AEM 6.3 : CSRF TOKEN REJECTION : SLING POST SERVLET [ hitting from external application ] | Community
Skip to main content
sagarp14731432
sagarp14731432
New Participant
December 5, 2017
Solved

AEM 6.3 : CSRF TOKEN REJECTION : SLING POST SERVLET [ hitting from external application ]

  • December 5, 2017
  • 11 replies
  • 8883 views

Hi all,

Trying to POST data from a external application does not work due to CSRF token rejection
When the POST SERVLET is hitted from external application we recieve the following error in the log:

POST /apps/tools/components/xsrftest/run.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
POST /apps/tools/components/xsrftest/run.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

How can the external application provide a CSRF token to be that satisfies com.adobe.granite.csrf.impl.CSRFFilter?

In my case the external application is a java project...

NOTE: This error occurred for me when I added authentication for the servlet. But the authentication was working fine for GET method.

Or is it not possible to post data from a external application?

Thanks in advance

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by abhishekagg19

Here is the sample code to retrieve login token from AEM to make calls to secured servlets.

How to make a http request to get the auth token in AEM · GitHub

11 replies

sagarp14731432
sagarp14731432Author
New Participant
December 6, 2017

Thank you, I resolved it. Your blog was helpful for me.

sagarp14731432
sagarp14731432Author
New Participant
December 6, 2017

Thanks for the solution, it was so much helpful for me.

sagarp14731432
sagarp14731432Author
New Participant
December 6, 2017

Thanks Veena I resolved it. Your information was helpful for me to understand

VeenaVikraman
VeenaVikraman
New Participant
December 5, 2017

This one talks about your similar issue. See if any of these solutions helps . This is an unresolved question

Unable to access libs/granite/csrf/token.json from an external application which is not in AEM

VeenaVikraman
VeenaVikraman
New Participant
December 5, 2017

No Sagar , Basically the above mentioned error comes in AEM 6.1 and above because of the increased security AEM have provided. From AEM 6.1 any post call needs a CSRF token to be processed by sling, which will be provided by foundation granite client libs. If not you may have to include granite.jquery client library

Please read this and make sure this is not causing your issue The CSRF Protection Framework

smacdonald2008
smacdonald2008
New Participant
December 5, 2017

This should be the same as other Java apps - see this - Managing CSRF Tokens in Apache HttpClient 4.4.x — SimpleNETWORKS

sagarp14731432
sagarp14731432Author
New Participant
December 5, 2017

It will come for internal calls too.. We can add csrf token there like done in below link

https://helpx.adobe.com/experience-manager/using/custom-slin

But my question is how to add csrf token fom outside of AEM frm a external application like java?

VeenaVikraman
VeenaVikraman
New Participant
December 5, 2017

Hi Sagar

     Did you hit the servlet internally using post call and check if this error is not coming for internal calls also ?

Thanks

Veena

A
abhishekagg19Accepted solution
Employee
December 5, 2017

Here is the sample code to retrieve login token from AEM to make calls to secured servlets.

How to make a http request to get the auth token in AEM · GitHub

smacdonald2008
smacdonald2008
New Participant
December 5, 2017

I suppose if i wanted to use authentication while posting from a Java app - i could modify my HTTP Post logic to use Java code as discussed in this thread:

Http Basic Authentication in Java using HttpClient? - Stack Overflow

BUt to answer your question - yes - its possible to perform POSTS from external apps to AEM Servlet.

Show more replies
Terms & ConditionsAccessibility statement

Loading footer...