CQ5 author instance and Apache

Here at a customer site, we have a CQ application deployed into “/” context root (as usual) of weblogic 9.2 alongside other functional web apps. All of this sites behind Apache httpd which serves some html files as well as reverse proxies to weblogic based on some urls.

Generally there’s no problem in this except that in this case, when accessing from apache the “/” it serves its htdocs directory so we are not able to login to cq. When logging into CQ, the login form POSTs to http://admin:admin@<server>/?sling:authRequestLogin=1 which needs to be proxied to CQ’s / instead of Apache’s htdocs. As apache is serving its content, no CQ filter is fired.

If we make the weblogic-handler module to come in action for “/” we loose all the apache content. As well, we cannot move all the apache content into CQ.

So the problem is how do we make Apache to use weblogic handler only for a particular URL and query string? We’ve come to a solution combining both Apache configs and some crx node creation.

First, the apache configs:

<LocationMatch "^/(content|libs|siteadmin|apps|bin|home|etc|welcome|var|tmp|cf|useradmin|damadmin|miscadmin|workflow|tagging|inbox|cqauthurl)">
SetHandler weblogic-handler
</LocationMatch>

This sets all the urls in the LocationMatch to be handled by weblogic-handler to proxy to CQ.

As you may have noticed we are dealing with a /cqauthurl that is not a CQ url. We need to use Content Explorer to create the node /cqauthurl (nt:unstructured). This will avoid a 404.

The add the following rewrite rule in Apache configs; as general or within the location should make no difference:

RewriteRule ^/cqlogin$ /libs/cq/core/content/login.html?resource=/siteadmin [R]
RewriteCond %{QUERY_STRING}  ^sling:authRequestLogin=1$
RewriteRule (.*) /cqauthurl [PT]

The first line will allow the user to bookmark a simple url like http://<server>/cqlogin. When accessing this url there will be a redirect onto the CQ’s Login.

The second and third lines tells apache: when on the query string there’s sling:authRequestLogin=1 then rewrite to /cqauthurl.

This lets the user’s login go through to CQ and caches the basic auth credentials for all paths under http://author-server:port/

CQ Site admin needs to be accessed via http://author-server:port/siteadmin instead of the root context.