Adobe Experience Manager Sites & More

sunily21159739 · 5/2/22

Hi All,

I am using AEM 6.4. One of our external team is trying to redirect on our AEM page and sending data through form action as POST request but our AEM page is not accessible from third party side. Please suggest how can I allow Post request on AEM page from external side.

I have checked the logs, dispatcher is blocking the request and request is not able to reach upto Publisher.

thanks

DEBAL_DAS · 5/3/22

As the dispatcher is blocking the POST request so you need to enable the POST requests

The following example filter allows submitting form data by the POST method:

/filter {
    /0001  { /glob "*" /type "deny" }
    /0002 { /type "allow" /method "POST" /url "/content/[.]*.form.html" }
}

@arunpatidar , I was referring your old reply and you have highlighted one important point

"you can create your servlet with some selectors and allow only those selector requests to avoid other open post request url as well from your project. "

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-dispatcher-post-method...

We need to follow the above step also, correct me.

View solution in original post

arunpatidar · 5/3/22

Please check this https://sourcedcode.com/blog/video-tutorial/how-to-make-simple-http-post-methods-in-aem-with-a-http-...

Arun Patidar

DEBAL_DAS · 5/3/22

As the dispatcher is blocking the POST request so you need to enable the POST requests

The following example filter allows submitting form data by the POST method:

/filter {
    /0001  { /glob "*" /type "deny" }
    /0002 { /type "allow" /method "POST" /url "/content/[.]*.form.html" }
}

@arunpatidar , I was referring your old reply and you have highlighted one important point

"you can create your servlet with some selectors and allow only those selector requests to avoid other open post request url as well from your project. "

https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/aem-dispatcher-post-method...

We need to follow the above step also, correct me.

arunpatidar · 5/3/22

Indeed we have to block all undesired post requests.

Arun Patidar

sunily21159739 · 5/4/22

@DEBAL_DAS @arunpatidar Thanks Arun and Debal for the suggestions. I have updated the configuration on Dispatcher level and added the rule to allow the POST request but I am still not able to access the URL. Now we are getting below error in logs:

"org.apache.sling.security.impl.ReferrerFilter Rejected referrer header for POST request"

Is this error coming because Apache sling Referrer is blocking POST request because of referrer check ?

Can I remove POST method from Filter methods list and check allow empty? But in this case it will allow for all the urls, how can I allow POST request only for one particular URL.

Thanks

DEBAL_DAS · 5/4/22

I will segregate the entire process in two steps.

Step1: we can block all undesired POST requests via dispatcher request and allow the desired one only.

Step2: Make necessary change at Apache sling Referrer Filter to allow that desired POST request to reach AEM.

sunily21159739 · 5/10/22

Hi @DEBAL_DAS : After updating Apache sling Referrer Filter to allow POST request, 403 error gone but now 500 error is coming on Publisher level.

Please suggest:

05.05.2022 12:17:03.421 *ERROR* [10.112.199.8 [1651778223418] POST /content/kDealer/en/kdealersso.html HTTP/1.1] org.apache.sling.servlets.post.impl.operations.ModifyOperation Exception during response processing.

org.apache.sling.api.resource.PersistenceException: Resource at '/content/kDealer/en/kdealersso' is not modifiable.

Thanks

DEBAL_DAS · 5/10/22

Please review this one https://www.albinsblog.com/2016/06/caused-by-orgapacheslingapiresourcepers-resource-is-not-modifiabl...

and give a try.

sunily21159739 · 5/11/22

Hi @DEBAL_DAS

I have checked the link shared by you, but the difference is in our case we have content url not the servlet path. How can I give content path and where, is there any option to add content path to resolve this issue. Any suggestion.

thanks

sunily21159739 · 6/7/22

Thanks @DEBAL_DAS and all .

After debugging and doing research finally I got the solution. Adding the solution if any one else has the same requirements.

My requirement was: " External application is sending the data on form request by POST method through the page url".

There are two parts for this solution:

1) Allow the external domain on "Apache sling referrer filter" section:

This will allow only the external domain to enter your application.

2) Now to successfully receive the value from the external application. I have written one Servlet and this Servlet will convert the POST request into Get request by using the url selector and generate the html page with all the data values sent by external application.

My url is : https://sweb.abcconnect.mydomain.com/en/abcsso.html

Using "postconvertget" selector on url and passing this selector with other value sent through POST request.

URL with selector: https://sweb.abcconnect.mydomain.com/en/abcsso.postconvertget.html

Whenever this above url will hit, it will call the Servlet by the selector "postconvertget".

To generate the HTML response using SlingRequestProcessor and write the response back to the browser.

Now I have all the data value on my servlet level.

To read the value from Servlet to the page level. I am using below request parameter on component level on the page.

<div id="abcGuid" >${request.requestParameterMap['GUID'][0].toString}</div>

Thanks

DilleshKondala · 12/1/22

Hello @sunily21159739 ,

Thanks for the explanation.

Could you please share the entire demo code, it will be more helpful for me.

Thanks in advance!

Adobe Experience Manager Sites & More

Allow Post request on AEM page from external application

Arun Patidar

Arun Patidar

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe