Expand my Community achievements bar.

403 (Forbidden) error while executing servlet

Avatar

Former Community Member

Hi. My usecase is I want to fetch values from servlet which I am passing through Ajax call. I added a button and using jquery and ajax, I am calling a servlet. But I am getting an error in chrome console

POST http://10.44.42.75:4502/bin/JCRServiceServlet 403 (Forbidden)

 

Can anybody tell me what is wrong? The console is displaying the values of myFirst and myLast variables. Please find my code as below:

 

@SlingServlet(paths = "/bin/JCRServiceServlet", methods = "POST", metatype = true) public class SimpleServlet extends org.apache.sling.api.servlets.SlingAllMethodsServlet { private Logger logger = LoggerFactory.getLogger(this.getClass()); private static final long serialVersionUID = 2598426539166789515L; @Override protected void doPost(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServerException, IOException { try { String myFirst = request.getParameter("myFirst"); String myLast = request.getParameter("myLast"); logger.error("myFirst: " + myFirst); logger.error("myLast: " + myLast); } catch (Exception e) { e.printStackTrace(); } } }

 

 

 

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script> <p data-sly-test="${properties.text}">Text property: ${properties.text}</p> <pre data-sly-use.hello="com.mycompany.example.core.models.HelloWorldModel"> HelloWorldModel says: ${hello.message} </pre> <button type="button" class="button-save">Save</button> <script> $('button').click(function(){ var myFirst= "QWERTYUIOP"; var myLast= "ASDFGHJKL"; console.log(myFirst, myLast); //Use JQuery AJAX request to post data to a Sling Servlet $.ajax({ type: 'POST', url:'/bin/JCRServiceServlet', data:{'myFirst' : myFirst,'myLast' : myLast}, success: function(msg){ alert("Received response from servlet"); } }); }); </script>
7 Replies

Avatar

Former Community Member

If I hit this URL http://10.44.42.75:4502/bin/JCRServiceServlet, I see the below log on page.

 

Method GET not supported Cannot serve request to /bin/JCRServiceServlet in com.mycompany.example.core.servlets.SimpleServlet Request Progress: 0 TIMER_START{Request Processing} 0 COMMENT timer_end format is {<elapsed msec>,<timer name>} <optional message> 1 LOG Method=GET, PathInfo=/bin/JCRServiceServlet 1 TIMER_START{ResourceResolution} 1 TIMER_END{0,ResourceResolution} URI=/bin/JCRServiceServlet resolves to Resource=ServletResource, servlet=com.mycompany.example.core.servlets.SimpleServlet, path=/bin/JCRServiceServlet 1 LOG Resource Path Info: SlingRequestPathInfo: path='/bin/JCRServiceServlet', selectorString='null', extension='null', suffix='null' 1 TIMER_START{ServletResolution} 1 TIMER_START{resolveServlet(ServletResource, servlet=com.mycompany.example.core.servlets.SimpleServlet, path=/bin/JCRServiceServlet)} 1 TIMER_END{0,resolveServlet(ServletResource, servlet=com.mycompany.example.core.servlets.SimpleServlet, path=/bin/JCRServiceServlet)} Using servlet com.mycompany.example.core.servlets.SimpleServlet 1 TIMER_END{0,ServletResolution} URI=/bin/JCRServiceServlet handled by Servlet=com.mycompany.example.core.servlets.SimpleServlet 1 LOG Applying Requestfilters 1 LOG Calling filter: com.adobe.granite.requests.logging.impl.RequestLoggerImpl 1 LOG Calling filter: com.adobe.cq.social.ugcbase.security.impl.SaferSlingPostServlet 1 LOG Calling filter: org.apache.sling.bgservlets.impl.BackgroundServletStarterFilter 1 LOG Calling filter: com.adobe.granite.httpcache.impl.InnerCacheFilter 1 LOG Calling filter: com.day.cq.wcm.designimporter.CanvasPageDeleteRequestFilter 1 LOG Calling filter: com.adobe.cq.history.impl.HistoryRequestFilter 3 LOG Calling filter: com.day.cq.wcm.core.impl.WCMRequestFilter 3 LOG Calling filter: com.adobe.granite.optout.impl.OptOutFilter 3 LOG Calling filter: com.day.cq.theme.impl.ThemeResolverFilter 3 LOG Calling filter: com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet 3 LOG Calling filter: org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter 3 LOG Calling filter: com.day.cq.analytics.provisioning.impl.UserAuthenticationRequestFilter 3 LOG Calling filter: com.adobe.cq.social.commons.cors.CORSAuthenticationFilter 3 LOG Calling filter: com.mycompany.example.core.filters.LoggingFilter 3 LOG Calling filter: com.day.cq.wcm.mobile.core.impl.redirect.RedirectFilter 3 LOG RedirectFilter did not redirect (not redirecting in author mode) 3 LOG Calling filter: com.day.cq.wcm.core.impl.warp.TimeWarpFilter 3 LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter 3 LOG Calling filter: com.day.cq.wcm.core.impl.AuthoringUIModeServiceImpl 4 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter 4 LOG Calling filter: org.apache.sling.security.impl.ContentDispositionFilter 4 LOG Calling filter: com.adobe.granite.csrf.impl.CSRFFilter 4 LOG Calling filter: com.adobe.cq.dam.s7imaging.impl.auth.MemoryTokenAuthHandler 4 LOG Calling filter: com.day.cq.dam.core.impl.servlet.ActivityRecordHandler 4 LOG Calling filter: com.adobe.granite.resourceresolverhelper.impl.ResourceResolverHelperImpl 4 LOG Applying Componentfilters 4 LOG Calling filter: com.day.cq.wcm.core.impl.WCMComponentFilter 4 LOG Calling filter: com.day.cq.wcm.core.impl.WCMDebugFilter 4 LOG Calling filter: com.day.cq.personalization.impl.TargetComponentFilter 4 TIMER_START{com.mycompany.example.core.servlets.SimpleServlet#0} 4 LOG Applying Error filters 4 LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter 4 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter 4 TIMER_START{handleError:status=405} 7 TIMER_END{3,handleError:status=405} Using handler /libs/sling/servlet/errorhandler/default.jsp 10 LOG Found processor for post processing ProcessorConfiguration: {contentTypes=[text/html],order=-1, active=true, valid=true, processErrorResponse=true, pipeline=(generator=Config(type=htmlparser, config={}), transformers=(Config(type=linkchecker, config={}), Config(type=mobile, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-mobile: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), Config(type=mobiledebug, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-mobiledebug: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), Config(type=contentsync, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-contentsync: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), serializer=Config(type=htmlwriter, config={}))} 11 TIMER_END{11,Request Processing} Dumping SlingRequestProgressTracker Entries ApacheSling/2.4 (Apache Tomcat/8.0.30, Java HotSpot(TM) 64-Bit Server VM 1.8.0_92, Linux 2.6.32-573.7.1.el6.x86_64 amd64)

Avatar

Level 5
Level 5

Your method handles POST and the request from the URL will be by default GET try any Chrome plugins like POSTMAN to do the request by POST method to test.

Avatar

Level 2

Hi, Sonal.

A few things come to my mind... Can you please check the following?

  1. Do your POST request has an Authorization header? You are POSTing to author and mostly of the author resources require authentication;
  2. Do your POST request has a Referer header? Sling/AEM has a Referrer Filter and it may be forbidding your request;
  3. Do your POST request has a CSRF-Token header? AEM has a CSRF-Token Filter and it may be forbidding your request.

To be on the safe side, try to use the JQuery library delivered with AEM (cq.jquery clientlib).

Regards,

Daniel.

Avatar

Level 10

Are you using your own version of JQuery or AEM version - that is cq.jquery? When using AJAX to invoke a servlet - always use cq.jquery. 

The default AEM JQuery has a token that lets you perform AJAX operations to AEM. 

Avatar

Administrator

Hi

Please try this:-

1. http://localhost:4502/system/console/configMgr

2. Search for 'Apache Sling Referrer Filter'

3. Remove POST method from the filter. Then you can call your POST method anywhere.

4. Select “Allow Empty”

I hope this would help you.

~kautuk



Kautuk Sahni