Highlighted

403 (Forbidden) error while executing servlet

Avatar

Avatar

SonalC

Avatar

SonalC

SonalC

11-03-2017

Hi. My usecase is I want to fetch values from servlet which I am passing through Ajax call. I added a button and using jquery and ajax, I am calling a servlet. But I am getting an error in chrome console

POST http://10.44.42.75:4502/bin/JCRServiceServlet 403 (Forbidden)

 

Can anybody tell me what is wrong? The console is displaying the values of myFirst and myLast variables. Please find my code as below:

 

@SlingServlet(paths = "/bin/JCRServiceServlet", methods = "POST", metatype = true) public class SimpleServlet extends org.apache.sling.api.servlets.SlingAllMethodsServlet { private Logger logger = LoggerFactory.getLogger(this.getClass()); private static final long serialVersionUID = 2598426539166789515L; @Override protected void doPost(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServerException, IOException { try { String myFirst = request.getParameter("myFirst"); String myLast = request.getParameter("myLast"); logger.error("myFirst: " + myFirst); logger.error("myLast: " + myLast); } catch (Exception e) { e.printStackTrace(); } } }

 

 

 

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script> <p data-sly-test="${properties.text}">Text property: ${properties.text}</p> <pre data-sly-use.hello="com.mycompany.example.core.models.HelloWorldModel"> HelloWorldModel says: ${hello.message} </pre> <button type="button" class="button-save">Save</button> <script> $('button').click(function(){ var myFirst= "QWERTYUIOP"; var myLast= "ASDFGHJKL"; console.log(myFirst, myLast); //Use JQuery AJAX request to post data to a Sling Servlet $.ajax({ type: 'POST', url:'/bin/JCRServiceServlet', data:{'myFirst' : myFirst,'myLast' : myLast}, success: function(msg){ alert("Received response from servlet"); } }); }); </script>

Replies

Highlighted

Avatar

Avatar

SonalC

Avatar

SonalC

SonalC

11-03-2017

If I hit this URL http://10.44.42.75:4502/bin/JCRServiceServlet, I see the below log on page.

 

Method GET not supported Cannot serve request to /bin/JCRServiceServlet in com.mycompany.example.core.servlets.SimpleServlet Request Progress: 0 TIMER_START{Request Processing} 0 COMMENT timer_end format is {<elapsed msec>,<timer name>} <optional message> 1 LOG Method=GET, PathInfo=/bin/JCRServiceServlet 1 TIMER_START{ResourceResolution} 1 TIMER_END{0,ResourceResolution} URI=/bin/JCRServiceServlet resolves to Resource=ServletResource, servlet=com.mycompany.example.core.servlets.SimpleServlet, path=/bin/JCRServiceServlet 1 LOG Resource Path Info: SlingRequestPathInfo: path='/bin/JCRServiceServlet', selectorString='null', extension='null', suffix='null' 1 TIMER_START{ServletResolution} 1 TIMER_START{resolveServlet(ServletResource, servlet=com.mycompany.example.core.servlets.SimpleServlet, path=/bin/JCRServiceServlet)} 1 TIMER_END{0,resolveServlet(ServletResource, servlet=com.mycompany.example.core.servlets.SimpleServlet, path=/bin/JCRServiceServlet)} Using servlet com.mycompany.example.core.servlets.SimpleServlet 1 TIMER_END{0,ServletResolution} URI=/bin/JCRServiceServlet handled by Servlet=com.mycompany.example.core.servlets.SimpleServlet 1 LOG Applying Requestfilters 1 LOG Calling filter: com.adobe.granite.requests.logging.impl.RequestLoggerImpl 1 LOG Calling filter: com.adobe.cq.social.ugcbase.security.impl.SaferSlingPostServlet 1 LOG Calling filter: org.apache.sling.bgservlets.impl.BackgroundServletStarterFilter 1 LOG Calling filter: com.adobe.granite.httpcache.impl.InnerCacheFilter 1 LOG Calling filter: com.day.cq.wcm.designimporter.CanvasPageDeleteRequestFilter 1 LOG Calling filter: com.adobe.cq.history.impl.HistoryRequestFilter 3 LOG Calling filter: com.day.cq.wcm.core.impl.WCMRequestFilter 3 LOG Calling filter: com.adobe.granite.optout.impl.OptOutFilter 3 LOG Calling filter: com.day.cq.theme.impl.ThemeResolverFilter 3 LOG Calling filter: com.day.cq.wcm.foundation.forms.impl.FormsHandlingServlet 3 LOG Calling filter: org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter 3 LOG Calling filter: com.day.cq.analytics.provisioning.impl.UserAuthenticationRequestFilter 3 LOG Calling filter: com.adobe.cq.social.commons.cors.CORSAuthenticationFilter 3 LOG Calling filter: com.mycompany.example.core.filters.LoggingFilter 3 LOG Calling filter: com.day.cq.wcm.mobile.core.impl.redirect.RedirectFilter 3 LOG RedirectFilter did not redirect (not redirecting in author mode) 3 LOG Calling filter: com.day.cq.wcm.core.impl.warp.TimeWarpFilter 3 LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter 3 LOG Calling filter: com.day.cq.wcm.core.impl.AuthoringUIModeServiceImpl 4 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter 4 LOG Calling filter: org.apache.sling.security.impl.ContentDispositionFilter 4 LOG Calling filter: com.adobe.granite.csrf.impl.CSRFFilter 4 LOG Calling filter: com.adobe.cq.dam.s7imaging.impl.auth.MemoryTokenAuthHandler 4 LOG Calling filter: com.day.cq.dam.core.impl.servlet.ActivityRecordHandler 4 LOG Calling filter: com.adobe.granite.resourceresolverhelper.impl.ResourceResolverHelperImpl 4 LOG Applying Componentfilters 4 LOG Calling filter: com.day.cq.wcm.core.impl.WCMComponentFilter 4 LOG Calling filter: com.day.cq.wcm.core.impl.WCMDebugFilter 4 LOG Calling filter: com.day.cq.personalization.impl.TargetComponentFilter 4 TIMER_START{com.mycompany.example.core.servlets.SimpleServlet#0} 4 LOG Applying Error filters 4 LOG Calling filter: org.apache.sling.rewriter.impl.RewriterFilter 4 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter 4 TIMER_START{handleError:status=405} 7 TIMER_END{3,handleError:status=405} Using handler /libs/sling/servlet/errorhandler/default.jsp 10 LOG Found processor for post processing ProcessorConfiguration: {contentTypes=[text/html],order=-1, active=true, valid=true, processErrorResponse=true, pipeline=(generator=Config(type=htmlparser, config={}), transformers=(Config(type=linkchecker, config={}), Config(type=mobile, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-mobile: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), Config(type=mobiledebug, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-mobiledebug: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), Config(type=contentsync, config=JcrPropertyMap [node=Node[NodeDelegate{tree=/libs/cq/config/rewriter/default/transformer-contentsync: { jcr:primaryType = nt:unstructured, component-optional = true}}], values={jcr:primaryType=nt:unstructured, component-optional=true}]), serializer=Config(type=htmlwriter, config={}))} 11 TIMER_END{11,Request Processing} Dumping SlingRequestProgressTracker Entries ApacheSling/2.4 (Apache Tomcat/8.0.30, Java HotSpot(TM) 64-Bit Server VM 1.8.0_92, Linux 2.6.32-573.7.1.el6.x86_64 amd64)
Highlighted

Avatar

Avatar

Var

Avatar

Var

Var

11-03-2017

Your method handles POST and the request from the URL will be by default GET try any Chrome plugins like POSTMAN to do the request by POST method to test.

Highlighted

Avatar

Avatar

Daniel_H__A__Li

Avatar

Daniel_H__A__Li

Daniel_H__A__Li

13-03-2017

Hi, Sonal.

A few things come to my mind... Can you please check the following?

  1. Do your POST request has an Authorization header? You are POSTing to author and mostly of the author resources require authentication;
  2. Do your POST request has a Referer header? Sling/AEM has a Referrer Filter and it may be forbidding your request;
  3. Do your POST request has a CSRF-Token header? AEM has a CSRF-Token Filter and it may be forbidding your request.

To be on the safe side, try to use the JQuery library delivered with AEM (cq.jquery clientlib).

Regards,

Daniel.

Highlighted

Avatar

Avatar

smacdonald2008

Total Posts

(val/1000)?string[".0"]}K

Likes

(val/1000)?string[".0"]}K

Correct Answer

(val/1000)?string[".0"]}K

Avatar

smacdonald2008

Total Posts

(val/1000)?string[".0"]}K

Likes

(val/1000)?string[".0"]}K

Correct Answer

(val/1000)?string[".0"]}K
smacdonald2008

13-03-2017

Are you using your own version of JQuery or AEM version - that is cq.jquery? When using AJAX to invoke a servlet - always use cq.jquery. 

The default AEM JQuery has a token that lets you perform AJAX operations to AEM. 

Highlighted

Avatar

Avatar

kautuk_sahni

Community Manager

Total Posts

(val/1000)?string[".0"]}K

Likes

954

Correct Answer

(val/1000)?string[".0"]}K

Avatar

kautuk_sahni

Community Manager

Total Posts

(val/1000)?string[".0"]}K

Likes

954

Correct Answer

(val/1000)?string[".0"]}K
kautuk_sahni
Community Manager

14-03-2017

Hi

Please try this:-

1. http://localhost:4502/system/console/configMgr

2. Search for 'Apache Sling Referrer Filter'

3. Remove POST method from the filter. Then you can call your POST method anywhere.

4. Select “Allow Empty”

I hope this would help you.

~kautuk

Highlighted

Avatar

Avatar

Jitendra_S_Toma

Avatar

Jitendra_S_Toma

Jitendra_S_Toma

29-12-2017

+1 kautuksahni

Highlighted

Avatar

Avatar

prathameshm8988

Avatar

prathameshm8988

prathameshm8988

11-07-2020

Can we use this on the Production server also?