Adobe Experience Manager Sites & More

satheeshraj · 02/11/2015

Hi,

When I use Servlet-api-3.0.jar in cq5 version 5.6.1 I'm getting the below error. Please help me to resolve it.

Error:

30.10.2015 14:46:43.212 *ERROR* [0:0:0:0:0:0:0:1 [1446196603208] POST /system/console/bundles/325 HTTP/1.1] cqse-httpservice %bundles.pluginTitle: Cannot start (org.osgi.framework.BundleException: Unresolved constraint in bundle com.ceb.webcq-bundle [325]: Unable to resolve 325.24: missing requirement [325.24] osgi.wiring.package; (&(osgi.wiring.package=javax.servlet)(version>=3.0.0)(!(version>=4.0.0)))) org.osgi.framework.BundleException: Unresolved constraint in bundle com.ceb.webcq-bundle [325]: Unable to resolve 325.24: missing requirement [325.24] osgi.wiring.package; (&(osgi.wiring.package=javax.servlet)(version>=3.0.0)(!(version>=4.0.0)))
   at org.apache.felix.framework.Felix.resolveBundleRevision(Felix.java:3962)
   at org.apache.felix.framework.Felix.startBundle(Felix.java:2025)
   at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:955)
   at org.apache.felix.framework.BundleImpl.start(BundleImpl.java:942)
   at org.apache.felix.webconsole.internal.core.BundlesServlet.doPost(BundlesServlet.java:364)

Regards,

Satheeshraj V

kautuk_sahni · 05/11/2015

Hi

Please find below the reference article to create httponly cookies on 2.5:

Link:- http://stackoverflow.com/questions/13147113/setting-an-httponly-cookie-with-javax-servlet-2-5

//

You are right, manually setting header is the right way to achive your goal.

You can also use javax.ws.rs.core.NewCookie or any other class with useful toString method to print cookie to a header to make things more simple.

public static String getHttpOnlyCookieHeader(Cookie cookie) {NewCookie newCookie = new NewCookie(cookie.getName(), cookie.getValue(),cookie.getPath(), cookie.getDomain(), cookie.getVersion(),cookie.getComment(), cookie.getMaxAge(), cookie.getSecure());return newCookie + "; HttpOnly";}

And the usage:

response.setHeader("SET-COOKIE", getHttpOnlyCookieHeader(myOriginalCookie));

OR

public void addCookie(String cookieName, String cookieValue, Integer maxAge, HttpServletResponse response) {Cookie cookie = new Cookie(cookieName, cookieValue);cookie.setPath("; HttpOnly;");cookie.setSecure(isSecureCookie);cookie.setMaxAge(maxAge);response.addCookie(cookie);}

I hope this would act as some help to you.

Thanks and Regards

Kautuk Sahni

Ver solução na publicação original

smacdonald2008 · 02/11/2015

For 5.6 - try using the Servlet JAR specified in this article - it works fine:

https://helpx.adobe.com/experience-manager/using/custom-sling-servlets.html

satheeshraj · 02/11/2015

Servlep-api-2.5.jar is working properly for me. But i need to upgrade it from 2.5 to 3.0. So when I replace the Servlep-api-2.5.jar to Servlep-api-3.0.jar I'm getting the error.

edubey · 02/11/2015

I guess, you might not be able to because 3.0 may not be compatible with AEM 5.6.1. I'll check this

Any specific reason for upgrade ?

satheeshraj · 03/11/2015

I need servlet-api-3.0.jar to use setHttpOnly() method available cookie object.

edubey · 03/11/2015

Take a look at https://www.owasp.org/index.php/HttpOnly#Using_Java_to_Set_HttpOnly.

It talks about a workaround which you can use in old jar

kautuk_sahni · 05/11/2015

Hi

Please find below the reference article to create httponly cookies on 2.5:

Link:- http://stackoverflow.com/questions/13147113/setting-an-httponly-cookie-with-javax-servlet-2-5

//

You are right, manually setting header is the right way to achive your goal.

You can also use javax.ws.rs.core.NewCookie or any other class with useful toString method to print cookie to a header to make things more simple.

public static String getHttpOnlyCookieHeader(Cookie cookie) {NewCookie newCookie = new NewCookie(cookie.getName(), cookie.getValue(),cookie.getPath(), cookie.getDomain(), cookie.getVersion(),cookie.getComment(), cookie.getMaxAge(), cookie.getSecure());return newCookie + "; HttpOnly";}

And the usage:

response.setHeader("SET-COOKIE", getHttpOnlyCookieHeader(myOriginalCookie));

OR

public void addCookie(String cookieName, String cookieValue, Integer maxAge, HttpServletResponse response) {Cookie cookie = new Cookie(cookieName, cookieValue);cookie.setPath("; HttpOnly;");cookie.setSecure(isSecureCookie);cookie.setMaxAge(maxAge);response.addCookie(cookie);}