Hello again, I see this error in the logs when I try to access protected content: 10.02.2016 12:08:58.331 *WARN* [qtp1324180225-41] org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target '/apps/opal/loginNode.html' does not start with servlet context path '/test'
As stated by the documentation, I did not put the context path in the login form path. I can put it, but then the context path will be hard coded in the value. I have the same error with a very simple Sling launchpad, 7 or 8, just started with "-r /test", when I click on "follow this link <http://localhost:8081/test/system/sling/login>." on the index page: 10.02.2016 11:45:36.113 *WARN* [0:0:0:0:0:0:0:1 [1455101136113] GET /test/system/sling/login HTTP/1.1] org.apache.sling.auth.core.AuthUtil isRedirectValid: Redirect target '/system/sling/form/login' does not start with servlet context path '/test' Is anybody else using this form authentication with a context path? Thank you, Guillaume On Tue, Feb 9, 2016 at 4:28 PM, Guillaume Lucazeau <[email protected]> wrote: > I see the same problem with the default value: /system/sling/form/login > > > I need to add the context path otherwise I'm redirected to the Sling index > page. > > Any idea of what I'm doing wrong? > > Thank you for your help > Guillaume > > On Tue, Feb 9, 2016 at 3:55 PM, Guillaume Lucazeau <[email protected]> > wrote: > >> Hello, >> >> There was a few typos and missing stuff in my previous message, so I've >> finally made it work. >> >> However, I still see an issue, related to the context path. The >> documentation here [1] says: >> >> form.login.form /system/sling/form/login The URL (without any context >> path prefix) to redirect the client to to present the login form. >> So my configuration is : form.login.form = /apps/opal/loginNode.html >> >> With a basic launchpad (Sling 7), accessing my protected node at >> http://localhost:8080/content/opal.html redirects me to >> http://localhost:8080/apps/opal/loginNode.html, which is expected. >> >> However, if I start my lauchpad with a context (-r /test), trying to >> reach http://localhost:8081/test/content/opal.html redirects me to >> http://localhost:8081/test/index.html >> >> If I change form.login.form value to "/test/apps/opal/loginNode.html", >> I'm redirected to the login form. >> >> Did I miss something here? >> >> Thank you, >> Guillaume >> >> [1] >> https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html >> >> On Fri, Jan 29, 2016 at 2:59 PM, Guillaume Lucazeau <[email protected]> >> wrote: >> >>> Hello Julian, >>> >>> Thank you for your reply. I've setup a clean Sling launchpad and made >>> sure anonymous access was allowed (auth.annonymous in Apache Sling >>> Authentication Service if I'm right). >>> >>> I've created simple content : >>> /content/opal/protected/subnode and /content/opal/unprotected/subnode >>> >>> And then set up this configuration: >>> >>> Apache Sling Authentication Service >>> sling.auth.requirements = +/content/opal/protected >>> >>> Apache Sling Form Based Authentication Handler >>> form.login.form = /app/opal/loginNode (opal/login) >>> >>> loginNode has sling:resourceType = opal/login and a corresponding view >>> in /apps/opal/login/html.jsp >>> >>> It then worked (i.e. I was redirected to my custom login form) for a few >>> times but somehow it stopped working. I don't know what I did exactly but >>> now if I try to access " >>> http://localhost:8080/content/opal/protected/subnode.json"; the >>> "html.jsp" is offered for download but not displayed anymore. >>> >>> I also noticed the properties set above are sometimes reinitialized >>> mysteriously. And once the system/login form went unaccessible (403 on it I >>> think, couldn't log in Composum either) and I had to reinstall. >>> >>> So I don't know if this "fake node" is the right way to go, just to use >>> a JSP instead of a static HTML file >>> >>> Best regards, >>> Guillaume >>> >>> On Wed, Jan 13, 2016 at 4:59 PM, Julian Sedding <[email protected]> >>> wrote: >>> >>>> Hello Guillaume >>>> >>>> Maybe you cannot render the resource, because the "anonymous" user >>>> does not have read permissions? If you want to have a resource based >>>> login page, you need to allow "anonymous" read access. >>>> >>>> Hope this help! >>>> >>>> Regards >>>> Julian >>>> >>>> On Wed, Jan 13, 2016 at 4:15 PM, Guillaume Lucazeau < >>>> [email protected]> wrote: >>>> > Hello, >>>> > >>>> > I would like to provide a custom form reusing the form authentication >>>> > provided by Sling, so I have followed this example: >>>> > https://github.com/apache/sling/tree/trunk/samples/custom-login-form >>>> > >>>> > I works well with a static page, however I would like to reuse the >>>> > header/footer fragments that I usually include with <sling:include> >>>> in my >>>> > application, to get the Javascript and CSS files. >>>> > >>>> > Is it possible to use a JSP there, while keeping the authentication >>>> > mechanism provided by Sling? >>>> > >>>> > I didn't succeed to serve a page based on a resource for the >>>> authentication >>>> > page, and didn't find much online. >>>> > >>>> > Thank you >>>> > Guillaume >>>> >>> >>> >> >
