Showing posts with label Servlet. Show all posts
Showing posts with label Servlet. Show all posts

Tuesday, 24 September 2019

Access AEM servlet in postman

When you make a POST request to your local AEM author instance, the request will be filtered and restricted by "Apache Sling Referrer Filter" and "Adobe Granite CSRF Filter". Incoming POST requests without the CSRF-Token in the header will be blocked by "Apache Sling Referrer Filter" and "Adobe Granite CSRF Filter".

Steps to configure:

  • Navigate to ConfigMgr
  • Search for 'Apache Sling Referrer Filter'
  • Remove POST method from the filter.
  • Check "Allow Empty" checkbox and click on Save.

  • Search for "Adobe Granite CSRF Filter"
  • Remove POST method from the filter.
  • click on Save.

Click here to download postman and install.

Open Postman app and do the following steps.
  • Select method as POST
  • Enter AEM servlet URL.
  • Navigate to "Authorization" tab and enter username and password.
  • Enter required "Headers"

  • Enter request in the body tab and hit Send button.

XSS Protection for AEM Servlets:

Add XSS protection in AEM servlets using Apache Sling XSSAPI to avoid any scripts tag injected into request. This avoid any penetration issues.


XSSAPI xssapi = slingHttpServletRequestObj.adaptTo(XSSAPI.class); 
  String encodedAttr = xssapi.encodeForHTMLAttr(someUnsafeValue);

Default XSS configuration in AEM is available at /libs/cq/xssprotection/config.xml

Saturday, 4 November 2017

Get properties in AEM sling servlet

Usecase: I had a situation to fetch properties from node/page/cloud configurations from sling servlet. 

Issue: In wcmusepojo we can get these cloud configuarations using getInheritedPageProperties(). But inheritedPageProperties variable is not accessible in osgi service or sling servlet.

To get properties of a node/page/cloud configurations from sling servlet do the following.
Below is sample servlet code.
* Author: Kishore Polsani
@Component(name = "com.kishore.aem.GetProperties", label = "Get Properties", immediate = true, metatype = true)
@Properties({ @Property(name = "service.description", value = "Get Properties"),
            @Property(name = "sling.servlet.paths", value = "/services/aemquickstart/getproperties", propertyPrivate = true),
            @Property(name = "service.vendor", value = "AEMQuickstart")
    public class GetProperties extends SlingAllMethodsServlet implements Serializable {
        private static final long serialVersionUID = 1L;
        private Logger log = LoggerFactory.getLogger(GetProperties.class);
        protected SlingRepository repository;
        private ResourceResolverFactory resolverFactory;
        protected void doGet(SlingHttpServletRequest request, SlingHttpServletResponse response) throws ServletException
            try {
                Map<String, Object> param = new HashMap<String, Object>();  
                param.put(ResourceResolverFactory.SUBSERVICE, "readService");
                ResourceResolver resourceResolver=null;
                resourceResolver = resolverFactory.getServiceResourceResolver(param);
                /* Get this path from ajax call request*/
                Resource pageResource = resourceResolver.getResource("/etc/cloudservices/salesforce/kishore/jcr:content");
                Node configNode = pageResource.adaptTo(Node.class);
      "Access token from cloud config"+configNode.getProperty("accesstoken"));
                Session session = resourceResolver.adaptTo(Session.class);
            } catch (AccessDeniedException e) {
            } catch (PathNotFoundException e) {
            } catch (ItemExistsException e) {
            } catch (ReferentialIntegrityException e) {
            } catch (ConstraintViolationException e) {
            } catch (InvalidItemStateException e) {
            } catch (VersionException e) {
            } catch (LockException e) {
            } catch (NoSuchNodeTypeException e) {
            } catch (LoginException e) {
            } catch (RepositoryException e) {

Check this post to get properties in different way: Registering a Servlet for every Page in AEM

Saturday, 22 April 2017

Integrate AEM with Docusign - Part 1

Integrate AEM with Docusign to get Docusign account information

What is Docusign?

DocuSign® is The Global Standard for Digital Transaction Management. Accessible anytime, anywhere on any device, global enterprises, business departments, individual professionals, and consumers in all industries solve their paper problems by replacing manual, paper-based methods with DocuSign. The result is accelerated transactions that increase speed to results, reduce costs, improve visibility and control, and delight customers. DocuSign helps you keep business digital with the easiest, fastest, most secure way to send, sign, manage and store documents in the cloud.

Why Docusign?

Saturday, 18 March 2017

Populating AEM Component Dialog fields using JSON data returned by Sling Servlets

You can invoke an Adobe Experience Manager (AEM) Sling Servlet to populate fields that appear in AEM component dialog. That is, instead of hard-coding values in JavaScript, you can populate a dialog drop-down using a Servlet's return value (for example, JSON data), as shown in the following illustration. 

Sunday, 6 December 2015

Servlet to get all tags assigned to a DAM Asset in JSON format

Recently there was a requirement to fetch all tags assigned to a DAM Assets. It can be implemented via servlets where a Ajax call can be made. If you have never worked on such kind of use case then this is a must to learn and implement article for you. Its uses Tag Manager API and return data in JSON format. In our scenario it was easy to get data in JSON format, however you are free to convert it to any bases on your requirement
1. Define the annotaton @slingServlet with path you want to use for accessing it.
2.  Get the ‘path‘ parameter from request to get the image location. Once received, adapt this resource to Asset class. Start reading the ‘cq:tags‘ property where all tags are stored.
3. Now you have tags, but we need to get the title of tags and convert into JSON object that has to be returned.
4. At last, return the output in JSON format
5. The same request can be made via JS  to get the response
DAM Tags
Here is final complete code that can be used