Friday, August 17, 2018

How to Enable Cross Origin Resource Sharing(CORS) support in AEM(Adobe Experience Manager)

How to Enable Cross Origin Resource Sharing(CORS) support in AEM(Adobe Experience Manager)


Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

Sometimes we may have scenarios to expose the AEM services to be invoked from cross origins, this post explains the different approaches to enable the Cross Origin Resource Sharing Supports.

The CORS support is introduced OOB in AEM 6.3 version, refer https://helpx.adobe.com/experience-manager/kt/platform-repository/using/cors-security-article-understand.html for more details.


Enabling CORS for older AEM versions(<6.3)


The request is failed with below exception in browser console while trying to invoke cross origin(service hosted in different domains) services through Ajax.

"Failed to load http://localhost:4503/bin/sampleJSONPService: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access".

There are two approaches to enable the Cross Origin Requests

  • JSONP
  • CORS Headers

JSONP


JSONP stands for JSON with Padding, JSONP is a method for sending JSON data without worrying about cross-domain issues.
JSONP supports only the GET request method, JSONP works on legacy browsers.

Enable the service to rerun the JSON response with Padding


@SuppressWarnings("serial")
@SlingServlet(
   selectors = "json",
   paths = "/bin/sampleJSONPService",
   methods = "GET")
public class SimpleServlet extends SlingSafeMethodsServlet {

    @Override
    protected void doGet(final SlingHttpServletRequest req,
            final SlingHttpServletResponse resp) throws ServletException, IOException {
    resp.setHeader("Content-Type", "application/json");
    resp.setHeader("X-Content-Type-Options", "");
    String callback=req.getParameter("callback");
       
    JSONObject response = new JSONObject();
    try {
response.put("test1", "testvalue1");
response.put("test2", "testvalue2");
response.put("test3", "testvalue3");
response.put("test4", "testvalue4");
} catch (JSONException e) {
e.printStackTrace();
}
   
    if(callback!=null && !callback.trim().equals("")) {
    resp.getWriter().write( callback + "("+response.toString()+ ")");
    }else
    {
    resp.getWriter().write(response.toString());
    }   
   
    }
}

The above service return the JSON response with padding

Invoke the JSONP service from Ajax


<html>
<head>
<script
  src="https://code.jquery.com/jquery-3.3.1.min.js"  integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8="  crossorigin="anonymous">
</script>
</head>
<body>

Test Data (<span class="testData">Default</span>)

<script>
var dataUrl = 'http://localhost:4503/bin/sampleJSONPService.json?callback=?';

$.ajax({
url: dataUrl,
dataType: 'jsonp',
success: function(data) {
jQuery('.testData').html('').text(data.test1)
}});
</script>
</body>
</html>


This will provide the response without any issue

test({"test1":"testvalue1","test2":"testvalue2","test3":"testvalue3","test4":"testvalue4"})


CORS Headers


Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. CORS also supports other types(other than GET) of HTTP requests, CORS is supported by most modern web browsers.

The Access-Control-Allow-Origin response header indicates whether the response can be shared with resources with the given origin.

e.g.
Access-Control-Allow-Origin "*"   supports the Cross Origin requests from all domains
Access-Control-Allow-Origin "https://example.com" supports Cross Origin requests only from https://example.com

Enabling Access-Control-Allow-Origin header


The header can be enabled directly in the service response or thorough apache configuration

Though Service response - Add Access-Control-Allow-Origin header with required value in the service response


@SuppressWarnings("serial")
@SlingServlet(
   selectors = "json",
   paths = "/bin/sampleJSONPService",
   methods = "GET")
public class SimpleServlet extends SlingSafeMethodsServlet {
    @Override
    protected void doGet(final SlingHttpServletRequest req,
            final SlingHttpServletResponse resp) throws ServletException, IOException {

Monday, July 9, 2018

How to display custom site specific error(404,403 and 500) pages in multi site Adobe Experience Manager(AEM) setup?

How to display custom site specific error(404,403 and 500) pages in multi site Adobe Experience Manager(AEM) setup?


This post explains the approach to handle custom site specific error handling for Adobe Experience Manager(AEM) sites in a multi site environment

Sling Model to identify the error page:


Create a Sling model ErrorHandlerRequestModel.java in core module withe the below code - This will help to identify the site specific error page path specific to the error code.

package com.errorhandler.core.models;

import com.day.cq.wcm.api.Page;
import com.day.cq.wcm.api.PageManager;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.models.annotations.Default;
import org.apache.sling.models.annotations.Model;
import org.apache.sling.models.annotations.injectorspecific.Self;

import javax.annotation.PostConstruct;
import javax.inject.Inject;

@Model(adaptables = SlingHttpServletRequest.class)
public class ErrorHandlerRequestModel {

    private static final String DEFAULT_ERROR_PAGE = "/content/geometrixx-outdoors";
    private static final String ERROR_CODE_404 = "404";
    private static final int MAX_DEPTH = 2;
    private static final String PATH_SEPERATOR = "/";

    @Self
    private SlingHttpServletRequest slingRequest;

    @Inject
    @Default(values = ERROR_CODE_404)
    private String errorCode;

    private String pagePath;
 
    @PostConstruct
    protected void init() {
    pagePath = DEFAULT_ERROR_PAGE + errorCode;
        final String requestURI = slingRequest.getRequestPathInfo().getResourcePath();
        if (requestURI!=null && !requestURI.equals("")) {
          pagePath = getErrorPageFromRequestedUrl(errorCode, requestURI);
    }
    }

    private String getErrorPageFromRequestedUrl(final String errorCode, final String requestURI) {
        final Page resolvedPage = getPageFromPath(requestURI);
        if (resolvedPage != null) {
            return getErrorPathFromPage(errorCode, resolvedPage);
        }
        return null;
    }

    private Page getPageFromPath(String requestURI) {
        final PageManager pageManager = slingRequest.getResourceResolver().adaptTo(PageManager.class);
        while (requestURI.contains(PATH_SEPERATOR)) {
            Page page = pageManager.getContainingPage(requestURI);
            if (page != null) {
                return page;
            } else {
                requestURI = requestURI.substring(0, requestURI.lastIndexOf(PATH_SEPERATOR));
            }
        }
        return null;
    }

    private String getErrorPathFromPage(final String errorCode, final Page resolvedPage) {
    if (resolvedPage.hasChild(errorCode)) {
        return resolvedPage.getPath() + PATH_SEPERATOR + errorCode;
        }
        if (resolvedPage.getParent() != null && resolvedPage.getDepth() >= MAX_DEPTH) {
            return getErrorPathFromPage(errorCode, resolvedPage.getParent());
        }
        return null;
    }

    public String getPagePath() {
        return pagePath;
    }
}

Configure the DEFAULT_ERROR_PAGE(the content folder in which the default 404, 403 and 500 error pages are available) in the above code  - the error pages that will be displayed if the the site specific 404, 403 and 500 pages are missing.
Add the below instruction into core module pom.xml - to notify the package in which the sling models are available for registration

<Sling-Model-Packages>com.errorhandler.core.models</Sling-Model-Packages>


<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<instructions>                   
<Import-Package>javax.inject;version=0.0.0,*</Import-Package>
<Sling-Model-Packages>com.errorhandler.core.models</Sling-Model-Packages>
</instructions>
</configuration>
</plugin>

Configure Error Handlers:


Create 403.html, 404.html and Exception.html(error handler to handle all the Internal Server Exceptions) under /apps/sling/servlet/errorhandler

aem-error-handler-scripts


Add the below contents to 403.html, 404.html and Exception.html respectively

403.html

<sly data-sly-use.errorPage="${'com.errorhandler.core.models.ErrorHandlerRequestModel'@ errorCode='403'}"/>
<sly data-sly-resource="${errorPage.pagePath}.html"/>

404.html

<sly data-sly-use.responseStatus="apps.sling.servlet.errorhandler.ResponseStatus">
    <sly data-sly-use.errorPage="${'com.errorhandler.core.models.ErrorHandlerRequestModel'@ errorCode='404'}"/>
    <sly data-sly-resource="${errorPage.pagePath}.html"/>
</sly>

Exception.html

<sly data-sly-use.errorPage="${'com.errorhandler.core.models.ErrorHandlerRequestModel'@ errorCode='500'}"/>
<sly data-sly-resource="${errorPage.pagePath}.html"/>


Create ResponseStatus.java under /apps/sling/servlet/errorhandler and add the below content

package apps.sling.servlet.errorhandler;

import com.adobe.cq.sightly.WCMUse;

public class ResponseStatus extends WCMUse {
 
    @Override
    public void activate() throws Exception {
        getResponse().setStatus(404);
    }
}


Configure Error Pages:


Create site specific error files 403, 404 and 500(the files can be created in any level - the minimum depth should be 2 i.e under /content/sitename), the files will be taken based on the level where the exception occurred.

aem-site-specific-error-pages


Exception directly under /content/geometrixx-outdoors consider the error pages under /content/geometrixx-outdoors
Exception under /content/geometrixx-outdoors/en consider the error pages under /content/geometrixx-outdoors/en

Configure the local error pages - 404, 403 and 500 for all the required sites.

Now the user will be displayed the corresponding error file content based on the error code.


This implementation has been tested in AEM 6.2 version.

Monday, July 2, 2018

HTTPS URL is resulting with 404 - Adobe Experience Manager

HTTPS URL is resulting with 404 - Adobe Experience Manager


Recently, we have faced the issue with https URL's, the URL's with masked path (/en/test.html) is not working with https protocol.

However, the unmasked (/content/site/en/test.html) URL is working, also http URL is working without any issues.

Based on our analysis, it looks to be the system is not honoring the /etc/map.publish/https mapping for https request and due to that the content path(without full path - /en/test.html) is not accessible and 404 is displayed

Our case the request is https from browser and the Load Balancer terminate the SSL and forward the request to dispatcher - Load Balancer notify the dispatcher that the initial request is https via header X-Forwarded-Proto (this header value differs based on the load balancer)

The dispatcher send the request to publisher with required headers and publisher consider the request as https based on the above header and match the Resource Mapping accordingly - /etc/map.publish/https

The 404 will be displayed for masked URL's if publisher not able to match the /etc/map.publish/https for incoming request.

How to resolve?


Option1:


  • Match the SSL Filter settings to those expected from the entity where SSL is terminated (Load Balancer). You can check these values forwarded in the dispatcher.log file and make sure they match to those of the SSL Filter. Configure the SSL Filter (Apache Felix Http Service SSL Filter) in Publisher with SSL forward header and value
SSL_Filter_https_aem

  • Allow the following headers in dispatcher farm file /clientheaders section, if /clientheaders section is not set to allow all

          X-Forwarded-Proto (this header value change based on the Load balancer)
               - other known values X-FORWARDED-SSL, X-Forwarded-Protocol and Front-End-Https
          X-Forwarded-Port
  • White list the SSL headers mentioned above in CDN, if CDN is enabled in the flow.

Option2:


Disallow the SSL forward headers in dispatcher farm file /clientheaders section; disallow the following header - X-Forwarded-Proto in /clientheaders section, review the "Apache Felix Http Service SSL Filter" in publisher to identify the exact header value used to identify the forwarded SSL request.

This allow the publisher to consider the request as http and match the /etc/map.publish/http node for incoming requests. 

In cases the SSL is terminated at the Web server, follow the below steps:


At the bottom of the httpd.conf add the following configuration: RequestHeader set X-Forwarded-Port "-1"

Allow the X-Forwarded-Port header in dispatcher farm file if /clientheaders section is not set to allow all 

Wednesday, June 13, 2018

Resolving the issues while migrating the packages between Adobe Experience Manager instances(AEM)

Resolving the issues while migrating the packages between Adobe Experience Manager instances(AEM)


This is a common scenario to migrate the packages between AEM instances, some times we may face issues while building or uploading the big packages.

This post explains the details to resolve the issues observed while building or uploading the big packages between AEM instances

java.io.IOException: No space left on device while building the package:


The "java.io.IOException: No space left on device" error will be thrown while building big packages in AEM server without having sufficient space available in /tmp folder.

java.io.IOException: No space left on device
at java.io.FileOutputStream.writeBytes(Native Method)
at java.io.FileOutputStream.write(FileOutputStream.java:326)
at java.util.zip.DeflaterOutputStream.deflate(DeflaterOutputStream.java:253)
at java.util.zip.DeflaterOutputStream.write(DeflaterOutputStream.java:211)
at java.util.zip.ZipOutputStream.write(ZipOutputStream.java:331)
at org.apache.commons.io.output.ProxyOutputStream.write(ProxyOutputStream.java:90)
at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1793)
at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1769)
at org.apache.commons.io.IOUtils.copy(IOUtils.java:1744)
at org.apache.jackrabbit.vault.fs.io.JarExporter.writeFile(JarExporter.java:128)
at org.apache.jackrabbit.vault.fs.io.AbstractExporter.export(AbstractExporter.java:216)
at org.apache.jackrabbit.vault.fs.io.AbstractExporter.export(AbstractExporter.java:214)
at org.apache.jackrabbit.vault.fs.io.AbstractExporter.export(AbstractExporter.java:214)
at org.apache.jackrabbit.vault.fs.io.AbstractExporter.export(AbstractExporter.java:214)
at org.apache.jackrabbit.vault.fs.io.AbstractExporter.export(AbstractExporter.java:214)
at org.apache.jackrabbit.vault.fs.io.AbstractExporter.export(AbstractExporter.java:214)
at org.apache.jackrabbit.vault.fs.io.AbstractExporter.export(AbstractExporter.java:214)
at org.apache.jackrabbit.vault.fs.io.AbstractExporter.export(AbstractExporter.java:214)
at org.apache.jackrabbit.vault.fs.io.AbstractExporter.export(AbstractExporter.java:214)
at org.apache.jackrabbit.vault.fs.io.AbstractExporter.export(AbstractExporter.java:214)
at org.apache.jackrabbit.vault.fs.io.AbstractExporter.export(AbstractExporter.java:184)
at org.apache.jackrabbit.vault.packaging.impl.PackageManagerImpl.assemble(PackageManagerImpl.java:142)
at org.apache.jackrabbit.vault.packaging.impl.PackageManagerImpl.assemble(PackageManagerImpl.java:96)
at org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.assemble(JcrPackageManagerImpl.java:594)
at org.apache.jackrabbit.vault.packaging.impl.JcrPackageManagerImpl.assemble(JcrPackageManagerImpl.java:574)
at com.day.crx.packaging.impl.J2EEPackageManager.consoleBuild(J2EEPackageManager.java:291)
at com.day.crx.packaging.impl.J2EEPackageManager.doPost(J2EEPackageManager.java:176)
at com.day.crx.packaging.impl.PackageManagerServlet.doPost(PackageManagerServlet.java:156)

no_space_left_on_device_aem_package

Wednesday, May 30, 2018

Exceptions/Issues while configuring SAML Authentication Handler - Adobe Experience Manager(AEM)

Exceptions/Issues while configuring SAML Authentication Handler - Adobe Experience Manager(AEM)


This post explains the Exceptions/Issues received while configuring the SAML authentication handler and the fixes to overcome the issues.

Issue1:


Problem accessing /saml_login. Reason:
com.adobe.granite.keystore.KeyStoreNotInitialisedException: Uninitialised system trust store.

uninitialized-system-trust-store


14.05.2018 11:24:39.988 *WARN* [qtp1134377453-62] org.eclipse.jetty.servlet.ServletHandler /saml_login
com.adobe.granite.keystore.KeyStoreNotInitialisedException: Uninitialised system trust store.
at com.adobe.granite.keystore.internal.KeyStoreServiceImpl.internalGetTrustStore(KeyStoreServiceImpl.java:462)
at com.adobe.granite.keystore.internal.KeyStoreServiceImpl.getTrustStore(KeyStoreServiceImpl.java:151)
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.handleLogin(SamlAuthenticationHandler.java:577)
at com.adobe.granite.auth.saml.SamlAuthenticationHandler.extractCredentials(SamlAuthenticationHandler.java:348)
at org.apache.sling.auth.core.impl.AuthenticationHandlerHolder.doExtractCredentials(AuthenticationHandlerHolder.java:75)
at org.apache.sling.auth.core.impl.AbstractAuthenticationHandlerHolder.extractCredentials(AbstractAuthenticationHandlerHolder.java:60)
at org.apache.sling.auth.core.impl.SlingAuthenticator.getAuthenticationInfo(SlingAuthenticator.java:709)
at org.apache.sling.auth.core.impl.SlingAuthenticator.doHandleSecurity(SlingAuthenticator.java:461)
at org.apache.sling.auth.core.impl.SlingAuthenticator.handleSecurity(SlingAuthenticator.java:446)
at org.apache.sling.engine.impl.SlingHttpContext.handleSecurity(SlingHttpContext.java:121)
at org.apache.felix.http.base.internal.context.ServletContextImpl.handleSecurity(ServletContextImpl.java:339)
at org.apache.felix.http.base.internal.handler.ServletHandler.doHandle(ServletHandler.java:334)
at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:297)
at org.apache.felix.http.base.internal.dispatch.ServletPipeline.handle(ServletPipeline.java:93)
at org.apache.felix.http.base.internal.dispatch.InvocationFilterChain.doFilter(InvocationFilterChain.java:50)
at org.apache.felix.http.base.internal.dispatch.HttpFilterChain.doFilter(HttpFilterChain.java:31)
at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:129)


Problem accessing /saml_login. Reason:
com.adobe.granite.keystore.KeyStoreNotInitialisedException: Uninitialised key store for user authentication-service

Uninitialised-Keystore-authentication-service