Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Allow Post request on AEM page from external application

Avatar

Level 3

Hi All,

I am using AEM 6.4. One of our external team is trying to redirect on our AEM page and sending data through form action as POST request but our AEM page is not accessible from third party side. Please suggest how can I allow Post request on AEM page from external side.

I have checked the logs, dispatcher is blocking the request and request is not able to reach upto Publisher.

 

thanks

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

As the dispatcher is blocking the POST request so you need to enable the POST requests

The following example filter allows submitting form data by the POST method:

/filter {
    /0001  { /glob "*" /type "deny" }
    /0002 { /type "allow" /method "POST" /url "/content/[.]*.form.html" }
}

@arunpatidar , I was referring your old reply and you have highlighted one important point

"you can create your servlet with some selectors and allow only those selector requests to avoid other open post request url as well from your project. "

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-dispatcher-post-method...

 

We need to follow the above step also, correct me.

View solution in original post

10 Replies

Avatar

Correct answer by
Employee Advisor

As the dispatcher is blocking the POST request so you need to enable the POST requests

The following example filter allows submitting form data by the POST method:

/filter {
    /0001  { /glob "*" /type "deny" }
    /0002 { /type "allow" /method "POST" /url "/content/[.]*.form.html" }
}

@arunpatidar , I was referring your old reply and you have highlighted one important point

"you can create your servlet with some selectors and allow only those selector requests to avoid other open post request url as well from your project. "

 

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-dispatcher-post-method...

 

We need to follow the above step also, correct me.

Avatar

Community Advisor

Indeed we have to block all undesired post requests.



Arun Patidar

Avatar

Level 3

@DEBAL_DAS @arunpatidar Thanks Arun and Debal for the suggestions. I have updated the configuration on Dispatcher level and added the rule to allow the POST request but I am still not able to access the URL. Now we are getting below error in logs:

"org.apache.sling.security.impl.ReferrerFilter Rejected referrer header for POST request"

 

 Is this error coming because Apache sling Referrer is blocking POST request because of referrer check ?

Can I remove POST method from Filter methods list and check allow empty? But in this case it will allow for all the urls, how can I allow POST request only for one particular URL.

 

Thanks

Avatar

Employee Advisor

I will segregate the entire process in two steps.

Step1: we can block all undesired POST requests via dispatcher request and allow the desired one only.

Step2: Make necessary change at Apache sling Referrer Filter to allow that desired POST request to reach AEM.

Avatar

Level 3

Hi @DEBAL_DAS : After updating Apache sling Referrer Filter to allow POST request, 403 error gone but now 500 error is coming on Publisher level.

Please suggest:

05.05.2022 12:17:03.421 *ERROR* [10.112.199.8 [1651778223418] POST /content/kDealer/en/kdealersso.html HTTP/1.1] org.apache.sling.servlets.post.impl.operations.ModifyOperation Exception during response processing.

org.apache.sling.api.resource.PersistenceException: Resource at '/content/kDealer/en/kdealersso' is not modifiable.

 

Thanks

Avatar

Level 3

Hi @DEBAL_DAS 

I have checked the link shared by you, but the difference is in our case we have content url not the servlet path. How can I give content path and where, is there any option to add content path to resolve this issue. Any suggestion.

 

thanks

Avatar

Level 3

Thanks @DEBAL_DAS and all .

After debugging and doing research finally I got the solution. Adding the solution if any one else has the same requirements.

My requirement was: " External application is sending the data on form request by POST method  through the page url".

There are two parts for this solution:

1) Allow the external domain on  "Apache sling referrer filter"  section:

sunily21159739_1-1654641304239.png

 

This will allow only the external domain to enter your application. 

2) Now to successfully receive the value from the external application. I have written one Servlet and this Servlet will convert the POST request into Get request by using the url selector and generate the html page with all the data values sent by external application.

My url is : https://sweb.abcconnect.mydomain.com/en/abcsso.html

Using "postconvertget" selector on url and passing this selector with other value sent through POST request.

URL with selector: https://sweb.abcconnect.mydomain.com/en/abcsso.postconvertget.html

Whenever this above url will hit, it will call the Servlet by the selector "postconvertget".

 

To generate the HTML response using SlingRequestProcessor and  write the response back to the browser.

Now I have all the data value on my servlet level. 

To read the value from Servlet to the page level. I am using below request parameter on component level on the page.

<div id="abcGuid" >${request.requestParameterMap['GUID'][0].toString}</div>

 

 

Thanks

 

Avatar

Level 1

Hello @sunily21159739 ,

Thanks for the explanation.

Could you please share the entire demo code, it will be more helpful for me. 

Thanks in advance!