Friday, June 24, 2016

Caused by: Resource is not modifiable - Adobe CQ5/AEM

The below exception will be thrown most of the cases while accessing the servlet with post from AEM.

The actual issue is AEM could not ale to resolve the servlet and assumes it as a resource path but this is not a valid resource path, the below exception will be thrown when AEM tries to set the property values.

Caused by: Resource at '/services/formservlet' is not modifiable.

The steps to narrow down the issue:

Resolve the Servlet:

Go to http://<<AEM Host>>:4503/system/console/configMgr - Sling--> Sling Servlet Resolver and resolve the servlet path, if the servlet path is resolved then there is no issue if not the servlet is not configured properly.

Path resolved to a Servlet

Path not resolved a Servlet

Verify the Servlet configuration:

Cross verify and make sure the servlet is configured properly

e.g servlet

immediate = true,
label = "Servlet",
description = "Servlet",
metatype = true)
name = "FormServlet",
description = "FormServlet",
methods = "POST",
generateComponent = false,
paths = "/services/formservlet")
@Service(value = Servlet.class)
public class FormServlet extends SlingAllMethodsServlet implements Serializable {

protected void doPost(SlingHttpServletRequest request,
SlingHttpServletResponse response) throws ServletException,
IOException {
protected void doGet(SlingHttpServletRequest request,
SlingHttpServletResponse response) throws ServletException,
IOException {
doPost(request, response);


Verify the servlet resolver configuration:

Go to http://<<AEM Host>>:4503/system/console/configMgr - Sling--> Apache Sling Servlet/Script Resolver and Error Handler and make sure the servlet base patch is added under Execution paths.

Apache Sling Referrer Filter:

If the servlet is invoked externally then make sure the host name of the source system is added to the Allow Hosts section of the Apache Sling Referrer Filter

CSRF Filter(above AEM 6.1):

Adobe added CSRF (Cross-Site Request Forgery) protection with version 6.1 and we need to ensure that the CSRF token is included while submiting the form.

This should be handled automatically if we are using AEM's version of jQuery. This library has the code to get the token and add it to all XHR and forms.

If we are using a different version of jQuery or not using the jQuery, then we have to include the 'granite.csrf.standalone' client library and it will do the same functionality.

Refer the following link for more details -

Also, if the servlet is working properly from publisher/author and not only working from dispatcher then the issue might be with some of the cached scripts in dispatcher is not updated, try to clear the dispatcher cache for JS scripts and try the scenario again.


  1. Thanks for the detailed solution Albin

  2. Thanks for always giving us the right solutions. My students from help with college essay writing definitely knows how to resolve this kind of issue from now on.

  3. The blog gave me idea about exception thrown during servlet and steps for resolving the servlet is very much useful Thanks for sharing this post
    Java Training in Chennai


Contact Form


Email *

Message *