why Status Code: 403 Forbidden while trying to create workitem using REST API (OSLC)
Hi,
I am trying create a workitem in a specific project are in JAZZ server using OSLC API using "REST Client" Plug in of Firefox. When POST the URL for creating the workmitem I got an erro like this
HTTP Status 403 - The user has the roles required to perform this operation, but the permission has been denied because this request might have been forged by a malicious website.
To prove that this request is not part of a CSRF attack add a new HTTP header with the name 'X-Jazz-CSRF-Prevent' and use the current JSESSIONID value as the value.
I have added the header name :X-Jazz-CSRF-Prevent and value as the JSESSIONID , (which i got from before authenication with server using the REST Client URL https://localhost:9443/ccm/whoami.)
But after giving the header name and value , I am still getting the status code as 403 Forbidden,
Why is it so.
My system set up is like this: I have installed the JAZZ team server in an Windows Server 2008 standard SP1 system. In the same system I have installed the Eclipse based RTC Client .
I am requesting the Server from the REST Client Plugin of Firefox, which is also in the same system.
Is this has any significance in the problem
Please Help
Regards
Aju
I am trying create a workitem in a specific project are in JAZZ server using OSLC API using "REST Client" Plug in of Firefox. When POST the URL for creating the workmitem I got an erro like this
HTTP Status 403 - The user has the roles required to perform this operation, but the permission has been denied because this request might have been forged by a malicious website.
To prove that this request is not part of a CSRF attack add a new HTTP header with the name 'X-Jazz-CSRF-Prevent' and use the current JSESSIONID value as the value.
I have added the header name :X-Jazz-CSRF-Prevent and value as the JSESSIONID , (which i got from before authenication with server using the REST Client URL https://localhost:9443/ccm/whoami.)
But after giving the header name and value , I am still getting the status code as 403 Forbidden,
Why is it so.
My system set up is like this: I have installed the JAZZ team server in an Windows Server 2008 standard SP1 system. In the same system I have installed the Eclipse based RTC Client .
I am requesting the Server from the REST Client Plugin of Firefox, which is also in the same system.
Is this has any significance in the problem
Please Help
Regards
Aju
One answer
Hi,
I am able to solve the issue,
The Problem was the JSESSIONID,I had given was not the recent one. The Proper JSESSIONID I got from cookies using the firebug plugin of the Firefox browser.
But now I am getting another error code, while trying to post URL using the REST Client addon in Firefox
In the REST Client
The request is like this for creating a defect work item
Method: POST
URL: https://localhost:9443/ccm/oslc/contexts/_vCZKMLvdEeSTocgUXl5eCQ/workitems/defect
Header:
Name:X-Jazz-CSRF-Prevent
Value : E6AC0F6331FC2403A19B77A809558AB4 ( it is the JSession ID I got from the cookies)
Response:
I am able to solve the issue,
The Problem was the JSESSIONID,I had given was not the recent one. The Proper JSESSIONID I got from cookies using the firebug plugin of the Firefox browser.
But now I am getting another error code, while trying to post URL using the REST Client addon in Firefox
In the REST Client
The request is like this for creating a defect work item
Method: POST
URL: https://localhost:9443/ccm/oslc/contexts/_vCZKMLvdEeSTocgUXl5eCQ/workitems/defect
Header:
Name:X-Jazz-CSRF-Prevent
Value : E6AC0F6331FC2403A19B77A809558AB4 ( it is the JSession ID I got from the cookies)
Response:
415 Unsupported Media Type
error Message is like this
- <?xml version="1.0" encoding="UTF-8"?>
- <oslc_cm:error xmlns:oslc_cm="http://open-services.net/xmlns/cm/1.0/">
- <oslc_cm:status>415</oslc_cm:status>
- <oslc_cm:message>Content type 'text/plain' is not supported.</oslc_cm:message>
- </oslc_cm:error>
