Adobe Experience Manager Sites & More

sagarp14731432 · 12/5/17

Hi all,

Trying to POST data from a external application does not work due to CSRF token rejection
When the POST SERVLET is hitted from external application we recieve the following error in the log:

POST /apps/tools/components/xsrftest/run.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
POST /apps/tools/components/xsrftest/run.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

How can the external application provide a CSRF token to be that satisfies com.adobe.granite.csrf.impl.CSRFFilter?

In my case the external application is a java project...

NOTE: This error occurred for me when I added authentication for the servlet. But the authentication was working fine for GET method.

Or is it not possible to post data from a external application?

Thanks in advance

abhishekagg19 · 12/5/17

Here is the sample code to retrieve login token from AEM to make calls to secured servlets.

How to make a http request to get the auth token in AEM · GitHub

View solution in original post

smacdonald2008 · 12/5/17

I found an issue too - so i removed the authentication requirement for my Sling Servlet on Author.

I can successfully post files to a Sling Servlet on Author from a Java app -- see

Scott's Digital Community: Creating Java Swing applications that post files to AEM ClientLibs folder...

smacdonald2008 · 12/5/17

I suppose if i wanted to use authentication while posting from a Java app - i could modify my HTTP Post logic to use Java code as discussed in this thread:

Http Basic Authentication in Java using HttpClient? - Stack Overflow

BUt to answer your question - yes - its possible to perform POSTS from external apps to AEM Servlet.

abhishekagg19 · 12/5/17

Here is the sample code to retrieve login token from AEM to make calls to secured servlets.

How to make a http request to get the auth token in AEM · GitHub

VeenaVikraman · 12/5/17

Hi Sagar

Did you hit the servlet internally using post call and check if this error is not coming for internal calls also ?

Thanks

Veena

sagarp14731432 · 12/5/17

It will come for internal calls too.. We can add csrf token there like done in below link

https://helpx.adobe.com/experience-manager/using/custom-slin

But my question is how to add csrf token fom outside of AEM frm a external application like java?

smacdonald2008 · 12/5/17

This should be the same as other Java apps - see this - Managing CSRF Tokens in Apache HttpClient 4.4.x — SimpleNETWORKS

VeenaVikraman · 12/5/17

No Sagar , Basically the above mentioned error comes in AEM 6.1 and above because of the increased security AEM have provided. From AEM 6.1 any post call needs a CSRF token to be processed by sling, which will be provided by foundation granite client libs. If not you may have to include granite.jquery client library

Please read this and make sure this is not causing your issue The CSRF Protection Framework

VeenaVikraman · 12/5/17

This one talks about your similar issue. See if any of these solutions helps . This is an unresolved question

Unable to access libs/granite/csrf/token.json from an external application which is not in AEM

sagarp14731432 · 12/5/17

Thanks Veena I resolved it. Your information was helpful for me to understand

sagarp14731432 · 12/5/17

Thanks for the solution, it was so much helpful for me.

sagarp14731432 · 12/5/17

Thank you, I resolved it. Your blog was helpful for me.

Adobe Experience Manager Sites & More

AEM 6.3 : CSRF TOKEN REJECTION : SLING POST SERVLET [ hitting from external application ]

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe