Hi ,
I have been trying to upgrade ACS commons version from 5.3.4 to 6.0.8. After successfully upgrading the version, the dispatcher flush in author is working fine and as expected. But in Publisher flush Error 403 is thrown saying that CSRF token is not present and its invalid. This case is same for the ACS versions 6.0.0 to 6.0.8 where the new UI was introduced. But from version 5.7.0 (previous one of 6.0.0) is working fine without any error. I tried to look into bundle versions while updating, rules of dispatcher and everything looks fine. What can cause this CSRF error for new UI ?
It will be helpful if any perspective is suggested by anyone.
Edit (31/05/2023): I was able to see a null pointer exception while loading dispatcher flush page while is displayed.
[2023-05-31 11:26:13,724][INFO][qtp337051247-2268][log.request] 31/May/2023:11:26:13 +0530 [1262] -> GET /etc/acs-commons/dispatcher-flush/dispatcher-flush.html HTTP/1.1
[2023-05-31 11:26:13,735][ERROR][[0:0:0:0:0:0:0:1] [1685512573724] GET /etc/acs-commons/dispatcher-flush/dispatcher-flush.html HTTP/1.1][org.apache.sling.scripting.sightly.render.ObjectModel] Cannot access method results on object com.adobe.acs.commons.replication.dispatcher.impl.DispatcherFlushModelImpl@1f03504a
java.lang.reflect.InvocationTargetException: null
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
Caused by: java.lang.NullPointerException: null
at java.base/java.util.Objects.requireNonNull(Objects.java:221)
at java.base/java.util.Arrays$ArrayList.<init>(Arrays.java:4323)
at java.base/java.util.Arrays.asList(Arrays.java:4310)
at com.adobe.acs.commons.replication.dispatcher.impl.DispatcherFlushModelImpl.getResults(DispatcherFlushModelImpl.java:82)
The getResults function is:
@Self
private SlingHttpServletRequest request;
@Override
public List<String> getResults() {
return Arrays.asList(StringUtils.split(request.getRequestPathInfo().getSuffix(), "/"));
}
Solved! Go to Solution.
Views
Replies
Total Likes
Hi everyone,
After spending more time on analyzing this issue we found that the Null pointer exception caused the whole issue preventing the code from generating CSRF token which resulted in 403 Error (only in publish ). We have raised issue in official GitHub of ACS commons regarding this and not upgrading the 6.x.x as the issue is same in all 6.x.x versions.
Views
Replies
Total Likes
Hello @Kavin742
If you have separate configs for author and publish, there might be a config thats missing. Please assure that clientheaders, filters and cache are configured for both the farms.
Hello @aanchal-sikka ,
I was able to encountered following error in logs:.
[2023-05-30 14:43:47,327][INFO][qtp844391689-3752][log.request] 30/May/2023:14:43:47 +0530 [1874] -> POST /etc/acs-commons/dispatcher-flush/dispatcher-flush/_jcr_content/configuration.flush.html HTTP/1.1
[2023-05-30 14:43:47,329][INFO][[0:0:0:0:0:0:0:1] [1685438027327] POST /etc/acs-commons/dispatcher-flush/dispatcher-flush/_jcr_content/configuration.flush.html HTTP/1.1][com.adobe.granite.csrf.impl.CSRFFilter] isValidRequest: empty CSRF token - rejecting
[2023-05-30 14:43:47,329][INFO][[0:0:0:0:0:0:0:1] [1685438027327] POST /etc/acs-commons/dispatcher-flush/dispatcher-flush/_jcr_content/configuration.flush.html HTTP/1.1][com.adobe.granite.csrf.impl.CSRFFilter] doFilter: the provided CSRF token is invalid
[2023-05-30 14:43:47,332][ERROR][[0:0:0:0:0:0:0:1] [1685438027327] POST /etc/acs-commons/dispatcher-flush/dispatcher-flush/_jcr_content/configuration.flush.html HTTP/1.1][org.apache.sling.servlets.resolver.internal.SlingServletResolver] Calling the error handler resulted in an error
The request is failing in AEM itself and request is not reaching the dispatcher (in order to check with respect to farm files for config).
But for ACS version 5.3.4 the POST request reaches dispatcher and flush is done as expected
Hello @Kavin742
Can you please try configuring "Apache Sling Referrer Filter" to disable CSRF validation for " /etc/acs-commons/dispatcher-flush/dispatcher-flush/_jcr_content/configuration.flush.html"?
Hi @aanchal-sikka ,
I tried allowing "allow empty" for empty or missing referrer and added "/etc/acs-commons/dispatcher-flush/dispatcher-flush/_jcr_content/configuration.flush.html" to Exclude Regexp User Agent. Still the error is logged as same.
Hi @Kavin742 ,
Can you verify if the "Adobe Granite CSRF Filter" configuration is accurate? Additionally, you can update the "Excluded Paths" section with the dispatcher flush path to skip the CSRF check altogether on the flush request.
Thanks,
Fani
Hi @Fanindra_Surat ,
Yes, the CSRF configuration is same as author. The dispatcher flush in author is working fine while in publish error is thrown. I tried to add the POST requested path to Excluded paths.Still the CSRF error is thrown.
Hi everyone,
After spending more time on analyzing this issue we found that the Null pointer exception caused the whole issue preventing the code from generating CSRF token which resulted in 403 Error (only in publish ). We have raised issue in official GitHub of ACS commons regarding this and not upgrading the 6.x.x as the issue is same in all 6.x.x versions.
Views
Replies
Total Likes