It's all about the answers!

Ask a question

why Status Code: 403 Forbidden while trying to create workitem using REST API (OSLC)


Aju Samuel Raju (36710) | asked Mar 11 '15, 9:19 a.m.
Hi,
 I am trying create a workitem in a specific project are in JAZZ server using OSLC API using  "REST Client" Plug in of Firefox.   When POST the URL for creating the  workmitem I got an erro like this

HTTP Status 403 - The user has the roles required to perform this operation, but the permission has been denied because this request might have been forged by a malicious website.
 To prove that this request is not part of a CSRF attack add a new HTTP header with the name 'X-Jazz-CSRF-Prevent' and use the current JSESSIONID value as the value.

I have added the header name :X-Jazz-CSRF-Prevent  and value as the JSESSIONID , (which i got from before authenication with server using the REST Client   URL https://localhost:9443/ccm/whoami.)
But after giving the header name  and value , I am still getting  the status code as  403 Forbidden,


Why is it so.
My system  set up is like this: I have installed the JAZZ team server in an Windows Server 2008 standard  SP1 system. In the  same system I have installed the Eclipse  based RTC Client . 
I  am requesting the  Server  from the REST Client Plugin of Firefox, which is also in the same system.
Is this has any significance in  the problem

Please Help

Regards
Aju


One answer



permanent link
Aju Samuel Raju (36710) | answered Mar 12 '15, 6:29 a.m.
edited Mar 12 '15, 6:53 a.m.
Hi,
I am able to solve the issue,
The Problem was the JSESSIONID,I had given was not the recent one. The Proper JSESSIONID I got from  cookies using the firebug  plugin of the  Firefox browser.

But  now I am getting another  error code, while trying to post URL using the REST Client addon in  Firefox

In the  REST Client
The request is like this for creating a defect work item
Method: POST
 URL:
https://localhost:9443/ccm/oslc/contexts/_vCZKMLvdEeSTocgUXl5eCQ/workitems/defect
Header:
Name:X-Jazz-CSRF-Prevent
Value : E6AC0F6331FC2403A19B77A809558AB4  ( it is the JSession ID I got from the cookies)


Response:
415 Unsupported Media Type
error Message is like this

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <oslc_cm:error xmlns:oslc_cm="http://open-services.net/xmlns/cm/1.0/">
  3. <oslc_cm:status>415</oslc_cm:status>
  4. <oslc_cm:message>Content type 'text/plain' is not supported.</oslc_cm:message>
  5. </oslc_cm:error>



Comments
Vaibhav S commented Oct 16, 5:32 a.m.

Hi,


On using the Tag X-Jazz-CSRF-Prevent , Postman tells me to use   &#39;X-Jazz-CSRF-Prevent&#39;  Tag instead.

When I use the 2nd Tag Postman says its not a valid Header for Http.

Please let me know your views on this .

Thanks
Vaibhav

Your answer


Register or to post your answer.