How call AEM Servlet in JSP's form tag not via Ajax | Community
Skip to main content
S
sameryadav
New Participant
January 29, 2016
Solved

How call AEM Servlet in JSP's form tag not via Ajax

  • January 29, 2016
  • 15 replies
  • 6924 views

Hi 

We have one senario and created the drop-zone by using the dropzone.js. Now when we are trying to drop the assets in dropzone area then calling AEM servlet via form tag like:

<form method="POST" action="/bin/myServlet" class="dropzone" id="myDropzone" enctype="multipart/form-data"></form>

but getting error message like:

POST:http://localhost:4502/bin/myButtonServlet 403 forbidden

Any Idea? Are we missing anything?

Thanks

Samer

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Kunal_Gaba_

For ideal solution, you should include the following javascript on your page - /etc/clientlibs/granite/jquery/granite/csrf/source/csrf.js. You can include it by doing a standard client library include call in your JSP. 

<cq:includeClientLib js="granite.csrf.standalone"/>

For more details go through this- 

[1] https://docs.adobe.com/docs/en/aem/6-1/develop/security/csrf-protection.html

[2] http://blogs.adobe.com/experiencedelivers/experience-management/clientlibs-explained-example/

15 replies

Show previous replies
Kunal_Gaba_
Kunal_Gaba_
New Participant
January 29, 2016

Do you see any errors in the error.log file when you submit the form ?

    S
    sameryadavAuthor
    New Participant
    January 29, 2016

    Hi Jitendra,

    Yes servlet is registered. we are not adding at root level. we are trying to to drop the assets via dropzone and calling the servlet.

     

    Thanks

    ~S

      S
      sameryadavAuthor
      New Participant
      January 29, 2016

      Hi Kunal,

      Yes I am using 6.1 and I just enabled the check box for CSRFFilter and tried but still getting the same error as in attachment. 

      I am able to call the same servlet via AJAX but getting the error via form tag. As per our senario we need to call it on form tag because as soon as user will drop the assets in to dropzone the form tag automatically will be submitted.

      Thanks

      ~S

        Jitendra_S_Toma
        Jitendra_S_Toma
        New Participant
        January 29, 2016

        Sameer,

        It seems you are posting the data at the root node. And, The logged-in user does not have permission to add/create/update at the root node of the repository.

        Is your servlet registered?.

        Jitendra

          Kunal_Gaba_
          Kunal_Gaba_
          New Participant
          January 29, 2016

          If you are on 6.1 version then I think the POST request is being blocked by the CSRF filter. And to resolve this you should include the CSRF javascript on the page which will automatically inject the CSRF token parameter in your form before submitting it.  You can confirm whether this request is blocked by CSRF or not by disabling the CSRF check on POST request temporarily - http://localhost:4502/system/console/configMgr/com.adobe.granite.csrf.impl.CSRFFilter

          Check the following documentation - https://docs.adobe.com/docs/en/aem/6-1/develop/security/csrf-protection.html

            Terms & ConditionsAccessibility statement

            Loading footer...