AEM, FORM Submission & Handling POST requests

By
In this article I’ll be specifically talking about how to handle POST request in AEM and what options we have.

Please note that Adobe has added more security around handling POST request from AEM 6.x onwards to prevent CSRF attack. If you don’t configure AEM correctly, POST requests will not work even after using any of methods explained in this article.  You can read more about security configurations and restriction at:
https://docs.adobe.com/docs/en/aem/6-1/develop/security/csrf-protection.html

It is very common use cases to have external application POST some data to an AEM page (e.g. /content/en/home.html) or even submit a form (POST) to same URL. But, as you know that in AEM POST works differently and any POST call to AEM is intercepted by Sling’s POST servlet (org.apache.sling.servlets.post.impl.SlingPostServlet).

In some cases org.apache.sling.servlets.post.impl.SlingPostServlet is very useful when you actually want to perform CURD (create, update, read and delete) operation on JCR nodes. If you are interested in manipulating nodes in AEM and don’t want to deal with low level JCR session and access right etc. then look at some simple but, very powerful examples at below URL:

https://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html

Let’s go back to our original topic and define a use case for this article. Let’s say we have a page /content/en/home.html and following are acceptance criteria:

1. GET request should render the original page as HTML (/content/en/home.html).
2. POST request to same page should also render the same page and should persist the original request object (request parameters etc.)
3. External application should be able to POST data to /content/en/home.html and we should be able to access it via request.getParameter(“WHATEVER_PARAM_NAME”)

Out of box first use case just works without any customizations. But, if you try to POST some thing to same URL you’ll not get expected result because Sling’s POST servlet will intercept the request and will think we are trying to perform some CURD operation but that is not what we want in this case.

Sling provides a very useful utility to check which script/servlet will be invoked and if there are multiple eligible servlets that can handle the request then what will be the order. On your author instance navigate to below URL and enter any URL and choose request method (GET, POST etc.) and click resolve. The result will show a list of servlets and their order.

http://localhost:4502/system/console/servletresolver

By default the order of POST request processing is as follows:

1. com.adobe.granite.rest.impl.servlet.DefaultServlet (OptingServlet)
2. org.apache.sling.servlets.post.impl.SlingPostServlet
3. org.apache.sling.jcr.webdav.impl.servlets.SlingWebDavServlet

So, what options we have?

1. Create a Sling servlet
2. Add a POST.jsp at template level and update form action so that it points to jcr:content e.g. (/content/en/home/jcr:content.html).  We need to add jcr:content in URL because this is the node where we have sling:resourceType defined which will tells sling’s resolver where our POST.jsp is sitting that is capable of handling POST request. If we don’t include jcr:content in path then Sling’s POST servlet will handle the request.
3. Just include “.external”  (e.g.  (/content/en/home.external.html) selector to your POST request URL. Does this sound simple? Yes it is.

I’ll not explain first 2 options as you can find ample of examples for those 2 options on internet. I am going to talk about power of 3rd option in this article. So how does this works?

In AEM every page (.html) has a primary type jcr:primaryType = cq:Page and there are set of scripts that are mapped with this primary type which intercepts request and renders a page differently based on factors like selector, type of request method (by default only GET is handled) etc. You can find these mapping scripts for cq:Page under the folder /libs/foundation/components/primary/cq/Page. One of script under this folder is external.POST.jsp and this is the script which is responsible for handling a POST request with “.external” selector. If you look at the implementation of external.POST.jsp you’ll notice that implementation is very simple, it just creates a wrapper around existing POST request and overrides getMethod() method of SlingHttpServletRequestWrapper class so that it returns GET and forward control page URL (by removing selector) with this wrapped request and response object.

Very simple but powerful technique when you want handle both GET and POST request coming to a page.

I hope this will help you!!! Feel free to comment, suggest correction or anything else that you like…

Comments

Post a Comment

Popular posts from this blog

AEM as a Cloud Service (AEMaaCS) – Architecture Overview

By
Image
AEM as a Cloud Service (AEMaaCS) – Architecture Adobe Experience Manager (AEM) is one of the leading CMS from Adobe and is part of Adobe Experience Cloud (AEC). The Adobe Experience Manager (AEM) web content management offers a set of capabilities for creating, managing, delivering, and personalizing content across various digital marketing channels, including web, mobile, and email.  Before we dive into architecture of AEM as a Cloud Service (AEMaaCS) we need to understand why AEMaaCS is needed and how it is different as compared to classic AEM. To understand this, we’ll first look at: Evolution/history of AEM Challenges with traditional/classic AEM (the AEM that majority of us have used from last 10-12 years) Evolution/History of AEM The software was originally launched in early 2000 as Communiqué (CQ) by Day Software of Basel, Switzerland. After CQ 5.3 had been released, Day Software was acquired by Adobe Systems in 2010 then CQ became Adobe Experience Manager. From
Read more

AEM 6.3 - Bundle Whitelisting - Deprecation of administrative authentication

By
Image
I stumbled on an issue when I was using neab with AEM 6.3. I created few neba ResourceModels and when I tried to access neba Model Registry, I got an error ( java.lang.IllegalStateException: org.apache.sling.api.resource.LoginException: Bundle org.eclipse.gemini.blueprint.extender is NOT whitelisted ): Image: neba Model Registry Menu Image: Error Screen NOTE: Neba team has already fixed it on their development branch and we don’t need to explicitly add whitelisting configuration for neba bundle. Here is the reason for error Originally the ResourceResolverFactory.getAdministrativeResourceResolver and SlingRepository.loginAdministrative methods have been defined to provide access to the resource tree and JCR Repository. These methods proved to be inappropriate because they allow for much too broad access. Consequently these methods are being deprecated and will be removed in future releases of the service implementations. The following methods are deprecat
Read more

AEM - Query list of components and templates

By
Some time while migration or for auditing purposes we need to know where a particular component/template or any other resource have been used. Have you ever wondered about how to fetch a list of all the paths where a particular component or template is being used? I this short article I am going to show a quick way to write a utility with which you can get list if paths (actual resource nodes) where a targeted resource is being used. Here is the code snipped: public void getResourceListHelper(Resource parentResource , String targetSearchPropertyKey ,  String targetSearchPropertyValue , List components ) {      Resource childResource ; for (Iterator resourceChildrenIter = parentResource .listChildren(); resourceChildrenIter .hasNext();  getResourceListHelper ( childResource, targetSearchPropertyKey, targetSearchPropertyValue, components)) { childResource = (Resource) resourceChildrenIter .next(); ValueMap childProperties = (ValueMap) childResource .adap
Read more