403 Forbidden error on get servlet | Community
Skip to main content
B
BenSt10
Level 4
June 1, 2016

403 Forbidden error on get servlet

  • June 1, 2016
  • 1 reply
  • 12028 views

I'm testing a servlet I use to wait for get requests to the createpagewizard.html at a given path that redirects the requests to another directory (it's a news system, so I want new articles to always go in the appropriate year/month path). It works for the specified paths, but on paths higher int he tree, I get a 403 error:

Forbidden Cannot serve request to /mnt/overlay/wcm/core/content/sites/createpagewizard.html/content/uc/news/ in org.apache.sling.servlets.get.DefaultGetServlet Request Progress: 0 TIMER_START{Request Processing} 0 COMMENT timer_end format is {<elapsed msec>,<timer name>} <optional message> 0 LOG Method=GET, PathInfo=/mnt/overlay/wcm/core/content/sites/createpagewizard.html/content/uc/news/ 0 TIMER_START{ResourceResolution} 0 TIMER_END{0,ResourceResolution} URI=/mnt/overlay/wcm/core/content/sites/createpagewizard.html/content/uc/news/ resolves to Resource=MergedResource [path=/mnt/overlay/wcm/core/content/sites/createpagewizard.html/content/uc/news, resources=[Ljava.lang.String;@550aeead] 0 LOG Resource Path Info: SlingRequestPathInfo: path='/mnt/overlay/wcm/core/content/sites/createpagewizard.html/content/uc/news', selectorString='null', extension='null', suffix='/' 0 TIMER_START{ServletResolution} 0 TIMER_START{resolveServlet(/mnt/overlay/wcm/core/content/sites/createpagewizard.html/content/uc/news)} 0 TIMER_END{0,resolveServlet(/mnt/overlay/wcm/core/content/sites/createpagewizard.html/content/uc/news)} Using servlet org.apache.sling.servlets.get.DefaultGetServlet 0 TIMER_END{0,ServletResolution} URI=/mnt/overlay/wcm/core/content/sites/createpagewizard.html/content/uc/news/ handled by Servlet=org.apache.sling.servlets.get.DefaultGetServlet 0 LOG Applying Requestfilters 0 LOG Calling filter: com.adobe.granite.resourceresolverhelper.impl.ResourceResolverHelperImpl 0 LOG Calling filter: org.apache.sling.bgservlets.impl.BackgroundServletStarterFilter 0 LOG Calling filter: org.uc.news.core.filters.UserEditorFilter 0 LOG Calling filter: com.adobe.granite.rest.impl.servlet.ApiResourceFilter 0 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter 0 LOG Calling filter: com.adobe.granite.httpcache.impl.InnerCacheFilter 0 LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter 0 LOG Calling filter: com.adobe.cq.mcm.campaign.servlets.CampaignCopyTracker 0 LOG Calling filter: com.day.cq.wcm.core.impl.WCMRequestFilter 0 LOG Calling filter: com.adobe.cq.history.impl.HistoryRequestFilter 0 LOG Calling filter: com.adobe.granite.optout.impl.OptOutFilter 0 LOG Calling filter: com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet 0 LOG Calling filter: com.adobe.cq.social.commons.cors.CORSAuthenticationFilter 0 LOG Calling filter: com.day.cq.analytics.provisioning.impl.UserAuthenticationRequestFilter 0 LOG Calling filter: org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter 0 LOG Calling filter: com.day.cq.wcm.mobile.core.impl.redirect.RedirectFilter 0 LOG RedirectFilter did not redirect (not redirecting in author mode) 0 LOG Calling filter: com.day.cq.wcm.core.impl.warp.TimeWarpFilter 0 LOG Calling filter: com.day.cq.wcm.core.impl.AuthoringUIModeServiceImpl 0 LOG Calling filter: org.apache.sling.security.impl.ContentDispositionFilter 0 LOG Calling filter: com.adobe.granite.csrf.impl.CSRFFilter 0 LOG Calling filter: com.adobe.granite.requests.logging.impl.RequestLoggerImpl 0 LOG Calling filter: com.day.cq.dam.core.impl.servlet.ActivityRecordHandler 0 LOG Calling filter: com.day.cq.dam.core.impl.assetlinkshare.AdhocAssetShareAuthHandler 0 LOG Calling filter: com.adobe.cq.social.ugcbase.security.impl.SaferSlingPostServlet 0 LOG Applying Componentfilters 0 LOG Calling filter: com.day.cq.wcm.core.impl.WCMComponentFilter 1 LOG Calling filter: com.day.cq.wcm.core.impl.WCMDebugFilter 1 LOG Calling filter: com.day.cq.personalization.impl.TargetComponentFilter 1 TIMER_START{org.apache.sling.servlets.get.DefaultGetServlet#0} 1 LOG Using org.apache.sling.servlets.get.impl.helpers.StreamRendererServlet to render for extension=null 1 LOG Applying Error filters 1 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter 1 LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter 1 TIMER_START{handleError:status=403} 1 TIMER_END{0,handleError:status=403} Using handler /libs/sling/servlet/errorhandler/default.jsp 2 LOG Found processor for post processing ProcessorConfiguration: {contentTypes=[text/html], order=-1, active=true, valid=true, processErrorResponse=true, pipeline=(generator=Config(type=htmlparser, config={}), transformers=(Config(type=linkchecker, config={}), Config(type=mobile, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-mobile: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), Config(type=mobiledebug, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-mobiledebug: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), Config(type=contentsync, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-contentsync: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), serializer=Config(type=htmlwriter, config={}))} 3 TIMER_END{3,Request Processing} Dumping SlingRequestProgressTracker Entries

I've seen reports of this with POST servlets where it was a CSRF issue, but not GET servlet. Nothing comes up in my error logs. I've included the whole source for the servlet below (minus imports to come within length constraints):

//TODO regex like [0-9]{4} instead of the year hardcoded? @Component(metatype = true) @Service(Servlet.class) @Properties({ @Property(name = "sling.servlet.methods", value = "GET"), @Property(name = "sling.servlet.paths", value = { "/libs/wcm/core/content/sites/createpagewizard.html/content/uc/news/articles", "/libs/wcm/core/content/sites/createpagewizard.html/content/uc/news/articles/2016" }) }) public class CreationServlet extends SlingSafeMethodsServlet { private static final long serialVersionUID = 3044360007999929023L; private static final Logger log = LoggerFactory.getLogger(CreationServlet.class); @Reference private ResourceResolverFactory resolverFactory; @Override protected void doGet(final SlingHttpServletRequest req, final SlingHttpServletResponse resp) throws ServletException, IOException { try { final ResourceResolver rr = resolverFactory.getAdministrativeResourceResolver(null); final PageManager pm = rr.adaptTo(PageManager.class); boolean hasYearPart = false; String[] path = req.getPathInfo().split("/"); if(path[path.length-1].length() == 4) hasYearPart = true; // check if there is a page at /content/uc/news/articles/YYYY/MM // (for the current year and month), create them if not, then // redirect to a page creation under there Date d = new Date(); SimpleDateFormat ysdf = new SimpleDateFormat("yyyy"); SimpleDateFormat msdf = new SimpleDateFormat("MM"); String yearpart = ysdf.format(d); // gets something like 2016 String monthpart = msdf.format(d); // gets something like 01 String baseurl = "/content/uc/news/articles"; String template = "/conf/news/settings/wcm/templates/news-portal"; Resource articleRes = rr.resolve(baseurl); Page yearPage = null; Page monthPage = null; if(articleRes.getChild(yearpart) != null) yearPage = articleRes.getChild(yearpart).adaptTo(Page.class); if (yearPage == null) { yearPage = pm.create(baseurl, yearpart, template, yearpart); rr.commit(); } if(articleRes.getChild(yearpart) != null && articleRes.getChild(yearpart).getChild(monthpart) != null) monthPage = articleRes.getChild(yearpart).getChild(monthpart).adaptTo(Page.class); if (monthPage == null) { monthPage = pm.create(baseurl + "/" + yearpart, monthpart, template, monthpart); rr.commit(); } if(hasYearPart) resp.sendRedirect(yearpart + "/" + monthpart); else resp.sendRedirect("articles/" + yearpart + "/" + monthpart); } catch (Exception e) { resp.getWriter().println(e); for(StackTraceElement ln : e.getStackTrace()) resp.getWriter().println(ln); } } }

The only thing I can think is happening is something with the lowerlevel funtionality of the servlet resolver, but the note from the sling documentation: "A servlet using this property might be ignored unless its path is included in the Execution Paths (servletresolver.paths) configuration setting of the SlingServletResolver service." doesn't seem to apply in this case. I'm using a servler elsewhere at /bin/news/articles (and /bin/news/articles.rss and .json) with no issues--perhaps this is a problem because there is a servlet listening at  /mnt/overlay/wcm/core/content/sites/createpagewizard.html already?

Any help is appreciated. Thanks

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

1 reply

L
leeasling
Level 8
June 1, 2016

You have your servlet restricted to 2 paths, so the path that you're trying to use will be a 403 because you haven't allowed access to it.

@Property(name = "sling.servlet.paths", value = { "/libs/wcm/core/content/sites/createpagewizard.html/content/uc/news/articles", "/libs/wcm/core/content/sites/createpagewizard.html/content/uc/news/articles/2016" })

If you want to add access to the location you're trying, modify to this

@Property(name = "sling.servlet.paths", value = { "/libs/wcm/core/content/sites/createpagewizard.html/content/uc/news" })

And that covers all of the paths.

B
BenSt10Author
Level 4
June 1, 2016

Sorry, perhaps I wasn't being clear.

I only want the srevet to run on those 2 paths, everything else should fall back to whatever other servlet was running on the default for the page creation wizard.

I make plenty of there Get requests (inclusing creating pages under /content/geometrix...) for example that are served up just fine, so I'm not really clear on what's happening for this set of paths

B
BenSt10Author
Level 4
June 2, 2016

The only other thing I would change is that you're using the resource resolver factory to create another resource resolver.  You already have a resource resolver on the SlingHttpServletRequest (request.getResourceResolver()) - if you use this resource resolver, it will ensure that only people with the appropriate permissions can create articles.

If you insist on using an administrative resource resolver, i highly recommend adding a "finally" clause to your try/catch and close the resource resolver.


Thanks--I can use the resolver on the request, since users in my authors group will have creation rights under /articles.

Terms & ConditionsAccessibility statement

Loading footer...