Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Post servlet giving 403 forbidden error during post ajax call

Avatar

Level 4

Hi Team,

Hope you are doing great.

 

Can you please me to resolve 403 error during post servlet call 

Forbidden

Cannot serve request to /bin/servlets/job-apply on this server


Apache Sling

import Vue from 'vue';
import Axios from "axios";

if(document.getElementById("job-details")){

var app = new Vue({
el: '#job-listing',
data:{
jobList: [],
},

mounted(){
const now = new Date();
var origin = location.origin;
var URL = origin+"/bin/servlets/job-apply";
const config = {
headers: {
"Content-Type": "application/json; charset=utf-8"
}
}
Axios.post(URL, config)
.then(response =>{
this.jobList = response.data;
console.log(this.jobList,'bhagchand saini')
});
},
})
}
 
 

package com.ranosys.website.core.servlets;

import java.io.IOException;

import javax.servlet.Servlet;
import javax.servlet.ServletException;

import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.HttpConstants;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.osgi.framework.Constants;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.ranosys.website.core.services.SalesforceHttpService;

/**

*
* This method makes an HTTP call send data to salesforce
*
*/
@component(service = Servlet.class, property = { Constants.SERVICE_DESCRIPTION + "=HTTP servlet",
"sling.servlet.methods=" + HttpConstants.METHOD_POST, "sling.servlet.paths=" + "/bin/servlets/job-apply" })
public class SalesforceJobApply extends SlingAllMethodsServlet {

/**
* Generated serialVersionUid
*/
private static final long serialVersionUID = -2014397651676211439L;

/**
* Logger
*/
private static final Logger log = LoggerFactory.getLogger(SalesforceJobApply.class);

@reference
private SalesforceHttpService httpService;

/**
* Overridden doPost() method
*/
@Override
protected void doPost(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException, IOException{
log.error("---------basfhdsaggsaddshj----------");
try {
log.info("---------basfhdsaggsaddshj----------");
//response.getWriter().println(jsonResponse2);

} catch (Exception e) {

log.error(e.getMessage(), e);
}
}

}

 

Can you please anyone help on this

 

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
14 Replies

Avatar

Employee Advisor

Could you please try the below one -

 

To make this form submission process operational on AEM instance I have added servlet path via

http://<aem-instance>:port/system/console/configMgr

DEBAL_DAS_0-1650975046500.png

 

Please use your servlet path: /bin/servlets/job-apply in above configuration and let me know.

Avatar

Level 4

Not able to see this configuration on my local 

can you please help Screenshot from 2022-04-26 18-45-59.png

Avatar

Employee Advisor

Please access localhost:4502/system/console/configMgr and the search Adobe Granite CSRF filter.

Avatar

Employee Advisor

From the screenshot it looks like '/' is missing. Value should be /bin/servlets/job-apply

Avatar

Level 4

Screenshot from 2022-04-27 08-31-03.png

still same, I am using AEM as CS

Can you please help me on this.
Thanks

Avatar

Correct answer by
Employee Advisor

Avatar

Employee Advisor

Hi @bhagchand ,

I think @DEBAL_DAS has noted it right, the "/" is missing in the literal starting, please append the same and try.

Please paste the following value :

/bin/servlets/job-apply

Thanks.

Avatar

Level 1

Hi all,

Make all the changes in the configuration as mentioned in https://sourcedcode.com/blog/video-tutorial/how-to-make-simple-http-post-methods-in-aem-with-a-http-...

Still getting 403 forbidden error while masking POST request to the servlet from other domain, also added the domain name of the application from which our servlet is getting called in allow origin in the Adobe Granite Cross Origin Resource Shairing Policy configuration. Remove POST from filter methods in Adobe Granite CSRF Filter configuration and added servlet path in excluded path of this configuration. 

 

can anyone please help on this

Avatar

Level 4

@bhagchand 

Simple way to debug this is go to you error.log file and search for your endpoint or name of servlet API. There you can see why the request is failing. Mostly it will be 

com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting

 Then you can add your servlet path in excluded path then it will work.

 

If issue is not with CSRF then you can actual issue in error.log

Avatar

Level 4

If this is a CSRF filter issue then I think the best way to handle this is by following Adobe's recommendation - by generating a CSRF token while submitting a POST request (for authenticated users).

 

Please check the logs as @Uppari_Ramesh mentioned & if you see CSRF related error messages then please follow the steps in this link: https://experienceleague.adobe.com/docs/experience-manager-learn/cloud-service/developing/advanced/c...

 

Note: In some cases your CDN might block the token generation, which needs whitelisting. Also the above link is under cloud service, so not sure if it works for non-cloud as well. Hope this helps.