[
https://issues.apache.org/jira/browse/SLING-5016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carsten Ziegeler resolved SLING-5016.
-------------------------------------
Resolution: Won't Fix
> SlingWebConsoleSecurityProvider2 does not work if ResourceResolver cannot be
> adapted to Session
> -----------------------------------------------------------------------------------------------
>
> Key: SLING-5016
> URL: https://issues.apache.org/jira/browse/SLING-5016
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Web Console Security Provider 1.1.6
> Reporter: Konrad Windszus
> Priority: Major
>
> After the deployment of several configurations (affecting for example the JCR
> Resource Resolver Factory) we ran into the issue that the
> {{SlingWebConsoleSecurityProvider2}} is active but it always returned a 401.
> The according log from the {{SlingAuthenticator}} for this failed
> authentication to the web console looks like this
> {code}
> 11.09.2015 09:52:14.371 *DEBUG* [qtp851550369-82]
> org.apache.sling.auth.core.impl.SlingAuthenticator doHandleSecurity: Trying
> to get a session for admin
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82]
> org.apache.sling.auth.core.impl.SlingAuthenticator setAttributes:
> ResourceResolver stored as request attribute: user=admin
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82]
> org.apache.sling.auth.core.impl.SlingAuthenticator login: requesting
> authentication using handler:
> com.adobe.cq.creativecloud.cloudims.impl.auth.CloudIMSAuthenticationHandler@47a78ad3
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82]
> org.apache.sling.auth.core.impl.SlingAuthenticator login: requesting
> authentication using handler:
> com.day.cq.auth.impl.LoginSelectorHandler@76a68a34
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82]
> org.apache.sling.auth.core.impl.SlingAuthenticator login: requesting
> authentication using handler:
> com.adobe.granite.auth.cert.impl.ClientCertAuthHandler@7fad0b6d
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82]
> org.apache.sling.auth.core.impl.SlingAuthenticator login: requesting
> authentication using handler: Token Authentication Handler
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82]
> org.apache.sling.auth.core.impl.SlingAuthenticator login: requesting
> authentication using handler:
> com.adobe.cq.dam.s7imaging.impl.auth.MemoryTokenAuthHandler@4bdc6939
> 11.09.2015 09:52:14.878 *DEBUG* [qtp851550369-81]
> org.apache.sling.auth.core.impl.SlingAuthenticator doHandleSecurity: Trying
> to get a session for admin
> {code}
> From these logs and from looking at the sources I assume the following
> happens here:
> # {{SlingWebConsoleSecurityProvider2.authenticate}} calls
> {{Authenticator.handleSecurity}} (which returns true)
> # {{SlingWebConsoleSecurityProvider2.authenticate}} tries to adapt resource
> resolver to session -> this fails and therefore {{Authenticator.login}} is
> called
> IMHO the SlingWebConsoleSecurityProvider2 should only be registered if the
> adaptation from resource resolver to session works. I am not sure under which
> circumstances this may fail, but if this fails the whole security provider
> should be inactive!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
