Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

AEM 6.3 : CSRF TOKEN REJECTION : SLING POST SERVLET [ hitting from external application ]

Avatar

Level 2

Hi all,

Trying to POST data from a external application does not work due to CSRF token rejection
When the POST SERVLET is hitted from external application we recieve the following error in the log:

POST /apps/tools/components/xsrftest/run.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter isValidRequest: empty CSRF token - rejecting
POST /apps/tools/components/xsrftest/run.html HTTP/1.1] com.adobe.granite.csrf.impl.CSRFFilter doFilter: the provided CSRF token is invalid

How can the external application provide a CSRF token to be that satisfies com.adobe.granite.csrf.impl.CSRFFilter?

In my case the external application is a java project...

NOTE: This error occurred for me when I added authentication for the servlet. But the authentication was working fine for GET method.

Or is it not possible to post data from a external application?

Thanks in advance

1 Accepted Solution

Avatar

Correct answer by
Employee

Here is the sample code to retrieve login token from AEM to make calls to secured servlets.

How to make a http request to get the auth token in AEM · GitHub

View solution in original post

11 Replies

Avatar

Level 10

I found an issue too - so i removed the authentication requirement for my Sling Servlet on Author.

I can successfully post files to a Sling Servlet on Author from a Java app -- see

Scott's Digital Community: Creating Java Swing applications that post files to AEM ClientLibs folder...

Avatar

Level 10

I suppose if i wanted to use authentication while posting from a Java app - i could modify my HTTP Post logic to use Java code as discussed in this thread:

Http Basic Authentication in Java using HttpClient? - Stack Overflow

BUt to answer your question - yes - its possible to perform POSTS from external apps to AEM Servlet.

Avatar

Correct answer by
Employee

Here is the sample code to retrieve login token from AEM to make calls to secured servlets.

How to make a http request to get the auth token in AEM · GitHub

Avatar

Community Advisor

Hi Sagar

     Did you hit the servlet internally using post call and check if this error is not coming for internal calls also ?

Thanks

Veena

Avatar

Level 2

It will come for internal calls too.. We can add csrf token there like done in below link

https://helpx.adobe.com/experience-manager/using/custom-slin

But my question is how to add csrf token fom outside of AEM frm a external application like java?

Avatar

Community Advisor

No Sagar , Basically the above mentioned error comes in AEM 6.1 and above because of the increased security AEM have provided. From AEM 6.1 any post call needs a CSRF token to be processed by sling, which will be provided by foundation granite client libs. If not you may have to include granite.jquery client library

Please read this and make sure this is not causing your issue The CSRF Protection Framework

Avatar

Community Advisor

This one talks about your similar issue. See if any of these solutions helps . This is an unresolved question

Unable to access libs/granite/csrf/token.json from an external application which is not in AEM

Avatar

Level 2

Thanks Veena I resolved it. Your information was helpful for me to understand

Avatar

Level 2

Thanks for the solution, it was so much helpful for me.

Avatar

Level 2

Thank you, I resolved it. Your blog was helpful for me.