Skip to main content

Servlets

POST and Authentication

When writing a Sling Servlet that handles POST requests, you might want to test it, by firing requests from a tool such as curl or Postman. This requires you to authenticate yourself via a cookie. The following example will demonstrate how a simple POST Servlet can be written and tested.

This Servlet listens on requests to the defined ResourceType + .action url selector.

If you place a component of the referenced ResourceType on a page, an example request url could look like this: http://localhost:4502/content/myproject/de/testpage/jcr:content/root/responsivegrid/contactform.action.json.

TestFormServlet.java
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import static org.apache.sling.api.servlets.ServletResolverConstants.SLING_SERVLET_EXTENSIONS;
import static org.apache.sling.api.servlets.ServletResolverConstants.SLING_SERVLET_METHODS;
import static org.apache.sling.api.servlets.ServletResolverConstants.SLING_SERVLET_RESOURCE_TYPES;
import static org.apache.sling.api.servlets.ServletResolverConstants.SLING_SERVLET_SELECTORS;

@Component(
service = {Servlet.class},
property = {
SLING_SERVLET_METHODS + "=POST",
SLING_SERVLET_EXTENSIONS + "=json",
SLING_SERVLET_RESOURCE_TYPES + "=myproject/components/contactform",
SLING_SERVLET_SELECTORS + "=action"
}
)
public class ContactFormServlet extends SlingAllMethodsServlet {

@Override
protected void doPost(SlingHttpServletRequest request, final SlingHttpServletResponse response) throws ServletException, IOException {
// handle POST
}
}

To test this via Postman, you will need to add AEMs Login Cookie. Open your Browsers Dev Tools and find the Cookies for your AEM Instance, most likely running at localhost:4502.

You now need to add this cookie "by hand" to your Postman configuration and remember to update its value, on instance restart / new login / value change.

The added cookie with its Key Value Pair (name=value) looks like this:

I'd suggest to increase / adapt the Expires Timestamp to at least a couple hours in the future.

When firing a POST Request to http://localhost:4502/content/myproject/de/testpage/jcr:content/root/responsivegrid/contactform.action.json your servlet will correctly handle that request and return a non 401 HTTP statuscode.

Quick Infos

Infos

Infos 2

DO

@SlingServlet(
resourceTypes = "sling/servlet/default",
selectors = "selector",
extensions = "tab",
methods = HttpConstants.METHOD_GET
)

DON'T

@Component
@Service(value = javax.servlet.Servlet.class)
@Properties({ @Property(name = "sling.servlet.resourceTypes", value = { "sling/servlet/default" }),
@Property(name = "sling.servlet.selectors", value = { "selector" }),
@Property(name = "sling.servlet.extensions", value = { "tab" }),
@Property(name = "sling.servlet.methods", value = { HttpConstants.METHOD_GET }) })