You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@sling.apache.org by JCR <jc...@proxymit.net> on 2021/04/14 12:17:12 UTC
Re: Issue with form based authentication
Carsten, Cris
Solved.
Many thanks for the feedback. Unfortunately, Carsten's original message
did not make it to the list, I also can't find it in mail-archive, so
thanks for repeating.
I think the confusion is that
https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html
talks about changes to the form authentication service only, omitting to
mention necessary changes to the Authentication Service config.
The following changes now work for me:
The auth.http is set to "Enabled (Preemptive)", which is the default.
I added to the requirements section (of Authentication Service):
-/content
-/system/sling/login
/content/a/b
There was no change necessary in the form based authentication service
config, the path (which I had originally changed to /content/a/b) is now
left at its default "/" value.
Best,
Juerg
On 12.04.21 17:42, Carsten Ziegeler wrote:
> I already answered in the same direction over a week ago on one of the
> first messages:
>
> Hi,
>
> I might be wrong, but I think the problem is that as soon as you
> configure the forms based auth handler, you don't have a handler for
> other paths like /system/console. Your logs show this statement
> "No handler for request (1 handlers available)"
>
> So, you have two options: define a default handler for "/" or
> configure SlingAuthenticator to treat everything that is not handled
> by a handler via basic auth (auth.http configuration)
>
> Regards
>
> Carsten
>
> Am 12.04.2021 um 17:32 schrieb Cris Rockwell:
>> Hi Juerg
>>
>> Regarding the first error, if the following occurred
>>
>> 1. you signed into Sling using the login page (/system/sling/login.html)
>> 2. you changed the `path` property for
>> org.apache.sling.auth.form.FormAuthenticationHandler from '/' to
>> ‘/content/a/b'
>>
>> Then, perhaps auth access and errors should be expected for requests
>> for any path that is not under /content/a/b
>> For example, /system/console/configMgr is not under /content/a/b, so
>> your previous forms auth credential is no longer applicable.
>>
>> Also, is org.apache.sling.engine.impl.auth.SlingAuthenticator
>> configured to disable auth.http?
>> if so, then I think the NoAuthenticationHandlerException would be
>> expected.
>>
>> The fact that http://localhost:8080/system/sling/form/login
>> <http://localhost:8080/system/sling/form/login> is 403 is odd
>> You may want to double check
>> org.apache.sling.engine.impl.auth.SlingAuthenticator
>> Authentication Requirements includes "-/system/sling/login"
>>
>> Regards
>> Cris
>>
>>> On Apr 12, 2021, at 10:05 AM, JCR <jc...@proxymit.net> wrote:
>>>
>>> Hello,
>>>
>>> I post this issue here because I have not got any answer on the
>>> user's list.
>>> The thread comprises of two messages, whereas the second details the
>>> error from error.log. I use Sling 11 and Java 11.
>>>
>>> Thanks,
>>> Juerg Meier
>>>
>>>
>>> ***************************************
>>>
>>> On 12.03.21 12:30, JCR wrote:
>>> I tried to configure form based authentication for a certain subtree
>>> under /content.
>>>
>>> So I added the path in the Felix console the Sling Form Based
>>> Authentication Handler configuration, providing the absolute path
>>> /content/a/b, being the admin user.
>>> But saving the changed configuration resulted in this error:
>>>
>>> HTTP ERROR 500
>>> Problem accessing
>>> /system/console/configMgr/org.apache.sling.auth.form.FormAuthenticationHandler.
>>> Reason:
>>>
>>> Server Error
>>>
>>> Caused by:
>>> org.apache.sling.api.auth.NoAuthenticationHandlerException
>>> at
>>> org.apache.sling.auth.core.impl.SlingAuthenticator.login(SlingAuthenticator.java:588)
>>> at
>>> org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:91)
>>> at
>>> org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103)
>>> at
>>> org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:406)
>>> at
>>> org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:58)
>>> at
>>> org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)
>>> at
>>> org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1014)
>>> at
>>> org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)
>>> ...
>>>
>>> Note that at that point in time, the Apache Sling Form Based
>>> Authentication Handlerorg.apache.sling.auth.form bundle (V 1.0.12)
>>> was active.
>>>
>>> And, the changed record got actually written to file
>>> /sling/config/org/apache/sling/auth/form/FormAuthenticationHandler.config
>>> :
>>>
>>> :org.apache.felix.configadmin.revision:=L"1"^M
>>> form.auth.name="sling.formauth"^M
>>> form.auth.storage="cookie"^M
>>> form.auth.timeout=I"30"^M
>>> form.credentials.name="sling.formauth"^M
>>> form.default.cookie.domain=""^M
>>> form.login.form="/system/sling/form/login"^M
>>> form.onexpire.login=B"false"^M
>>> form.token.fastseed=B"false"^M
>>> form.token.file="cookie-tokens.bin"^M
>>> jaas.controlFlag="sufficient"^M
>>> jaas.ranking=I"1000"^M
>>> jaas.realmName="jackrabbit.oak"^M
>>> path=[ \^M
>>> "/content/a/b", \^M
>>> ]^M
>>> preferReasonCode=B"false"^M
>>> service.pid="org.apache.sling.auth.form.FormAuthenticationHandler"^M
>>> service.ranking=I"0"^M
>>> useInclude=B"false"^M
>>>
>>>
>>> The login page (/system/sling/login.html) returned with Http status
>>> 403:
>>>
>>> The requested URL /system/sling/login.html resulted in an error in
>>> org.apache.sling.auth.core.impl.LoginServlet.
>>> Request Progress:
>>>
>>> 0 TIMER_START{Request Processing}
>>> 3 COMMENT timer_end format is {<elapsed microseconds>,<timer
>>> name>} <optional message>
>>> 13 LOG Method=GET, PathInfo=null
>>> 14 TIMER_START{handleSecurity}
>>> 1277 TIMER_END{1260,handleSecurity} authenticator
>>> org.apache.sling.auth.core.impl.SlingAuthenticator@232f04d8 returns
>>> true
>>> 2061 TIMER_START{ResourceResolution}
>>> 2254 TIMER_END{189,ResourceResolution}
>>> URI=/system/sling/login.html resolves to Resource=ServletResource,
>>> servlet=org.apache.sling.auth.core.impl.LoginServlet,
>>> path=/system/sling/login
>>> 2273 LOG Resource Path Info: SlingRequestPathInfo:
>>> path='/system/sling/login', selectorString='null', extension='html',
>>> suffix='null'
>>> 2274 TIMER_START{ServletResolution}
>>> 2282 TIMER_START{resolveServlet(/system/sling/login)}
>>> 2306 TIMER_END{23,resolveServlet(/system/sling/login)} Using
>>> servlet org.apache.sling.auth.core.impl.LoginServlet
>>> 2311 TIMER_END{36,ServletResolution}
>>> URI=/system/sling/login.html handled by
>>> Servlet=org.apache.sling.auth.core.impl.LoginServlet
>>> 2328 LOG Applying Requestfilters
>>> 2339 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter
>>> 2347 LOG Calling filter:
>>> org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter
>>> 2355 LOG Applying Componentfilters
>>> 2370 TIMER_START{org.apache.sling.auth.core.impl.LoginServlet#0}
>>> 2753 LOG Applying Error filters
>>> 2758 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter
>>> 2769 TIMER_START{handleError:status=403}
>>> 3509 TIMER_END{736,handleError:status=403} Using handler
>>> org.apache.sling.servlets.resolver.internal.defaults.DefaultErrorHandlerServlet
>>> 4880 TIMER_END{4878,Request Processing} Dumping
>>> SlingRequestProgressTracker Entries
>>>
>>> The login page only returns back to normal after completely removing
>>> (manually) the three path lines in FormAuthenticationHandler.config.
>>> So there seems to be a problem with the path entry.
>>>
>>> What goes wrong here?
>>>
>>> Thanks,
>>> Juerg
>>>
>>> ************************************
>>>
>>> Here are further details on the NoAuthenticationHandlerException
>>> below (from error.log, upon saving the configuration change.
>>>
>>> 20.03.2021 19:46:06.617 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.sling.auth.form Service
>>> [org.apache.sling.auth.form.FormAuthenticationHandler,244,
>>> [org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent
>>> UNREGISTERING
>>> 20.03.2021 19:46:06.620 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.sling.auth.form Service [LoginModule Support for
>>> FormAuthenticationHandler,245,
>>> [org.apache.felix.jaas.LoginModuleFactory]] ServiceEvent UNREGISTERING
>>> 20.03.2021 19:46:06.622 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.felix.jaas Deregistering LoginModuleFactory
>>> OsgiLoginModuleProvider{className=org.apache.sling.auth.form.impl.jaas.JaasHelper$1,
>>> ranking=1000, flag=LoginModuleControlFlag: sufficient,
>>> realmName='jackrabbit.oak'}
>>> 20.03.2021 19:46:06.624 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.sling.auth.form Service
>>> [org.apache.sling.auth.form.FormAuthenticationHandler,1101,
>>> [org.apache.sling.auth.core.spi.AuthenticationHandler]] ServiceEvent
>>> REGISTERED
>>> 20.03.2021 19:46:06.625 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.sling.auth.form Service [LoginModule Support for
>>> FormAuthenticationHandler,1102,
>>> [org.apache.felix.jaas.LoginModuleFactory]] ServiceEvent REGISTERED
>>> 20.03.2021 19:46:06.627 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.felix.jaas Registering LoginModuleFactory LoginModule
>>> Support for FormAuthenticationHandler
>>> (org.apache.sling.auth.form.impl.jaas.FormLoginModule)
>>> 20.03.2021 19:46:06.627 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.sling.auth.form.impl.jaas.JaasHelper Registered
>>> FormLoginModuleFactory
>>> 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.sling.auth.form.impl.FormAuthenticationHandler Login Form
>>> URL /system/sling/form/login
>>> 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.sling.auth.form.impl.FormAuthenticationHandler Using
>>> Cookie store with name sling.formauth
>>> 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.sling.auth.form.impl.FormAuthenticationHandler Setting
>>> Auth Data attribute name sling.formauth
>>> 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.sling.auth.form.impl.FormAuthenticationHandler Setting
>>> session timeout 30 minutes
>>> 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.sling.auth.form.impl.FormAuthenticationHandler Storing
>>> tokens in
>>> /home/juerg/bin/sling11/sling/felix/bundle114/data/cookie-tokens.bin
>>> 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
>>> ConfigurationEvent:
>>> pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
>>> org.apache.sling.auth.form.impl.TokenStore Seeding the secure random
>>> number generator can take up to several minutes on some operating
>>> systems depending upon environment factors. If this is a problem for
>>> you, set the system property 'java.security.egd' to
>>> 'file:/dev/./urandom' or enable the Fast Seed Generator in the Web
>>> Console
>>> 20.03.2021 19:46:06.661 *ERROR*[qtp128006962-1044]
>>> org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2
>>> authenticate: Expected user ID anonymous to refer to a user
>>> 20.03.2021 19:46:06.661 *INFO*[qtp128006962-1044]
>>> org.apache.sling.auth.core.impl.SlingAuthenticator login: No handler
>>> for request (1 handlers available)
>>> 20.03.2021 19:46:06.662 *ERROR*[qtp128006962-1044]
>>> org.apache.felix.http.jetty Exception while processing request to
>>> /system/console/configMgr
>>> (org.apache.sling.api.auth.NoAuthenticationHandlerException)
>>> org.apache.sling.api.auth.NoAuthenticationHandlerException: null
>>> at
>>> org.apache.sling.auth.core.impl.SlingAuthenticator.login(SlingAuthenticator.java:588)
>>> [org.apache.sling.auth.core:1.4.2]
>>> at
>>> org.apache.sling.extensions.webconsolesecurityprovider.internal.SlingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecurityProvider2.java:91)
>>> [org.apache.sling.extensions.webconsolesecurityprovider:1.2.0]
>>> at
>>> org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpContext.handleSecurity(OsgiManagerHttpContext.java:103)
>>> [org.apache.felix.webconsole:4.3.8]
>>> at
>>> org.apache.felix.http.base.internal.service.ServletContextImpl.handleSecurity(ServletContextImpl.java:406)
>>> [org.apache.felix.http.jetty:4.0.6]
>>> at
>>> org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:58)
>>> [org.apache.felix.http.jetty:4.0.6]
>>> at
>>> org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)
>>> [org.apache.felix.http.jetty:4.0.6]
>>> at
>>> org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1014)
>>> [org.apache.felix.http.jetty:4.0.6]
>>> at
>>> org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:97)
>>> [org.apache.felix.http.sslfilter:1.2.6]
>>> at
>>> org.apache.felix.http.base.internal.handler.PreprocessorHandler.handle(PreprocessorHandler.java:133)
>>> [org.apache.felix.http.jetty:4.0.6]
>>> at
>>> org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$2.doFilter(WhiteboardManager.java:1020)
>>> [org.apache.felix.http.jetty:4.0.6]
>>> at
>>> org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(WhiteboardManager.java:1024)
>>> [org.apache.felix.http.jetty:4.0.6]
>>> at
>>> org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)
>>> [org.apache.felix.http.jetty:4.0.6]
>>> at
>>> org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49)
>>> [org.apache.felix.http.jetty:4.0.6]
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
>>> [org.apache.felix.http.servlet-api:1.1.2]
>>> ....
>>>
>>> A few comments:
>>>
>>> - no idea what role user id 'anonymous' plays in here. What I do
>>> know, however, is that it is a registered user in the system:
>>>
>>> "anonymous": {
>>> "memberOf": [],
>>> "declaredMemberOf": [],
>>> "path": "/home/users/g/gktXr8UiIxG9fmuKU5sM7"
>>> }
>>>
>>> - the change in the config was done with user 'admin'
>>> - generating a token "taking minutes": would be no problem.
>>>
>>> Thanks for any help on this!
>>>
>>> Regards,
>>> Juerg
>>>
>>
>>
>
Re: Issue with form based authentication
Posted by Robert Munteanu <ro...@apache.org>.
Hi Juerg,
I can see Carsten's message at [1], not sure why you did not receive
it.
Thanks,
Robert
[1]: https://lists.apache.org/thread.html/rdd3579eff90c213d08958ebc0f71b35befbc10a7cc334279f65dd940%40%3Cdev.sling.apache.org%3E
On Wed, 2021-04-14 at 14:17 +0200, JCR wrote:
> Carsten, Cris
>
> Solved.
>
> Many thanks for the feedback. Unfortunately, Carsten's original message
> thanks for repeating.
>
> I think the confusion is that
> https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html
>
> talks about changes to the form authentication service only, omitting
> to
> mention necessary changes to the Authentication Service config.
>
> The following changes now work for me:
>
> The auth.http is set to "Enabled (Preemptive)", which is the default.
>
> I added to the requirements section (of Authentication Service):
> -/content
> -/system/sling/login
> /content/a/b
>
> There was no change necessary in the form based authentication service
> config, the path (which I had originally changed to /content/a/b) is
> now
> left at its default "/" value.
>
> Best,
> Juerg
>
>
> On 12.04.21 17:42, Carsten Ziegeler wrote:
> > I already answered in the same direction over a week ago on one of
> > the
> > first messages:
> >
> > Hi,
> >
> > I might be wrong, but I think the problem is that as soon as you
> > configure the forms based auth handler, you don't have a handler for
> > other paths like /system/console. Your logs show this statement
> > "No handler for request (1 handlers available)"
> >
> > So, you have two options: define a default handler for "/" or
> > configure SlingAuthenticator to treat everything that is not handled
> > by a handler via basic auth (auth.http configuration)
> >
> > Regards
> >
> > Carsten
> >
> > Am 12.04.2021 um 17:32 schrieb Cris Rockwell:
> > > Hi Juerg
> > >
> > > Regarding the first error, if the following occurred
> > >
> > > 1. you signed into Sling using the login page
> > > (/system/sling/login.html)
> > > 2. you changed the `path` property for
> > > ‘/content/a/b'
> > >
> > > Then, perhaps auth access and errors should be expected for
> > > requests
> > > for any path that is not under /content/a/b
> > > For example, /system/console/configMgr is not under /content/a/b,
> > > so
> > > your previous forms auth credential is no longer applicable.
> > >
> > > Also, is org.apache.sling.engine.impl.auth.SlingAuthenticator
> > > configured to disable auth.http?
> > > expected.
> > >
> > > The fact that http://localhost:8080/system/sling/form/login
> > > <http://localhost:8080/system/sling/form/login> is 403 is odd
> > > You may want to double check
> > > org.apache.sling.engine.impl.auth.SlingAuthenticator
> > > Authentication Requirements includes "-/system/sling/login"
> > >
> > > Regards
> > > Cris
> > >
> > > > On Apr 12, 2021, at 10:05 AM, JCR <jc...@proxymit.net> wrote:
> > > >
> > > > Hello,
> > > >
> > > > user's list.
> > > > The thread comprises of two messages, whereas the second details
> > > > the
> > > > error from error.log. I use Sling 11 and Java 11.
> > > >
> > > > Thanks,
> > > > Juerg Meier
> > > >
> > > >
> > > > ***************************************
> > > >
> > > > On 12.03.21 12:30, JCR wrote:
> > > > I tried to configure form based authentication for a certain
> > > > subtree
> > > > under /content.
> > > >
> > > > So I added the path in the Felix console the Sling Form Based
> > > > Authentication Handler configuration, providing the absolute path
> > > > /content/a/b, being the admin user.
> > > > But saving the changed configuration resulted in this error:
> > > >
> > > > HTTP ERROR 500
> > > > Problem accessing
> > > > Reason:
> > > >
> > > > Server Error
> > > >
> > > > Caused by:
> > > > org.apache.sling.api.auth.NoAuthenticationHandlerException
> > > > at
> > > > org.apache.sling.auth.core.impl.SlingAuthenticator.login(SlingAut
> > > > henticator.java:588)
> > > > at
> > > > org.apache.sling.extensions.webconsolesecurityprovider.internal.S
> > > > lingWebConsoleSecurityProvider2.authenticate(SlingWebConsoleSecur
> > > > ityProvider2.java:91)
> > > > at
> > > > org.apache.felix.webconsole.internal.servlet.OsgiManagerHttpConte
> > > > xt.handleSecurity(OsgiManagerHttpContext.java:103)
> > > > at
> > > > org.apache.felix.http.base.internal.service.ServletContextImpl.ha
> > > > ndleSecurity(ServletContextImpl.java:406)
> > > > at
> > > > org.apache.felix.http.base.internal.dispatch.InvocationChain.doFi
> > > > lter(InvocationChain.java:58)
> > > > at
> > > > org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilte
> > > > r(Dispatcher.java:146)
> > > > at
> > > > org.apache.felix.http.base.internal.whiteboard.WhiteboardManager$
> > > > 2.doFilter(WhiteboardManager.java:1014)
> > > > at
> > > > org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFi
> > > > lter.java:97)
> > > > ...
> > > >
> > > > Note that at that point in time, the Apache Sling Form Based
> > > > Authentication Handlerorg.apache.sling.auth.form bundle (V
> > > > 1.0.12)
> > > > was active.
> > > >
> > > > And, the changed record got actually written to file
> > > > :
> > > >
> > > > :org.apache.felix.configadmin.revision:=L"1"^M
> > > > form.auth.name="sling.formauth"^M
> > > > form.auth.storage="cookie"^M
> > > > form.auth.timeout=I"30"^M
> > > > form.credentials.name="sling.formauth"^M
> > > > form.default.cookie.domain=""^M
> > > > form.login.form="/system/sling/form/login"^M
> > > > form.onexpire.login=B"false"^M
> > > > form.token.fastseed=B"false"^M
> > > > form.token.file="cookie-tokens.bin"^M
> > > > jaas.controlFlag="sufficient"^M
> > > > jaas.ranking=I"1000"^M
> > > > jaas.realmName="jackrabbit.oak"^M
> > > > path=[ \^M
> > > > "/content/a/b", \^M
> > > > ]^M
> > > > preferReasonCode=B"false"^M
> > > > service.pid="org.apache.sling.auth.form.FormAuthenticationHandler
> > > > "^M
> > > > service.ranking=I"0"^M
> > > > useInclude=B"false"^M
> > > >
> > > >
> > > > The login page (/system/sling/login.html) returned with Http
> > > > status
> > > > 403:
> > > >
> > > > The requested URL /system/sling/login.html resulted in an error
> > > > in
> > > > org.apache.sling.auth.core.impl.LoginServlet.
> > > > Request Progress:
> > > >
> > > > 0 TIMER_START{Request Processing}
> > > > 3 COMMENT timer_end format is {<elapsed
> > > > microseconds>,<timer
> > > > name>} <optional message>
> > > > 13 LOG Method=GET, PathInfo=null
> > > > 14 TIMER_START{handleSecurity}
> > > > 1277 TIMER_END{1260,handleSecurity} authenticator
> > > > org.apache.sling.auth.core.impl.SlingAuthenticator@232f04d8
> > > > returns
> > > > true
> > > > 2061 TIMER_START{ResourceResolution}
> > > > 2254 TIMER_END{189,ResourceResolution}
> > > > URI=/system/sling/login.html resolves to
> > > > Resource=ServletResource,
> > > > servlet=org.apache.sling.auth.core.impl.LoginServlet,
> > > > path=/system/sling/login
> > > > 2273 LOG Resource Path Info: SlingRequestPathInfo:
> > > > path='/system/sling/login', selectorString='null',
> > > > extension='html',
> > > > suffix='null'
> > > > 2274 TIMER_START{ServletResolution}
> > > > 2282 TIMER_START{resolveServlet(/system/sling/login)}
> > > > 2306 TIMER_END{23,resolveServlet(/system/sling/login)} Using
> > > > servlet org.apache.sling.auth.core.impl.LoginServlet
> > > > 2311 TIMER_END{36,ServletResolution}
> > > > URI=/system/sling/login.html handled by
> > > > Servlet=org.apache.sling.auth.core.impl.LoginServlet
> > > > 2328 LOG Applying Requestfilters
> > > > 2339 LOG Calling filter:
> > > > org.apache.sling.i18n.impl.I18NFilter
> > > > 2347 LOG Calling filter:
> > > > org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilte
> > > > r
> > > > 2355 LOG Applying Componentfilters
> > > > 2370
> > > > TIMER_START{org.apache.sling.auth.core.impl.LoginServlet#0}
> > > > 2753 LOG Applying Error filters
> > > > 2758 LOG Calling filter:
> > > > org.apache.sling.i18n.impl.I18NFilter
> > > > 2769 TIMER_START{handleError:status=403}
> > > > 3509 TIMER_END{736,handleError:status=403} Using handler
> > > > org.apache.sling.servlets.resolver.internal.defaults.DefaultError
> > > > HandlerServlet
> > > > 4880 TIMER_END{4878,Request Processing} Dumping
> > > > SlingRequestProgressTracker Entries
> > > >
> > > > The login page only returns back to normal after completely
> > > > removing
> > > > (manually) the three path lines in
> > > > FormAuthenticationHandler.config.
> > > > So there seems to be a problem with the path entry.
> > > >
> > > > What goes wrong here?
> > > >
> > > > Thanks,
> > > > Juerg
> > > >
> > > > ************************************
> > > >
> > > > Here are further details on the NoAuthenticationHandlerException
> > > > below (from error.log, upon saving the configuration change.
> > > >
> > > > 20.03.2021 19:46:06.617 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.sling.auth.form Service
> > > > [org.apache.sling.auth.form.FormAuthenticationHandler,244,
> > > > [org.apache.sling.auth.core.spi.AuthenticationHandler]]
> > > > ServiceEvent
> > > > UNREGISTERING
> > > > 20.03.2021 19:46:06.620 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.sling.auth.form Service [LoginModule Support for
> > > > FormAuthenticationHandler,245,
> > > > [org.apache.felix.jaas.LoginModuleFactory]] ServiceEvent
> > > > UNREGISTERING
> > > > 20.03.2021 19:46:06.622 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.felix.jaas Deregistering LoginModuleFactory
> > > > ranking=1000, flag=LoginModuleControlFlag: sufficient,
> > > > realmName='jackrabbit.oak'}
> > > > 20.03.2021 19:46:06.624 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.sling.auth.form Service
> > > > [org.apache.sling.auth.form.FormAuthenticationHandler,1101,
> > > > [org.apache.sling.auth.core.spi.AuthenticationHandler]]
> > > > ServiceEvent
> > > > REGISTERED
> > > > 20.03.2021 19:46:06.625 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.sling.auth.form Service [LoginModule Support for
> > > > FormAuthenticationHandler,1102,
> > > > [org.apache.felix.jaas.LoginModuleFactory]] ServiceEvent
> > > > REGISTERED
> > > > 20.03.2021 19:46:06.627 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.felix.jaas Registering LoginModuleFactory LoginModule
> > > > Support for FormAuthenticationHandler
> > > > (org.apache.sling.auth.form.impl.jaas.FormLoginModule)
> > > > 20.03.2021 19:46:06.627 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.sling.auth.form.impl.jaas.JaasHelper Registered
> > > > FormLoginModuleFactory
> > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.sling.auth.form.impl.FormAuthenticationHandler Login
> > > > Form
> > > > URL /system/sling/form/login
> > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > Cookie store with name sling.formauth
> > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.sling.auth.form.impl.FormAuthenticationHandler Setting
> > > > Auth Data attribute name sling.formauth
> > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.sling.auth.form.impl.FormAuthenticationHandler Setting
> > > > session timeout 30 minutes
> > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.sling.auth.form.impl.FormAuthenticationHandler Storing
> > > > tokens in
> > > > /home/juerg/bin/sling11/sling/felix/bundle114/data/cookie-
> > > > tokens.bin
> > > > 20.03.2021 19:46:06.628 *INFO*[CM Event Dispatcher (Fire
> > > > ConfigurationEvent:
> > > > pid=org.apache.sling.auth.form.FormAuthenticationHandler)]
> > > > org.apache.sling.auth.form.impl.TokenStore Seeding the secure
> > > > random
> > > > number generator can take up to several minutes on some operating
> > > > systems depending upon environment factors. If this is a problem
> > > > for
> > > > you, set the system property 'java.security.egd' to
> > > > 'file:/dev/./urandom' or enable the Fast Seed Generator in the
> > > > Web
> > > > Console
> > > > 20.03.2021 19:46:06.661 *ERROR*[qtp128006962-1044]
> > > > authenticate: Expected user ID anonymous to refer to a user
> > > > 20.03.2021 19:46:06.661 *INFO*[qtp128006962-1044]
> > > > org.apache.sling.auth.core.impl.SlingAuthenticator login: No
> > > > handler
> > > > for request (1 handlers available)
> > > > 20.03.2021 19:46:06.662 *ERROR*[qtp128006962-1044]
> > > > org.apache.felix.http.jetty Exception while processing request to
> > > > /system/console/configMgr
> > > > (org.apache.sling.api.auth.NoAuthenticationHandlerException)
> > > > org.apache.sling.api.auth.NoAuthenticationHandlerException: null
> > > > at
> > > > [org.apache.sling.auth.core:1.4.2]
> > > > at
> > > > [org.apache.sling.extensions.webconsolesecurityprovider:1.2.0]
> > > > at
> > > > [org.apache.felix.webconsole:4.3.8]
> > > > at
> > > > [org.apache.felix.http.jetty:4.0.6]
> > > > at
> > > > [org.apache.felix.http.jetty:4.0.6]
> > > > at
> > > > [org.apache.felix.http.jetty:4.0.6]
> > > > at
> > > > [org.apache.felix.http.jetty:4.0.6]
> > > > at
> > > > [org.apache.felix.http.sslfilter:1.2.6]
> > > > at
> > > > [org.apache.felix.http.jetty:4.0.6]
> > > > at
> > > > [org.apache.felix.http.jetty:4.0.6]
> > > > at
> > > > [org.apache.felix.http.jetty:4.0.6]
> > > > at
> > > > [org.apache.felix.http.jetty:4.0.6]
> > > > at
> > > > [org.apache.felix.http.jetty:4.0.6]
> > > > at
> > > > javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
> > > > [org.apache.felix.http.servlet-api:1.1.2]
> > > > ....
> > > >
> > > > A few comments:
> > > >
> > > > - no idea what role user id 'anonymous' plays in here. What I do
> > > > know, however, is that it is a registered user in the system:
> > > >
> > > > "anonymous": {
> > > > "memberOf": [],
> > > > "declaredMemberOf": [],
> > > > "path": "/home/users/g/gktXr8UiIxG9fmuKU5sM7"
> > > > }
> > > >
> > > > - the change in the config was done with user 'admin'
> > > > - generating a token "taking minutes": would be no problem.
> > > >
> > > > Thanks for any help on this!
> > > >
> > > > Regards,
> > > > Juerg
> > > >
> > >
> > >
> >