Level 2

Solved

AEM 6.3 : CSRF TOKEN REJECTION : SLING POST SERVLET [ hitting from external application ]

Forum|Forum|8 years ago
December 5, 2017
11 replies
8885 views

Hi all,

Trying to POST data from a external application does not work due to CSRF token rejection
When the POST SERVLET is hitted from external application we recieve the following error in the log:

POST /apps/tools/components/xsrftest/run.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
POST /apps/tools/components/xsrftest/run.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

How can the external application provide a CSRF token to be that satisfies com.adobe.granite.csrf.impl.CSRFFilter?

In my case the external application is a java project...

NOTE: This error occurred for me when I added authentication for the servlet. But the authentication was working fine for GET method.

Or is it not possible to post data from a external application?

Thanks in advance

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by abhishekagg19

Here is the sample code to retrieve login token from AEM to make calls to secured servlets.

How to make a http request to get the auth token in AEM · GitHub

smacdonald2008

Level 10

I found an issue too - so i removed the authentication requirement for my Sling Servlet on Author.

I can successfully post files to a Sling Servlet on Author from a Java app -- see

Scott's Digital Community: Creating Java Swing applications that post files to AEM ClientLibs folders

smacdonald2008

Level 10

I suppose if i wanted to use authentication while posting from a Java app - i could modify my HTTP Post logic to use Java code as discussed in this thread:

Http Basic Authentication in Java using HttpClient? - Stack Overflow

BUt to answer your question - yes - its possible to perform POSTS from external apps to AEM Servlet.

A

abhishekagg19

Accepted solution

Adobe Employee

Here is the sample code to retrieve login token from AEM to make calls to secured servlets.

How to make a http request to get the auth token in AEM · GitHub

VeenaVikraman

Community Advisor

Hi Sagar

Did you hit the servlet internally using post call and check if this error is not coming for internal calls also ?

Thanks

Veena

sagarp14731432Author

Level 2

It will come for internal calls too.. We can add csrf token there like done in below link

https://helpx.adobe.com/experience-manager/using/custom-slin

But my question is how to add csrf token fom outside of AEM frm a external application like java?

smacdonald2008

Level 10

This should be the same as other Java apps - see this - Managing CSRF Tokens in Apache HttpClient 4.4.x — SimpleNETWORKS

VeenaVikraman

Community Advisor

No Sagar , Basically the above mentioned error comes in AEM 6.1 and above because of the increased security AEM have provided. From AEM 6.1 any post call needs a CSRF token to be processed by sling, which will be provided by foundation granite client libs. If not you may have to include granite.jquery client library

Please read this and make sure this is not causing your issue The CSRF Protection Framework