Adobe Experience Manager Sites & More

sagarp14731432 · 05/12/2017

Hi all,

Trying to POST data from a external application does not work due to CSRF token rejection
When the POST SERVLET is hitted from external application we recieve the following error in the log:

POST /apps/tools/components/xsrftest/run.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
POST /apps/tools/components/xsrftest/run.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

How can the external application provide a CSRF token to be that satisfies com.adobe.granite.csrf.impl.CSRFFilter?

In my case the external application is a java project...

NOTE: This error occurred for me when I added authentication for the servlet. But the authentication was working fine for GET method.

Or is it not possible to post data from a external application?

Thanks in advance

abhishekagg19 · 05/12/2017

Here is the sample code to retrieve login token from AEM to make calls to secured servlets.

How to make a http request to get the auth token in AEM · GitHub

Voir la solution dans l'envoi d'origine

smacdonald2008 · 05/12/2017

I found an issue too - so i removed the authentication requirement for my Sling Servlet on Author.

I can successfully post files to a Sling Servlet on Author from a Java app -- see

Scott's Digital Community: Creating Java Swing applications that post files to AEM ClientLibs folder...

smacdonald2008 · 05/12/2017

I suppose if i wanted to use authentication while posting from a Java app - i could modify my HTTP Post logic to use Java code as discussed in this thread:

Http Basic Authentication in Java using HttpClient? - Stack Overflow

BUt to answer your question - yes - its possible to perform POSTS from external apps to AEM Servlet.

abhishekagg19 · 05/12/2017

Here is the sample code to retrieve login token from AEM to make calls to secured servlets.

How to make a http request to get the auth token in AEM · GitHub

VeenaVikraman · 05/12/2017

Hi Sagar

Did you hit the servlet internally using post call and check if this error is not coming for internal calls also ?

Thanks

Veena

sagarp14731432 · 05/12/2017

It will come for internal calls too.. We can add csrf token there like done in below link

https://helpx.adobe.com/experience-manager/using/custom-slin

But my question is how to add csrf token fom outside of AEM frm a external application like java?

smacdonald2008 · 05/12/2017

This should be the same as other Java apps - see this - Managing CSRF Tokens in Apache HttpClient 4.4.x — SimpleNETWORKS

VeenaVikraman · 05/12/2017

No Sagar , Basically the above mentioned error comes in AEM 6.1 and above because of the increased security AEM have provided. From AEM 6.1 any post call needs a CSRF token to be processed by sling, which will be provided by foundation granite client libs. If not you may have to include granite.jquery client library

Please read this and make sure this is not causing your issue The CSRF Protection Framework

VeenaVikraman · 05/12/2017

This one talks about your similar issue. See if any of these solutions helps . This is an unresolved question

Unable to access libs/granite/csrf/token.json from an external application which is not in AEM

sagarp14731432 · 05/12/2017

Thanks Veena I resolved it. Your information was helpful for me to understand

sagarp14731432 · 05/12/2017

Thanks for the solution, it was so much helpful for me.

sagarp14731432 · 05/12/2017

Thank you, I resolved it. Your blog was helpful for me.

Adobe Experience Manager Sites & More

AEM 6.3 : CSRF TOKEN REJECTION : SLING POST SERVLET [ hitting from external application ]

Formation

Documentation

Événements

Communauté

Assistance

Ressources

Compte Adobe

Adobe