which I had originally changed to /content/a/b) is > now > left at its default "/" value. > > Best, > Juerg > > > On 12.04.21 17:42, Carsten Ziegeler wrote: > > I already answered in the same direction over a week ago on one of > > the > > first messages: > > > > Hi, > > > > I might be wrong, but I think the problem is that as soon as you > > configure the forms based auth handler, you don't have a handler for > > other paths like /system/console. Your logs show this statement > > "No handler for request (1 handlers available)" > > > > So, you have two options: define a default handler for "/" or > > configure SlingAuthenticator to treat everything that is not handled > > by a handler via basic auth (auth.http configuration) > > > > Regards > > > > Carsten > > > > Am 12.04.2021 um 17:32 schrieb Cris Rockwell: > > > Hi Juerg > > > > > > Regarding the first error, if the following occurred > > > > > > 1. you signed into Sling using the login page > > > (/system/sling/login.html) > > > 2. you changed the `path` property for > > > ‘/content/a/b' > > > > > > Then, perhaps auth access and errors should be expected for > > > requests > > > for any path that is not under /content/a/b > > > For example, /system/console/configMgr is not under /content/a/b, > > > so > > > your previous forms auth credential is no longer applicable. > > > > > > Also, is org.apache.sling.engine.impl.auth.SlingAuthenticator > > > configured to disable auth.http? > > > expected. > > > > > > The fact that http://localhost:8080/system/sling/form/login > > > <http://localhost:8080/system/sling/form/login> is 403 is odd > > > You may want to double check > > > org.apache.sling.engine.impl.auth.SlingAuthenticator > > > Authentication Requirements includes "-/system/sling/login" > > > > > > Regards > > > Cris > > > > > > > On Apr 12, 2021, at 10:05 AM, JCR <j...@proxymit.net> wrote: > > > > > > > > Hello, > > > > > > > > user's list. > > > > The thread comprises of two messages, whereas the second details > > > > the > > > > error from error.log. I use Sling 11 and Java 11. > > > > > > > > Thanks, > > > > Juerg Meier > > > > > > > > > > > > *************************************** > > > > > > > > On 12.03.21 12:30, JCR wrote: > > > > I tried to configure form based authentication for a certain > > > > subtree > > > > under /content. > > > > > > > > So I added the path in the Felix console the Sling Form Based > > > > Authentication Handler configuration, providing the absolute path > > > > /content/a/b, being the admin user. > > > > But saving the changed configuration resulted in this error: > > > > > > > > HTTP ERROR 500 > > > > Problem accessing > > > > Reason: > > > > > > > > Server Error > > > > > > > > Caused by: > > > > org.apache.sling.api.auth.NoAuthenticationHandlerException > > > > at > > > > org.apache.sling.auth.core.impl.SlingAuthenticator.login(SlingAut > > > > henticator.java:588) > > > > at > > > > org.apache.sling.extensions.webconsolesecurityprovider.internal.S > > > > lingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecur > > > > ityProvider2.java:91) > > > > at > > > > org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpConte > > > > xt.handleSecurity(OsgiManagerHttpContext.java:103) > > > > at > > > > org.apache.felix.http.base.internal.service.ServletContextImpl.ha > > > > ndleSecurity(ServletContextImpl.java:406) > > > > at > > > > org.apache.felix.http.base.internal.dispatch.InvocationChain.doFi > > > > lter(InvocationChain.java:58) > > > > at > > > > org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilte > > > > r(Dispatcher.java:146) > > > > at > > > > org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$ > > > > 2.doFilter(WhiteboardManager.java:1014) > > > > at > > > > org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFi > > > > lter.java:97) > > > > ... > > > > > > > > Note that at that point in time, the Apache Sling Form Based > > > > Authentication Handlerorg.apache.sling.auth.form bundle (V > > > > 1.0.12) > > > > was active. > > > > > > > > And, the changed record got actually written to file > > > > : > > > > > > > > :org.apache.felix.configadmin.revision:=L"1"^M > > > > form.auth.name="sling.formauth"^M > > > > form.auth.storage="cookie"^M > > > > form.auth.timeout=I"30"^M > > > > form.credentials.name="sling.formauth"^M > > > > form.default.cookie.domain=""^M > > > > form.login.form="/system/sling/form/login"^M > > > > form.onexpire.login=B"false"^M > > > > form.token.fastseed=B"false"^M > > > > form.token.file="cookie-tokens.bin"^M > > > > jaas.controlFlag="sufficient"^M > > > > jaas.ranking=I"1000"^M > > > > jaas.realmName="jackrabbit.oak"^M > > > > path=[ \^M > > > > "/content/a/b", \^M > > > > ]^M > > > > preferReasonCode=B"false"^M > > > > service.pid="org.apache.sling.auth.form.FormAuthenticationHandler > > > > "^M > > > > service.ranking=I"0"^M > > > > useInclude=B"false"^M > > > > > > > > > > > > The login page (/system/sling/login.html) returned with Http > > > > status > > > > 403: > > > > > > > > The requested URL /system/sling/login.html resulted in an error > > > > in > > > > org.apache.sling.auth.core.impl.LoginServlet. > > > > Request Progress: > > > > > > > > 0 TIMER_START{Request Processing} > > > > 3 COMMENT timer_end format is {<elapsed > > > > microseconds>,<timer > > > > name>} <optional message> > > > > 13 LOG Method=GET, PathInfo=null > > > > 14 TIMER_START{handleSecurity} > > > > 1277 TIMER_END{1260,handleSecurity} authenticator > > > > org.apache.sling.auth.core.impl.SlingAuthenticator@232f04d8 > > > > returns > > > > true > > > > 2061 TIMER_START{ResourceResolution} > > > > 2254 TIMER_END{189,ResourceResolution} > > > > URI=/system/sling/login.html resolves to > > > > Resource=ServletResource, > > > > servlet=org.apache.sling.auth.core.impl.LoginServlet, > > > > path=/system/sling/login > > > > 2273 LOG Resource Path Info: SlingRequestPathInfo: > > > > path='/system/sling/login', selectorString='null', > > > > extension='html', > > > > suffix='null' > > > > 2274 TIMER_START{ServletResolution} > > > > 2282 TIMER_START{resolveServlet(/system/sling/login)} > > > > 2306 TIMER_END{23,resolveServlet(/system/sling/login)} Using > > > > servlet org.apache.sling.auth.core.impl.LoginServlet > > > > 2311 TIMER_END{36,ServletResolution} > > > > URI=/system/sling/login.html handled by > > > > Servlet=org.apache.sling.auth.core.impl.LoginServlet > > > > 2328 LOG Applying Requestfilters > > > > 2339 LOG Calling filter: > > > > org.apache.sling.i18n.impl.I18NFilter > > > > 2347 LOG Calling filter: > > > > org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilte > > > > r > > > > 2355 LOG Applying Componentfilters > > > > 2370 > > > > TIMER_START{org.apache.sling.auth.core.impl.LoginServlet#0} > > > > 2753 LOG Applying Error filters > > > > 2758 LOG Calling filter: > > > > org.apache.sling.i18n.impl.I18NFilter > > > > 2769 TIMER_START{handleError:status=403} > > > > 3509 TIMER_END{736,handleError:status=403} Using handler > > > > org.apache.sling.servlets.resolver.internal.defaults.DefaultError > > > > HandlerServlet > > > > 4880 TIMER_END{4878,Request Processing} Dumping > > > > SlingRequestProgressTracker Entries > > > > > > > > The login page only returns back to normal after completely > > > > removing > > > > (manually) the three path lines in > > > > FormAuthenticationHandler.config. > > > > So there seems to be a problem with the path entry. > > > > > > > > What goes wrong here? > > > > > > > > Thanks, > > > > Juerg > > > > > > > > ************************************ > > > > > > > > Here are further details on the NoAuthenticationHandlerException > > > > below (from error.log, upon saving the configuration change. > > > > > > > > 20.03.2021 19:46:06.617 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.sling.auth.form Service > > > > [org.apache.sling.auth.form.FormAuthenticationHandler,244, > > > > [org.apache.sling.auth.core.spi.AuthenticationHandler]] > > > > ServiceEvent > > > > UNREGISTERING > > > > 20.03.2021 19:46:06.620 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.sling.auth.form Service [LoginModule Support for > > > > FormAuthenticationHandler,245, > > > > [org.apache.felix.jaas.LoginModuleFactory]] ServiceEvent > > > > UNREGISTERING > > > > 20.03.2021 19:46:06.622 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.felix.jaas Deregistering LoginModuleFactory > > > > ranking=1000, flag=LoginModuleControlFlag: sufficient, > > > > realmName='jackrabbit.oak'} > > > > 20.03.2021 19:46:06.624 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.sling.auth.form Service > > > > [org.apache.sling.auth.form.FormAuthenticationHandler,1101, > > > > [org.apache.sling.auth.core.spi.AuthenticationHandler]] > > > > ServiceEvent > > > > REGISTERED > > > > 20.03.2021 19:46:06.625 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.sling.auth.form Service [LoginModule Support for > > > > FormAuthenticationHandler,1102, > > > > [org.apache.felix.jaas.LoginModuleFactory]] ServiceEvent > > > > REGISTERED > > > > 20.03.2021 19:46:06.627 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.felix.jaas Registering LoginModuleFactory LoginModule > > > > Support for FormAuthenticationHandler > > > > (org.apache.sling.auth.form.impl.jaas.FormLoginModule) > > > > 20.03.2021 19:46:06.627 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.sling.auth.form.impl.jaas.JaasHelper Registered > > > > FormLoginModuleFactory > > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.sling.auth.form.impl.FormAuthenticationHandler Login > > > > Form > > > > URL /system/sling/form/login > > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > Cookie store with name sling.formauth > > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.sling.auth.form.impl.FormAuthenticationHandler Setting > > > > Auth Data attribute name sling.formauth > > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.sling.auth.form.impl.FormAuthenticationHandler Setting > > > > session timeout 30 minutes > > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.sling.auth.form.impl.FormAuthenticationHandler Storing > > > > tokens in > > > > /home/juerg/bin/sling11/sling/felix/bundle114/data/cookie- > > > > tokens.bin > > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire > > > > ConfigurationEvent: > > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > > > > org.apache.sling.auth.form.impl.TokenStore Seeding the secure > > > > random > > > > number generator can take up to several minutes on some operating > > > > systems depending upon environment factors. If this is a problem > > > > for > > > > you, set the system property 'java.security.egd' to > > > > 'file:/dev/./urandom' or enable the Fast Seed Generator in the > > > > Web > > > > Console > > > > 20.03.2021 19:46:06.661 *ERROR*[qtp128006962-1044] > > > > authenticate: Expected user ID anonymous to refer to a user > > > > 20.03.2021 19:46:06.661 *INFO*[qtp128006962-1044] > > > > org.apache.sling.auth.core.impl.SlingAuthenticator login: No > > > > handler > > > > for request (1 handlers available) > > > > 20.03.2021 19:46:06.662 *ERROR*[qtp128006962-1044] > > > > org.apache.felix.http.jetty Exception while processing request to > > > > /system/console/configMgr > > > > (org.apache.sling.api.auth.NoAuthenticationHandlerException) > > > > org.apache.sling.api.auth.NoAuthenticationHandlerException: null > > > > at > > > > [org.apache.sling.auth.core:1.4.2] > > > > at > > > > [org.apache.sling.extensions.webconsolesecurityprovider:1.2.0] > > > > at > > > > [org.apache.felix.webconsole:4.3.8] > > > > at > > > > [org.apache.felix.http.jetty:4.0.6] > > > > at > > > > [org.apache.felix.http.jetty:4.0.6] > > > > at > > > > [org.apache.felix.http.jetty:4.0.6] > > > > at > > > > [org.apache.felix.http.jetty:4.0.6] > > > > at > > > > [org.apache.felix.http.sslfilter:1.2.6] > > > > at > > > > [org.apache.felix.http.jetty:4.0.6] > > > > at > > > > [org.apache.felix.http.jetty:4.0.6] > > > > at > > > > [org.apache.felix.http.jetty:4.0.6] > > > > at > > > > [org.apache.felix.http.jetty:4.0.6] > > > > at > > > > [org.apache.felix.http.jetty:4.0.6] > > > > at > > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:725) > > > > [org.apache.felix.http.servlet-api:1.1.2] > > > > .... > > > > > > > > A few comments: > > > > > > > > - no idea what role user id 'anonymous' plays in here. What I do > > > > know, however, is that it is a registered user in the system: > > > > > > > > "anonymous": { > > > > "memberOf": [], > > > > "declaredMemberOf": [], > > > > "path": "/home/users/g/gktXr8UiIxG9fmuKU5sM7" > > > > } > > > > > > > > - the change in the config was done with user 'admin' > > > > - generating a token "taking minutes": would be no problem. > > > > > > > > Thanks for any help on this! > > > > > > > > Regards, > > > > Juerg > > > > > > > > > > > >