Hi Juerg Regarding the first error, if the following occurred
1. you signed into Sling using the login page (/system/sling/login.html) 2. you changed the `path` property for org.apache.sling.auth.form.FormAuthenticationHandler from '/' to ‘/content/a/b' Then, perhaps auth access and errors should be expected for requests for any path that is not under /content/a/b For example, /system/console/configMgr is not under /content/a/b, so your previous forms auth credential is no longer applicable. Also, is org.apache.sling.engine.impl.auth.SlingAuthenticator configured to disable auth.http? if so, then I think the NoAuthenticationHandlerException would be expected. The fact that http://localhost:8080/system/sling/form/login <http://localhost:8080/system/sling/form/login> is 403 is odd You may want to double check org.apache.sling.engine.impl.auth.SlingAuthenticator Authentication Requirements includes "-/system/sling/login" Regards Cris > On Apr 12, 2021, at 10:05 AM, JCR <j...@proxymit.net> wrote: > > Hello, > > I post this issue here because I have not got any answer on the user's list. > The thread comprises of two messages, whereas the second details the error > from error.log. I use Sling 11 and Java 11. > > Thanks, > Juerg Meier > > > *************************************** > > On 12.03.21 12:30, JCR wrote: > I tried to configure form based authentication for a certain subtree under > /content. > > So I added the path in the Felix console the Sling Form Based Authentication > Handler configuration, providing the absolute path /content/a/b, being the > admin user. > But saving the changed configuration resulted in this error: > > HTTP ERROR 500 > Problem accessing > /system/console/configMgr/org.apache.sling.auth.form.FormAuthenticationHandler. > Reason: > > Server Error > > Caused by: > org.apache.sling.api.auth.NoAuthenticationHandlerException > at > org.apache.sling.auth.core.impl.SlingAuthenticator.login(SlingAuthenticator.java:588) > at > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:91) > at > org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103) > at > org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:406) > at > org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:58) > at > org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146) > at > org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1014) > at > org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97) > > ... > > Note that at that point in time, the Apache Sling Form Based Authentication > Handlerorg.apache.sling.auth.form bundle (V 1.0.12) was active. > > And, the changed record got actually written to file > /sling/config/org/apache/sling/auth/form/FormAuthenticationHandler.config : > > :org.apache.felix.configadmin.revision:=L"1"^M > form.auth.name="sling.formauth"^M > form.auth.storage="cookie"^M > form.auth.timeout=I"30"^M > form.credentials.name="sling.formauth"^M > form.default.cookie.domain=""^M > form.login.form="/system/sling/form/login"^M > form.onexpire.login=B"false"^M > form.token.fastseed=B"false"^M > form.token.file="cookie-tokens.bin"^M > jaas.controlFlag="sufficient"^M > jaas.ranking=I"1000"^M > jaas.realmName="jackrabbit.oak"^M > path=[ \^M > "/content/a/b", \^M > ]^M > preferReasonCode=B"false"^M > service.pid="org.apache.sling.auth.form.FormAuthenticationHandler"^M > service.ranking=I"0"^M > useInclude=B"false"^M > > > The login page (/system/sling/login.html) returned with Http status 403: > > The requested URL /system/sling/login.html resulted in an error in > org.apache.sling.auth.core.impl.LoginServlet. > Request Progress: > > 0 TIMER_START{Request Processing} > 3 COMMENT timer_end format is {<elapsed microseconds>,<timer name>} > <optional message> > 13 LOG Method=GET, PathInfo=null > 14 TIMER_START{handleSecurity} > 1277 TIMER_END{1260,handleSecurity} authenticator > org.apache.sling.auth.core.impl.SlingAuthenticator@232f04d8 returns true > 2061 TIMER_START{ResourceResolution} > 2254 TIMER_END{189,ResourceResolution} URI=/system/sling/login.html > resolves to Resource=ServletResource, > servlet=org.apache.sling.auth.core.impl.LoginServlet, path=/system/sling/login > 2273 LOG Resource Path Info: SlingRequestPathInfo: > path='/system/sling/login', selectorString='null', extension='html', > suffix='null' > 2274 TIMER_START{ServletResolution} > 2282 TIMER_START{resolveServlet(/system/sling/login)} > 2306 TIMER_END{23,resolveServlet(/system/sling/login)} Using servlet > org.apache.sling.auth.core.impl.LoginServlet > 2311 TIMER_END{36,ServletResolution} URI=/system/sling/login.html handled > by Servlet=org.apache.sling.auth.core.impl.LoginServlet > 2328 LOG Applying Requestfilters > 2339 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter > 2347 LOG Calling filter: > org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter > 2355 LOG Applying Componentfilters > 2370 TIMER_START{org.apache.sling.auth.core.impl.LoginServlet#0} > 2753 LOG Applying Error filters > 2758 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter > 2769 TIMER_START{handleError:status=403} > 3509 TIMER_END{736,handleError:status=403} Using handler > org.apache.sling.servlets.resolver.internal.defaults.DefaultErrorHandlerServlet > 4880 TIMER_END{4878,Request Processing} Dumping > SlingRequestProgressTracker Entries > > The login page only returns back to normal after completely removing > (manually) the three path lines in FormAuthenticationHandler.config. So there > seems to be a problem with the path entry. > > What goes wrong here? > > Thanks, > Juerg > > ************************************ > > Here are further details on the NoAuthenticationHandlerException below (from > error.log, upon saving the configuration change. > > 20.03.2021 19:46:06.617 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.sling.auth.form Service > [org.apache.sling.auth.form.FormAuthenticationHandler,244, > [org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent > UNREGISTERING > 20.03.2021 19:46:06.620 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.sling.auth.form Service [LoginModule Support for > FormAuthenticationHandler,245, [org.apache.felix.jaas.LoginModuleFactory]] > ServiceEvent UNREGISTERING > 20.03.2021 19:46:06.622 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.felix.jaas Deregistering LoginModuleFactory > OsgiLoginModuleProvider{className=org.apache.sling.auth.form.impl.jaas.JaasHelper$1, > ranking=1000, flag=LoginModuleControlFlag: sufficient, > realmName='jackrabbit.oak'} > 20.03.2021 19:46:06.624 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.sling.auth.form Service > [org.apache.sling.auth.form.FormAuthenticationHandler,1101, > [org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent > REGISTERED > 20.03.2021 19:46:06.625 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.sling.auth.form Service [LoginModule Support for > FormAuthenticationHandler,1102, [org.apache.felix.jaas.LoginModuleFactory]] > ServiceEvent REGISTERED > 20.03.2021 19:46:06.627 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.felix.jaas Registering LoginModuleFactory LoginModule Support for > FormAuthenticationHandler > (org.apache.sling.auth.form.impl.jaas.FormLoginModule) > 20.03.2021 19:46:06.627 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.sling.auth.form.impl.jaas.JaasHelper Registered > FormLoginModuleFactory > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.sling.auth.form.impl.FormAuthenticationHandler Login Form URL > /system/sling/form/login > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.sling.auth.form.impl.FormAuthenticationHandler Using Cookie store > with name sling.formauth > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.sling.auth.form.impl.FormAuthenticationHandler Setting Auth Data > attribute name sling.formauth > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.sling.auth.form.impl.FormAuthenticationHandler Setting session > timeout 30 minutes > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.sling.auth.form.impl.FormAuthenticationHandler Storing tokens in > /home/juerg/bin/sling11/sling/felix/bundle114/data/cookie-tokens.bin > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire ConfigurationEvent: > pid=org.apache.sling.auth.form.FormAuthenticationHandler)] > org.apache.sling.auth.form.impl.TokenStore Seeding the secure random number > generator can take up to several minutes on some operating systems depending > upon environment factors. If this is a problem for you, set the system > property 'java.security.egd' to 'file:/dev/./urandom' or enable the Fast Seed > Generator in the Web Console > 20.03.2021 19:46:06.661 *ERROR*[qtp128006962-1044] > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2 > authenticate: Expected user ID anonymous to refer to a user > 20.03.2021 19:46:06.661 *INFO*[qtp128006962-1044] > org.apache.sling.auth.core.impl.SlingAuthenticator login: No handler for > request (1 handlers available) > 20.03.2021 19:46:06.662 *ERROR*[qtp128006962-1044] > org.apache.felix.http.jetty Exception while processing request to > /system/console/configMgr > (org.apache.sling.api.auth.NoAuthenticationHandlerException) > org.apache.sling.api.auth.NoAuthenticationHandlerException: null > at > org.apache.sling.auth.core.impl.SlingAuthenticator.login(SlingAuthenticator.java:588) > [org.apache.sling.auth.core:1.4.2] > at > org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:91) > [org.apache.sling.extensions.webconsolesecurityprovider:1.2.0] > at > org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103) > [org.apache.felix.webconsole:4.3.8] > at > org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:406) > [org.apache.felix.http.jetty:4.0.6] > at > org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:58) > [org.apache.felix.http.jetty:4.0.6] > at > org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146) > [org.apache.felix.http.jetty:4.0.6] > at > org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1014) > [org.apache.felix.http.jetty:4.0.6] > at > org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97) > [org.apache.felix.http.sslfilter:1.2.6] > at > org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandler.java:133) > [org.apache.felix.http.jetty:4.0.6] > at > org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1020) > [org.apache.felix.http.jetty:4.0.6] > at > org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(WhiteboardManager.java:1024) > [org.apache.felix.http.jetty:4.0.6] > at > org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91) > [org.apache.felix.http.jetty:4.0.6] > at > org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49) > [org.apache.felix.http.jetty:4.0.6] > at javax.servlet.http.HttpServlet.service(HttpServlet.java:725) > [org.apache.felix.http.servlet-api:1.1.2] > .... > > A few comments: > > - no idea what role user id 'anonymous' plays in here. What I do know, > however, is that it is a registered user in the system: > > "anonymous": { > "memberOf": [], > "declaredMemberOf": [], > "path": "/home/users/g/gktXr8UiIxG9fmuKU5sM7" > } > > - the change in the config was done with user 'admin' > - generating a token "taking minutes": would be no problem. > > Thanks for any help on this! > > Regards, > Juerg >
