Creating WorkItems using OSLC services
![]()
Bartosz Chrabski (3.3k●1●22●45)
| asked May 18 '13, 9:21 a.m.
retagged May 20 '13, 3:09 a.m. by Krzysztof Kaźmierczyk (7.4k●3●54●99)
Hi Team,
With the article https://jazz.net/wiki/bin/view/Main/WorkItemAPIsForOSLCCM20 I was trying to create sample work items but failed. I would be thankful for any help.
https://myserver.pl:9443/ccm/oslc/contexts/_HeU8o6FZEeKEFa0gk6Ppqw/workitems/defect
Header (method POST):
Accept: application/rdf+xml
OSLC-Core-Version: 2.0
Body :
<rdf:RDF
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:rtc_cm="http://jazz.net/xmlns/prod/jazz/rtc/cm/1.0/" >
<rdf:Description rdf:nodeID="A0">
<dcterms:title rdf:parseType="Literal">Sample Work Item</dcterms:title>
</rdf:Description>
</rdf:RDF>
I get 403 Forbidden as status and as body
<html><head><title>Apache Tomcat/7.0.32 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 403 - The user has the roles required to perform this operation, but the permission has been denied because this request might have been forged by a malicous website. To prove that this request is not part of a CSRF attack add a new HTTP header with the name 'X-Jazz-CSRF-Prevent' and use the current JSESSIONID value as the value.</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>The user has the roles required to perform this operation, but the permission has been denied because this request might have been forged by a malicous website. To prove that this request is not part of a CSRF attack add a new HTTP header with the name 'X-Jazz-CSRF-Prevent' and use the current JSESSIONID value as the value.</u></p><p><b>description</b> <u>Access to the specified resource has been forbidden.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.32</h3></body></html>
|
2 answers
![]()
The "solution" is to add the "X-Jazz-CSRF-Prevent" header as suggested in the error message. Before you can create a work item, you must log on to the server already - in this case, you _should_ have the JSESSIONID cookie (unless you have got the issue which Krzysztof mentioned).
|
Comments
Hi Bartosz Chrabski, had you got any solution for this issue? Please let me know as I am too facing similar kind of error while creating work item in RTC.