You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2023/05/04 15:41:00 UTC
[jira] [Resolved] (SLING-5016) SlingWebConsoleSecurityProvider2 does not work if ResourceResolver cannot be adapted to Session
[ https://issues.apache.org/jira/browse/SLING-5016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler resolved SLING-5016.
-------------------------------------
Resolution: Won't Fix
> SlingWebConsoleSecurityProvider2 does not work if ResourceResolver cannot be adapted to Session
> -----------------------------------------------------------------------------------------------
>
> Key: SLING-5016
> URL: https://issues.apache.org/jira/browse/SLING-5016
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Web Console Security Provider 1.1.6
> Reporter: Konrad Windszus
> Priority: Major
>
> After the deployment of several configurations (affecting for example the JCR Resource Resolver Factory) we ran into the issue that the {{SlingWebConsoleSecurityProvider2}} is active but it always returned a 401.
> The according log from the {{SlingAuthenticator}} for this failed authentication to the web console looks like this
> {code}
> 11.09.2015 09:52:14.371 *DEBUG* [qtp851550369-82] org.apache.sling.auth.core.impl.SlingAuthenticator doHandleSecurity: Trying to get a session for admin
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82] org.apache.sling.auth.core.impl.SlingAuthenticator setAttributes: ResourceResolver stored as request attribute: user=admin
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82] org.apache.sling.auth.core.impl.SlingAuthenticator login: requesting authentication using handler: com.adobe.cq.creativecloud.cloudims.impl.auth.CloudIMSAuthenticationHandler@47a78ad3
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82] org.apache.sling.auth.core.impl.SlingAuthenticator login: requesting authentication using handler: com.day.cq.auth.impl.LoginSelectorHandler@76a68a34
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82] org.apache.sling.auth.core.impl.SlingAuthenticator login: requesting authentication using handler: com.adobe.granite.auth.cert.impl.ClientCertAuthHandler@7fad0b6d
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82] org.apache.sling.auth.core.impl.SlingAuthenticator login: requesting authentication using handler: Token Authentication Handler
> 11.09.2015 09:52:14.372 *DEBUG* [qtp851550369-82] org.apache.sling.auth.core.impl.SlingAuthenticator login: requesting authentication using handler: com.adobe.cq.dam.s7imaging.impl.auth.MemoryTokenAuthHandler@4bdc6939
> 11.09.2015 09:52:14.878 *DEBUG* [qtp851550369-81] org.apache.sling.auth.core.impl.SlingAuthenticator doHandleSecurity: Trying to get a session for admin
> {code}
> From these logs and from looking at the sources I assume the following happens here:
> # {{SlingWebConsoleSecurityProvider2.authenticate}} calls {{Authenticator.handleSecurity}} (which returns true)
> # {{SlingWebConsoleSecurityProvider2.authenticate}} tries to adapt resource resolver to session -> this fails and therefore {{Authenticator.login}} is called
> IMHO the SlingWebConsoleSecurityProvider2 should only be registered if the adaptation from resource resolver to session works. I am not sure under which circumstances this may fail, but if this fails the whole security provider should be inactive!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)