Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Override 500 Error from Dispatcher Cloud Service

Avatar

Level 3

Hey guys,

 

I have written an AbstractServlet implementation to handle a variety of different servlet calls (doPost method below). I intend for this servlet to return an error message -- specifically the failureMessage property -- when a 500 is thrown, but instead I am getting the default 500 page (image attached) as the response... On my local dispatcher instance, I was able to bypass this page by setting the status to 499, but said approach is not working in the hosted staging environment (maybe something to do w/ local vs. cloud service setup). Does anybody have any experience writing a similar implementation / dealing with a similar issue? Thanks for any and all insight

Code: 

 

    protected void doPost(@NotNull SlingHttpServletRequest request, @notnull SlingHttpServletResponse response) throws IOException {
        response.setContentType("application/json");
        T requestData = getRequestData(request);
        if (requestData == null || !isValidRequest(requestData)) {
            response.setStatus(HttpServletResponse.SC_EXPECTATION_FAILED);
            response.getWriter().write(new ObjectMapper().writeValueAsString(new ServletError("Expected parameter is missing")));
            return;
        }
        boolean result = performAction(requestData);
        if (result) {
            response.getWriter().write(new ObjectMapper().writeValueAsString(new ServletSuccess(getSuccessMessage())));
        } else {
            response.setStatus(499);
            response.getWriter().write(new ObjectMapper().writeValueAsString(new ServletSuccess(getFailureMessage())));
        }
    }

 

response.PNG

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi @user00928,

Your POST request is being filtered and restricted by the “Apache Sling Referrer Filter” and “Adobe Granite CSRF Filter”. By default, the Apache Sling Referrer Filter blocks any incoming POST requests, and the Adobe Granite CSRF Filter blocks any incoming POST requests without the CSRF-Token token in the header.

You can solve this by following below steps

  • Allow incoming POST request in the Apache Sling Referrer Filter OSGI configurations, and
  • Remove the requirement of the CSRF-Token in the Adobe Granite CSRF Filter OSGI configurations.

Steps:

Configure Apache Sling Referrer Filter:

  1. Enable allow empty
  2. Remove the POST method from filters

In OSGI configurations (http://localhost:4502/system/console/configMgr), locate “Apache Sling Referrer Filter”. Enable the allow empty property, and remove the post method from filters property.

SantoshSai_0-1669587660785.png

Configure Adobe Granite CSRF Filter

  1. Remove the POST method from filters

In OSGI configurations (http://localhost:4502/system/console/configMgr), locate “Adobe Granite CSRF Filter”. Remove the post method from filters property.

SantoshSai_1-1669587660695.png

Note: After making configurations to the two OSGI configurations, you should be able to make a POST request from your HTTP REST Client to your AEM instance.

For production, set Apache Sling Referrer Filter and Adobe Granite CSRF Filter settings back to default. Unless if you are giving access to other servers to make POST requests to your AEM application.

Hope that helps!

Regards,
Santosh

View solution in original post

2 Replies

Avatar

Level 3

Bumping for visibility. Still having trouble

Avatar

Correct answer by
Community Advisor

Hi @user00928,

Your POST request is being filtered and restricted by the “Apache Sling Referrer Filter” and “Adobe Granite CSRF Filter”. By default, the Apache Sling Referrer Filter blocks any incoming POST requests, and the Adobe Granite CSRF Filter blocks any incoming POST requests without the CSRF-Token token in the header.

You can solve this by following below steps

  • Allow incoming POST request in the Apache Sling Referrer Filter OSGI configurations, and
  • Remove the requirement of the CSRF-Token in the Adobe Granite CSRF Filter OSGI configurations.

Steps:

Configure Apache Sling Referrer Filter:

  1. Enable allow empty
  2. Remove the POST method from filters

In OSGI configurations (http://localhost:4502/system/console/configMgr), locate “Apache Sling Referrer Filter”. Enable the allow empty property, and remove the post method from filters property.

SantoshSai_0-1669587660785.png

Configure Adobe Granite CSRF Filter

  1. Remove the POST method from filters

In OSGI configurations (http://localhost:4502/system/console/configMgr), locate “Adobe Granite CSRF Filter”. Remove the post method from filters property.

SantoshSai_1-1669587660695.png

Note: After making configurations to the two OSGI configurations, you should be able to make a POST request from your HTTP REST Client to your AEM instance.

For production, set Apache Sling Referrer Filter and Adobe Granite CSRF Filter settings back to default. Unless if you are giving access to other servers to make POST requests to your AEM application.

Hope that helps!

Regards,
Santosh