Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.
SOLVED

Simple Webservice in AEM not accessible - Authentication Failure

Avatar

Level 3

Hello,

AEM Version: 6.1

I have a simple SlingServlet which returns a string on /GET at path /bin/getstring

This AEM is hosted at, for example, http://custom-host.com:4502

Now, an external frontend application is not been able to sent GET requests to this service and looking at the network logs, I receive 403 Forbidden.

As I understand, the login-cookie is not created by the external frontend application and hence  403 is thrown. Is there a possibility of a workaround here for an external frontend application to call the AEM based custom servlet?

1 Accepted Solution

Avatar

Correct answer by
Administrator

Hi

Add "@Property(name = "sling.auth.requirements", value = "-/bin/mySearchServlet")" This results in the Sling Servlet not requiring authentication. 

Link:- https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html (sling.auth.requirements)

OR

if you call it from external client (another website or REST client plugin...) CQ security filter will be triggered to prevent your action then return 403 error to remove this please follow these steps:

1/ http://localhost:4502/system/console/configMgr
2/ Search for 'Apache Sling Referrer Filter'
3/ Remove POST method from the filter. Then you can call your POST method anywhere.

 

Another Reference Links:- https://aem6solutions.wordpress.com/2015/06/19/apache-sling-referrer-filter/

I hope this would help you.

Thanks and Regards

Kautuk Sahni



Kautuk Sahni

View solution in original post

2 Replies

Avatar

Correct answer by
Administrator

Hi

Add "@Property(name = "sling.auth.requirements", value = "-/bin/mySearchServlet")" This results in the Sling Servlet not requiring authentication. 

Link:- https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html (sling.auth.requirements)

OR

if you call it from external client (another website or REST client plugin...) CQ security filter will be triggered to prevent your action then return 403 error to remove this please follow these steps:

1/ http://localhost:4502/system/console/configMgr
2/ Search for 'Apache Sling Referrer Filter'
3/ Remove POST method from the filter. Then you can call your POST method anywhere.

 

Another Reference Links:- https://aem6solutions.wordpress.com/2015/06/19/apache-sling-referrer-filter/

I hope this would help you.

Thanks and Regards

Kautuk Sahni



Kautuk Sahni