How call AEM Servlet in JSP's form tag not via Ajax | Community
Skip to main content
S
sameryadav
New Participant
January 29, 2016
Solved

How call AEM Servlet in JSP's form tag not via Ajax

  • January 29, 2016
  • 15 replies
  • 6924 views

Hi 

We have one senario and created the drop-zone by using the dropzone.js. Now when we are trying to drop the assets in dropzone area then calling AEM servlet via form tag like:

<form method="POST" action="/bin/myServlet" class="dropzone" id="myDropzone" enctype="multipart/form-data"></form>

but getting error message like:

POST:http://localhost:4502/bin/myButtonServlet 403 forbidden

Any Idea? Are we missing anything?

Thanks

Samer

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Kunal_Gaba_

For ideal solution, you should include the following javascript on your page - /etc/clientlibs/granite/jquery/granite/csrf/source/csrf.js. You can include it by doing a standard client library include call in your JSP. 

<cq:includeClientLib js="granite.csrf.standalone"/>

For more details go through this- 

[1] https://docs.adobe.com/docs/en/aem/6-1/develop/security/csrf-protection.html

[2] http://blogs.adobe.com/experiencedelivers/experience-management/clientlibs-explained-example/

15 replies

Jitendra_S_Toma
Jitendra_S_Toma
New Participant
January 29, 2016

Check out more usefull docs...

Jitendra

    Kunal_Gaba_
    Kunal_Gaba_Accepted solution
    New Participant
    January 29, 2016

    For ideal solution, you should include the following javascript on your page - /etc/clientlibs/granite/jquery/granite/csrf/source/csrf.js. You can include it by doing a standard client library include call in your JSP. 

    <cq:includeClientLib js="granite.csrf.standalone"/>

    For more details go through this- 

    [1] https://docs.adobe.com/docs/en/aem/6-1/develop/security/csrf-protection.html

    [2] http://blogs.adobe.com/experiencedelivers/experience-management/clientlibs-explained-example/

      S
      sameryadavAuthor
      New Participant
      January 29, 2016

      Hi Kunal

       just remove the CSRF configuration temporarily and POST entry and checked it is working. For ideal solution do you have any sample  like to pass the token or user related information. 

      Hi Opkar,

      Yes, the test user logged in and trying to use the page inside AEM and trying to call the servlet

      Thanks

      ~S

        smacdonald2008
        smacdonald2008
        New Participant
        January 29, 2016

        Hi Samer - are you following a online doc for this. Can you point me there if so. 

        Mani_kumar_
        Mani_kumar_
        New Participant
        January 29, 2016
        Hi Can you please check all the annotations related to the servlet and check any exception is throwing in the logs
          Kunal_Gaba_
          Kunal_Gaba_
          New Participant
          January 29, 2016

          Yes I agree. Thats why in my first answer, I suggested to remove this configuration temporarily to check whether the request is indeed blocked by CSRF or not. The ideal solution is to include the CSRF javascript on the form page which passes the token along with the form data. 

            O
            ogill
            Employee
            January 29, 2016

            kunal23 wrote...

            Also,  instead of checking the checkbox in the CSRF configuration you should just remove the POST string from the Filter methods by clicking on the minus button.  

            Even for local development this shouldn't be recommended incase this config flows through to production. CSRF only comes into play for authenticated users. Is your test user logged in?

              kautuk_sahni
              kautuk_sahni
              Employee
              January 29, 2016

              Hi

              Please have a look at the post, it is almost synonymous to problem.

              Link 1:- http://tiku.io/questions/4120715/cq5-403-forbidden-occurs-when-call-a-post-servlet

              //CQ: 403 Forbidden occurs when call a Post servlet

              As mentioned at http://sling.apache.org/documentation/the-sling-engine/servlets.html, a servlet using the sling.servlet.paths property might be ignored unless its path is included in the Execution Paths (servletresolver.paths) configuration setting of the SlingServletResolver service. You should find that configuration at /system/console/configMgr/org.apache.sling.servlets.resolver.SlingServletResolver .

              In your case I suppose the /bin/mySearchServlet path is not included in that configuration parameter and causes CQ to return a 403 status. If that's right you can either add your path there (assuming you understand the security implications) or mount your servlets on one of the paths that's configured there.

              Note that it's best to avoid mounting servlet on paths if possible, creating a resource at the desired path is preferred as mentioned on that documentation page.

               

              Link 2:- https://forums.adobe.com/thread/1120136?tstart=0

              //

              it is enough if you are using this kind of annotation like in your example code - maybe better is to used instead of "POST" selector some other name for it

               

              @Component(immediate = true, metatype = false, label = "QuestionnaireServlet")

                 @Service

                 @Properties(value = {

                                  @org.apache.felix.scr.annotations.Property(name = "sling.servlet.methods", value = { "POST" }),

                                  @org.apache.felix.scr.annotations.Property(name = "sling.servlet.resourceTypes", value = { "sling/servlet/default" }),

                                  @org.apache.felix.scr.annotations.Property(name = "sling.servlet.selectors", value = { "POST" }),

                                  @org.apache.felix.scr.annotations.Property(name = "sling.servlet.extensions", value = { "html" })

                 })

               

              if you want to check if your servlet is registered, try to open Apache Felix Console, expand a bundle and there you should have listed your servlet as a service

               

              About B

              this node should not exists in the repository

              Please also delete bundle form the Apache Felix Console and try to install it again and see if the servlet will be registered as a service

               

              I hope this would help you.

              Thanks and Regards

              Kautuk Sahni    

              Kautuk Sahni
              Jitendra_S_Toma
              Jitendra_S_Toma
              New Participant
              January 29, 2016

              May I have error.log & your servlet code which returns forbidden message to the caller. By the way, When do you return forbidden response from the servlet?. Is it something on catch block?.

              Jitendra

                Kunal_Gaba_
                Kunal_Gaba_
                New Participant
                January 29, 2016

                Also,  instead of checking the checkbox in the CSRF configuration you should just remove the POST string from the Filter methods by clicking on the minus button.  

                  Show more replies
                  Terms & ConditionsAccessibility statement

                  Loading footer...