Expand my Community achievements bar.

SOLVED

Simple Webservice in AEM not accessible - Authentication Failure

Avatar

Level 3
Level 3
5/30/16 3:59:53 AM

Hello,

AEM Version: 6.1

I have a simple SlingServlet which returns a string on /GET at path /bin/getstring

This AEM is hosted at, for example, http://custom-host.com:4502

Now, an external frontend application is not been able to sent GET requests to this service and looking at the network logs, I receive 403 Forbidden.

As I understand, the login-cookie is not created by the external frontend application and hence  403 is thrown. Is there a possibility of a workaround here for an external frontend application to call the AEM based custom servlet?

Views

1.8K

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Administrator
Administrator
5/30/16 5:02:27 AM

Hi

Add "@Property(name = "sling.auth.requirements", value = "-/bin/mySearchServlet")" This results in the Sling Servlet not requiring authentication. 

Link:- https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html (sling.auth.requirements)

OR

if you call it from external client (another website or REST client plugin...) CQ security filter will be triggered to prevent your action then return 403 error to remove this please follow these steps:

1/ http://localhost:4502/system/console/configMgr
2/ Search for 'Apache Sling Referrer Filter'
3/ Remove POST method from the filter. Then you can call your POST method anywhere.

 

Another Reference Links:- https://aem6solutions.wordpress.com/2015/06/19/apache-sling-referrer-filter/

I hope this would help you.

Thanks and Regards

Kautuk Sahni



Kautuk Sahni

View solution in original post

Views

1.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Administrator
Administrator
5/30/16 5:02:27 AM

Hi

Add "@Property(name = "sling.auth.requirements", value = "-/bin/mySearchServlet")" This results in the Sling Servlet not requiring authentication. 

Link:- https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html (sling.auth.requirements)

OR

if you call it from external client (another website or REST client plugin...) CQ security filter will be triggered to prevent your action then return 403 error to remove this please follow these steps:

1/ http://localhost:4502/system/console/configMgr
2/ Search for 'Apache Sling Referrer Filter'
3/ Remove POST method from the filter. Then you can call your POST method anywhere.

 

Another Reference Links:- https://aem6solutions.wordpress.com/2015/06/19/apache-sling-referrer-filter/

I hope this would help you.

Thanks and Regards

Kautuk Sahni



Kautuk Sahni

Views

1.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
Difference Between Technical Accounts in Adobe Developer Console and AEM Cloud Integration for OAuth Authentication

Views

6

Likes

0

Replies

0
Relative or absolute page links within AEM?

Views

23

Likes

0

Replies

1
AEM query results send as email

Views

28

Likes

0

Replies

1
Not getting option to delete the component in AEM

Views

64

Likes

0

Replies

6
Change URL in live copy without breaking inheritance

Views

80

Likes

0

Replies

4