403 Forbidden response from POST request when trying to create workitem using REST API (OSLC)
Has this been answered yet? I am getting a 403: Forbidden from my POST request to create a workitem. I am using the RESTClient plugin on Firefox to access the RTC environement that I created from running the RTC Extension Workshop 6.0.3
I am able to successfully do a PUT request to update a workitem that I created manually.
Header: OSLC-Core-Version: 2.0
Accept: application/rdf+xml
Content-Type: application/rdf+xml×
Body: ..................................
Then I used an edited version of the raw response from the PUT above as the BODY for the POST request for workitem creation.
| Accept | application/rdf+xml |
| OSLC-Core-Version | 2.0 |
| Content-Type | application/rdf+xml |
| X-Jazz-CSRF-Prevent |
JSESSIONID=68A5F67E56D9396A2517866731AC2D8A; path=/ccm; domain=jazz.net; Secure; HttpOnly
|
Body:
<rdf:RDF
xmlns:rtc_ext="http://jazz.net/xmlns/prod/jazz/rtc/ext/1.0/"
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:oslc="http://open-services.net/ns/core#"
xmlns:oslc_cm="http://open-services.net/ns/cm#"
xmlns:rtc_cm="http://jazz.net/xmlns/prod/jazz/rtc/cm/1.0/"
xmlns:oslc_cmx="http://open-services.net/ns/cm-x#">
<oslc_cm:ChangeRequest>
<dcterms:title rdf:parseType="Literal">Sample Work Item</dcterms:title>
<dcterms:description>Task Created from HTTP POST request</dcterms:description>
<rtc_cm:type rdf:resource="https://localhost:9443/ccm/oslc/types/_GEcakBVmEee6xq3fftABNg/task"/>
rtc_cm:filedAgainst rdf:resource="https://localhost:9443/ccm/resource/itemOid/com.ibm.team.workitem.Category/_P96aEBVmEee7sYeSp0HetA"/>
</oslc_cm:ChangeRequest>
</rdf:RDF>
I pretty much tried and exhausted every forum and resources available online.
Response Body
Permission Denied
Your account does not have the group memberships required to access the requested resource.
- Status Code: 403 Forbidden
</pre> </div> </div>
Accepted answer
The error is "your account does not have the group memberships required to access the requested resource", and you should base your investigation on that.
The first thing you need to check is of course the group membership.
The second thing, if you are using the same user ID (and you can create new WI using Java API or Web UI), is to make sure the HTTP request header X-Jazz-CSRF-Prevent contains the correct JSESSIONID at the time of the execution.