403 (Forbidden) error while executing servlet

Avatar

Avatar
Validate 1
Level 2
SonalC
Level 2

Likes

4 likes

Total Posts

9 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile

Avatar
Validate 1
Level 2
SonalC
Level 2

Likes

4 likes

Total Posts

9 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile
SonalC
Level 2

11-03-2017

Hi. My usecase is I want to fetch values from servlet which I am passing through Ajax call. I added a button and using jquery and ajax, I am calling a servlet. But I am getting an error in chrome console

POST http://10.44.42.75:4502/bin/JCRServiceServlet 403 (Forbidden)

 

Can anybody tell me what is wrong? The console is displaying the values of myFirst and myLast variables. Please find my code as below:

 

@SlingServlet(paths = "/bin/JCRServiceServlet", methods = "POST", metatype = true) public class SimpleServlet extends org.apache.sling.api.servlets.SlingAllMethodsServlet { private Logger logger = LoggerFactory.getLogger(this.getClass()); private static final long serialVersionUID = 2598426539166789515L; @Override protected void doPost(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServerException, IOException { try { String myFirst = request.getParameter("myFirst"); String myLast = request.getParameter("myLast"); logger.error("myFirst: " + myFirst); logger.error("myLast: " + myLast); } catch (Exception e) { e.printStackTrace(); } } }

 

 

 

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script> <p data-sly-test="${properties.text}">Text property: ${properties.text}</p> <pre data-sly-use.hello="com.mycompany.example.core.models.HelloWorldModel"> HelloWorldModel says: ${hello.message} </pre> <button type="button" class="button-save">Save</button> <script> $('button').click(function(){ var myFirst= "QWERTYUIOP"; var myLast= "ASDFGHJKL"; console.log(myFirst, myLast); //Use JQuery AJAX request to post data to a Sling Servlet $.ajax({ type: 'POST', url:'/bin/JCRServiceServlet', data:{'myFirst' : myFirst,'myLast' : myLast}, success: function(msg){ alert("Received response from servlet"); } }); }); </script>

Replies

Avatar

Avatar
Validate 1
Level 2
SonalC
Level 2

Likes

4 likes

Total Posts

9 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile

Avatar
Validate 1
Level 2
SonalC
Level 2

Likes

4 likes

Total Posts

9 posts

Correct reply

0 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
View profile
SonalC
Level 2

11-03-2017

If I hit this URL http://10.44.42.75:4502/bin/JCRServiceServlet, I see the below log on page.

 

Method GET not supported Cannot serve request to /bin/JCRServiceServlet in com.mycompany.example.core.servlets.SimpleServlet Request Progress: 0 TIMER_START{Request Processing} 0 COMMENT timer_end format is {<elapsed msec>,<timer name>} <optional message> 1 LOG Method=GET, PathInfo=/bin/JCRServiceServlet 1 TIMER_START{ResourceResolution} 1 TIMER_END{0,ResourceResolution} URI=/bin/JCRServiceServlet resolves to Resource=ServletResource, servlet=com.mycompany.example.core.servlets.SimpleServlet, path=/bin/JCRServiceServlet 1 LOG Resource Path Info: SlingRequestPathInfo: path='/bin/JCRServiceServlet', selectorString='null', extension='null', suffix='null' 1 TIMER_START{ServletResolution} 1 TIMER_START{resolveServlet(ServletResource, servlet=com.mycompany.example.core.servlets.SimpleServlet, path=/bin/JCRServiceServlet)} 1 TIMER_END{0,resolveServlet(ServletResource, servlet=com.mycompany.example.core.servlets.SimpleServlet, path=/bin/JCRServiceServlet)} Using servlet com.mycompany.example.core.servlets.SimpleServlet 1 TIMER_END{0,ServletResolution} URI=/bin/JCRServiceServlet handled by Servlet=com.mycompany.example.core.servlets.SimpleServlet 1 LOG Applying Requestfilters 1 LOG Calling filter: com.adobe.granite.requests.logging.impl.RequestLoggerImpl 1 LOG Calling filter: com.adobe.cq.social.ugcbase.security.impl.SaferSlingPostServlet 1 LOG Calling filter: org.apache.sling.bgservlets.impl.BackgroundServletStarterFilter 1 LOG Calling filter: com.adobe.granite.httpcache.impl.InnerCacheFilter 1 LOG Calling filter: com.day.cq.wcm.designimporter.CanvasPageDeleteRequestFilter 1 LOG Calling filter: com.adobe.cq.history.impl.HistoryRequestFilter 3 LOG Calling filter: com.day.cq.wcm.core.impl.WCMRequestFilter 3 LOG Calling filter: com.adobe.granite.optout.impl.OptOutFilter 3 LOG Calling filter: com.day.cq.theme.impl.ThemeResolverFilter 3 LOG Calling filter: com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet 3 LOG Calling filter: org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter 3 LOG Calling filter: com.day.cq.analytics.provisioning.impl.UserAuthenticationRequestFilter 3 LOG Calling filter: com.adobe.cq.social.commons.cors.CORSAuthenticationFilter 3 LOG Calling filter: com.mycompany.example.core.filters.LoggingFilter 3 LOG Calling filter: com.day.cq.wcm.mobile.core.impl.redirect.RedirectFilter 3 LOG RedirectFilter did not redirect (not redirecting in author mode) 3 LOG Calling filter: com.day.cq.wcm.core.impl.warp.TimeWarpFilter 3 LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter 3 LOG Calling filter: com.day.cq.wcm.core.impl.AuthoringUIModeServiceImpl 4 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter 4 LOG Calling filter: org.apache.sling.security.impl.ContentDispositionFilter 4 LOG Calling filter: com.adobe.granite.csrf.impl.CSRFFilter 4 LOG Calling filter: com.adobe.cq.dam.s7imaging.impl.auth.MemoryTokenAuthHandler 4 LOG Calling filter: com.day.cq.dam.core.impl.servlet.ActivityRecordHandler 4 LOG Calling filter: com.adobe.granite.resourceresolverhelper.impl.ResourceResolverHelperImpl 4 LOG Applying Componentfilters 4 LOG Calling filter: com.day.cq.wcm.core.impl.WCMComponentFilter 4 LOG Calling filter: com.day.cq.wcm.core.impl.WCMDebugFilter 4 LOG Calling filter: com.day.cq.personalization.impl.TargetComponentFilter 4 TIMER_START{com.mycompany.example.core.servlets.SimpleServlet#0} 4 LOG Applying Error filters 4 LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter 4 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter 4 TIMER_START{handleError:status=405} 7 TIMER_END{3,handleError:status=405} Using handler /libs/sling/servlet/errorhandler/default.jsp 10 LOG Found processor for post processing ProcessorConfiguration: {contentTypes=[text/html],order=-1, active=true, valid=true, processErrorResponse=true, pipeline=(generator=Config(type=htmlparser, config={}), transformers=(Config(type=linkchecker, config={}), Config(type=mobile, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-mobile: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), Config(type=mobiledebug, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-mobiledebug: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), Config(type=contentsync, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-contentsync: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), serializer=Config(type=htmlwriter, config={}))} 11 TIMER_END{11,Request Processing} Dumping SlingRequestProgressTracker Entries ApacheSling/2.4 (Apache Tomcat/8.0.30, Java HotSpot(TM) 64-Bit Server VM 1.8.0_92, Linux 2.6.32-573.7.1.el6.x86_64 amd64)

Avatar

Avatar
Validate 10
Level 4
Var
Level 4

Likes

44 likes

Total Posts

113 posts

Correct reply

5 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 25
View profile

Avatar
Validate 10
Level 4
Var
Level 4

Likes

44 likes

Total Posts

113 posts

Correct reply

5 solutions
Top badges earned
Validate 10
Validate 1
Boost 5
Boost 3
Boost 25
View profile
Var
Level 4

11-03-2017

Your method handles POST and the request from the URL will be by default GET try any Chrome plugins like POSTMAN to do the request by POST method to test.

Avatar

Avatar
Boost 5
Level 2
Daniel_H__A__Li
Level 2

Likes

6 likes

Total Posts

24 posts

Correct reply

1 solution
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 1
View profile

Avatar
Boost 5
Level 2
Daniel_H__A__Li
Level 2

Likes

6 likes

Total Posts

24 posts

Correct reply

1 solution
Top badges earned
Boost 5
Boost 3
Boost 1
Applaud 5
Affirm 1
View profile
Daniel_H__A__Li
Level 2

13-03-2017

Hi, Sonal.

A few things come to my mind... Can you please check the following?

  1. Do your POST request has an Authorization header? You are POSTing to author and mostly of the author resources require authentication;
  2. Do your POST request has a Referer header? Sling/AEM has a Referrer Filter and it may be forbidding your request;
  3. Do your POST request has a CSRF-Token header? AEM has a CSRF-Token Filter and it may be forbidding your request.

To be on the safe side, try to use the JQuery library delivered with AEM (cq.jquery clientlib).

Regards,

Daniel.

Avatar

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,410 likes

Total Posts

12,671 posts

Correct reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile

Avatar
Validate 25
Level 10
smacdonald2008
Level 10

Likes

1,410 likes

Total Posts

12,671 posts

Correct reply

2,278 solutions
Top badges earned
Validate 25
Validate 10
Validate 1
Give back 900
Give back 600
View profile
smacdonald2008
Level 10

13-03-2017

Are you using your own version of JQuery or AEM version - that is cq.jquery? When using AJAX to invoke a servlet - always use cq.jquery. 

The default AEM JQuery has a token that lets you perform AJAX operations to AEM. 

Avatar

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,206 likes

Total Posts

6,421 posts

Correct reply

1,148 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile

Avatar
Establish
Community Manager
kautuk_sahni
Community Manager

Likes

1,206 likes

Total Posts

6,421 posts

Correct reply

1,148 solutions
Top badges earned
Establish
Coach
Originator
Contributor 2
Contributor
View profile
kautuk_sahni
Community Manager

14-03-2017

Hi

Please try this:-

1. http://localhost:4502/system/console/configMgr

2. Search for 'Apache Sling Referrer Filter'

3. Remove POST method from the filter. Then you can call your POST method anywhere.

4. Select “Allow Empty”

I hope this would help you.

~kautuk

Avatar

Avatar
Validate 1
Level 7
Jitendra_S_Toma
Level 7

Likes

76 likes

Total Posts

617 posts

Correct reply

84 solutions
Top badges earned
Validate 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile

Avatar
Validate 1
Level 7
Jitendra_S_Toma
Level 7

Likes

76 likes

Total Posts

617 posts

Correct reply

84 solutions
Top badges earned
Validate 1
Give Back 50
Give Back 5
Give Back 3
Give Back 25
View profile
Jitendra_S_Toma
Level 7

29-12-2017

+1 kautuksahni

Avatar

Avatar
Give Back
Level 1
prathameshm8988
Level 1

Like

1 like

Total Posts

1 post

Correct reply

0 solutions
Top badges earned
Give Back
Boost 1
View profile

Avatar
Give Back
Level 1
prathameshm8988
Level 1

Like

1 like

Total Posts

1 post

Correct reply

0 solutions
Top badges earned
Give Back
Boost 1
View profile
prathameshm8988
Level 1

11-07-2020

Can we use this on the Production server also?