CSRF Import Issue for AEM Maven Project | Community
Skip to main content
BinaryAlchemy11
BinaryAlchemy11
New Participant
March 4, 2025

CSRF Import Issue for AEM Maven Project

  • March 4, 2025
  • 3 replies
  • 1131 views

Hi,

 

I am trying to implement CSRF token for the form servlet, however I am getting error of "The import com.adobe.granite.csrf cannot be resolvedJava(268435846)" in the servlet.

 

I have added the dependency to the main pom.xml file:

           <dependency>
                <groupId>com.adobe.granite</groupId>
                <artifactId>com.adobe.granite.csrf</artifactId>
                <version>1.0.20</version>
                <scope>provided</scope>
            </dependency>
 
As well as added in the pom.xml file for core:
 
           <plugin>
                <groupId>org.apache.felix</groupId>
                <artifactId>maven-bundle-plugin</artifactId>
                <extensions>true</extensions>
                <configuration>
                    <instructions>
                        <Import-Package>
                            com.adobe.granite.csrf*;resolution:=optional,
                            org.apache.sling.xss*;version="[2.0,3)",
                            org.apache.sling.api*,
                            org.osgi.service.component.annotations*,
                            *
                        </Import-Package>
                    </instructions>
                </configuration>
            </plugin>
 
 Upon checking on bundles the bundle for the com.adobe.granite.csrf also seems active.
 

 

3 replies

kautuk_sahni
kautuk_sahni
Employee
March 5, 2025

@binaryalchemy11 Did you find the suggestion helpful? Please let us know if you need more information. If a response worked, kindly mark it as correct for posterity; alternatively, if you found a solution yourself, we’d appreciate it if you could share it with the community. Thank you!

Kautuk Sahni
Tethich
Tethich
New Participant
March 5, 2025

Hi @binaryalchemy11 

 

If you go in your local AEM server folder, in the /luanchpad/felix folder, then lookup for bundleXYZ, where XYZ is the ID of the bundle, which in you case is 245, you will find a bundle.jar file. If you look inside the jar, you will see 3 classes:

If these are what you are looking for ? I don't see any com.adobe.granite.csrf.CSRFService.

    BinaryAlchemy11
    BinaryAlchemy11Author
    New Participant
    March 10, 2025

    Oh okay that makes sense. Do you have an example of how you might have used CSRF validation for the form servlet? 

    konstantyn_diachenko
    konstantyn_diachenko
    New Participant
    March 4, 2025

    Hi @binaryalchemy11,

     

    Unfortunately, this com.adobe.granite.csrf package is not exported by any OSGi bundle. You can check it in via /system/console/depfinder and package or class name.

     

    In the provided screenshot you can see that this bundle doesn't export desired package. That's why you can't import it in your bundle.

     

    I'd suggest to create own implementation of CSRF service.

     

    Best regards,

    Kostiantyn Diachenko.

    Kostiantyn DiachenkoCheck out AEM VLT Intellij plugin
      BinaryAlchemy11
      BinaryAlchemy11Author
      New Participant
      March 4, 2025

      This is what I have in depfinder:

      Do you have a sample example on creating own implementation of CSRF service?

      Or the best practice to validate forms post request in servlet for CSRF attacks?

       

      konstantyn_diachenko
      konstantyn_diachenko
      New Participant
      March 4, 2025

      As far as I know CSRF protection is enabled for forms by default.

       

      Read this documentation:

      https://experienceleague.adobe.com/en/docs/experience-manager-learn/cloud-service/developing/advanced/csrf-protection

      https://experienceleague.adobe.com/en/docs/experience-manager-65/content/implementing/developing/introduction/csrf-protection 

      https://experienceleague.adobe.com/en/docs/experience-manager-dispatcher/using/configuring/configuring-dispatcher-to-prevent-csrf?lang=en

       

      In addition, you can check the following OSGi configurations that manage CSRF token:
      Adobe Granite CSRF Servlet

      Adobe Granite CSRF Filter

       

      Best regards,

      Kostiantyn Diachenko.

      Kostiantyn DiachenkoCheck out AEM VLT Intellij plugin
        Terms & ConditionsAccessibility statement

        Loading footer...