It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×42,457
×10,542
×7,115
×4,198
×507

question asked: May 18 '13, 9:21 a.m.
question was seen: 6,186 times
last updated: Jun 16 '15, 9:30 p.m.

Related questions

FAQ - How this Forum works

Creating WorkItems using OSLC services

2
Bartosz Chrabski (3.3k12245) | asked May 18 '13, 9:21 a.m.
retagged May 20 '13, 3:09 a.m. by Krzysztof Kaźmierczyk (7.4k35499)
Hi Team,

With the article https://jazz.net/wiki/bin/view/Main/WorkItemAPIsForOSLCCM20 I was trying to create sample work items but failed. I would be thankful for any help.

https://myserver.pl:9443/ccm/oslc/contexts/_HeU8o6FZEeKEFa0gk6Ppqw/workitems/defect

Header (method POST):

Accept: application/rdf+xml
OSLC-Core-Version: 2.0

Body : 

<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
    xmlns:rtc_cm="http://jazz.net/xmlns/prod/jazz/rtc/cm/1.0/" > 
  <rdf:Description rdf:nodeID="A0">
    <dcterms:title rdf:parseType="Literal">Sample Work Item</dcterms:title>
  </rdf:Description>
</rdf:RDF>

I get 403 Forbidden as status and as body

<html><head><title>Apache Tomcat/7.0.32 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 403 - The user has the roles required to perform this operation, but the permission has been denied because this request might have been forged by a malicous website. To prove that this request is not part of a CSRF attack add a new HTTP header with the name 'X-Jazz-CSRF-Prevent' and use the current JSESSIONID value as the value.</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>The user has the roles required to perform this operation, but the permission has been denied because this request might have been forged by a malicous website. To prove that this request is not part of a CSRF attack add a new HTTP header with the name 'X-Jazz-CSRF-Prevent' and use the current JSESSIONID value as the value.</u></p><p><b>description</b> <u>Access to the specified resource has been forbidden.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.32</h3></body></html>
Comments
Uday Bhosale commented Jun 16 '15, 2:12 a.m. | edited Jun 16 '15, 7:16 a.m.

 Hi Bartosz Chrabski, had you got any solution for this issue? Please let me know as I am too facing similar kind of error while creating work item in RTC. 



2 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Krzysztof Kaźmierczyk (7.4k35499) | answered May 20 '13, 3:09 a.m.
Hi Bartek,
I remember we had really difficult PMR similatr to that. The root cause was that proxy server or WAS itself was changing JSESSIONID cookie.
Do you have any proxy between server and client?
Could you check if your script is working on the testing environment e.g. located on your laptop?
Comments
Bartosz Chrabski commented May 20 '13, 7:06 a.m.

Krzyszotf,


There is no proxy server between client and JTS server.

Server is tomcat and db2 based. It is not working local and remotely, I have to set X-Jazz-CSRF-Prevent which is impossible in case of the created solution. 

0
permanent link
Donald Nong (14.4k314) | answered Jun 16 '15, 9:30 p.m.
The "solution" is to add the "X-Jazz-CSRF-Prevent" header as suggested in the error message. Before you can create a work item, you must log on to the server already - in this case, you _should_ have the JSESSIONID cookie (unless you have got the issue which Krzysztof mentioned).

Your answer

Register or to post your answer.