It's all about the answers!

Ask a question

403 Forbidden response from POST request when trying to create workitem using REST API (OSLC)


Anselme Joseph (132) | asked Apr 06 '17, 2:54 p.m.
converted to question Apr 06 '17, 3:02 p.m.

 Has this been answered yet? I am getting a 403: Forbidden  from my POST request to create a workitem. I am using the RESTClient plugin on Firefox to access the RTC environement that I created from running the RTC Extension Workshop 6.0.3

I am able to successfully do a PUT request to update a workitem that I created manually.
Header: OSLC-Core-Version: 2.0
Accept: application/rdf+xml
Content-Type: application/rdf+xml×
Body: ..................................
Then I used an edited version of the raw response from the PUT above as the BODY for the POST request for workitem creation.
Accept application/rdf+xml
OSLC-Core-Version 2.0
Content-Type application/rdf+xml
X-Jazz-CSRF-Prevent JSESSIONID=68A5F67E56D9396A2517866731AC2D8A; path=/ccm; domain=jazz.net; Secure; HttpOnly


Body:

<rdf:RDF
    xmlns:dcterms="http://purl.org/dc/terms/"
    xmlns:oslc_cm="http://open-services.net/ns/cm#"
<oslc_cm:ChangeRequest> 
    <dcterms:title rdf:parseType="Literal">Sample Work Item</dcterms:title>
<dcterms:description>Task Created from HTTP POST request</dcterms:description>
</oslc_cm:ChangeRequest>
</rdf:RDF>

I pretty much tried and exhausted every forum and resources available online.

Response Body

Permission Denied

Your account does not have the group memberships required to access the requested resource.
  1. Status Code: 403 Forbidden

        </pre>
    </div>
</div>

Accepted answer


permanent link
Donald Nong (14.4k313) | answered Apr 06 '17, 10:37 p.m.

The error is "your account does not have the group memberships required to access the requested resource", and you should base your investigation on that.

The first thing you need to check is of course the group membership.

The second thing, if you are using the same user ID (and you can create new WI using Java API or Web UI), is to make sure the HTTP request header X-Jazz-CSRF-Prevent contains the correct JSESSIONID at the time of the execution.

Anselme Joseph selected this answer as the correct answer

Your answer


Register or to post your answer.