Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Simple Webservice in AEM not accessible - Authentication Failure

Avatar

Level 3

Hello,

AEM Version: 6.1

I have a simple SlingServlet which returns a string on /GET at path /bin/getstring

This AEM is hosted at, for example, http://custom-host.com:4502

Now, an external frontend application is not been able to sent GET requests to this service and looking at the network logs, I receive 403 Forbidden.

As I understand, the login-cookie is not created by the external frontend application and hence  403 is thrown. Is there a possibility of a workaround here for an external frontend application to call the AEM based custom servlet?

1 Accepted Solution

Avatar

Correct answer by
Administrator

Hi

Add "@Property(name = "sling.auth.requirements", value = "-/bin/mySearchServlet")" This results in the Sling Servlet not requiring authentication. 

Link:- https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html (sling.auth.requirements)

OR

if you call it from external client (another website or REST client plugin...) CQ security filter will be triggered to prevent your action then return 403 error to remove this please follow these steps:

1/ http://localhost:4502/system/console/configMgr
2/ Search for 'Apache Sling Referrer Filter'
3/ Remove POST method from the filter. Then you can call your POST method anywhere.

 

Another Reference Links:- https://aem6solutions.wordpress.com/2015/06/19/apache-sling-referrer-filter/

I hope this would help you.

Thanks and Regards

Kautuk Sahni

View solution in original post

2 Replies

Avatar

Correct answer by
Administrator

Hi

Add "@Property(name = "sling.auth.requirements", value = "-/bin/mySearchServlet")" This results in the Sling Servlet not requiring authentication. 

Link:- https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-framework.html (sling.auth.requirements)

OR

if you call it from external client (another website or REST client plugin...) CQ security filter will be triggered to prevent your action then return 403 error to remove this please follow these steps:

1/ http://localhost:4502/system/console/configMgr
2/ Search for 'Apache Sling Referrer Filter'
3/ Remove POST method from the filter. Then you can call your POST method anywhere.

 

Another Reference Links:- https://aem6solutions.wordpress.com/2015/06/19/apache-sling-referrer-filter/

I hope this would help you.

Thanks and Regards

Kautuk Sahni