getting error on updating DNG resource through rest api
Hi Team, my functionality
- get the dng resource
- modify the resource
- put the dng resource
resource_uri = "https://some-server.com/rm/resources/xxxxxxxxxxx"
config_context_uri = "https://some-server.com/rm/cm/stream/xxxxxxxxxxxxxxxxxxx"
Headers used for get and put
headers = {
"Accept": "application/rdf+xml",
"OSLC-Core-Version": "2.0",
"Configuration-Context": self.config_context_uri,
"Authorization": f"Bearer {token}"
}
if is_put:
headers["Content-Type"] = "application/rdf+xml"
headers["If-Match"] = "*" # Required if ETag/versioning is enforced
After modifying the rdf data for only dcterms: title, I tried to "put" it back to dng server without changing other data from "get" response
Iam getting below error
<rdf:RDF
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
<rdf:Description>
<err:detailedMessage rdf:datatype="http://www.w3.org/2001/XMLSchema#string"
>com.ibm.rdm.fronting.server.exception.PermissionsForbiddenException</err:detailedMessage>
<err:errorMessage rdf:datatype="http://www.w3.org/2001/XMLSchema#string"
>Forbidden</err:errorMessage>
<err:errorStatus rdf:datatype="http://www.w3.org/2001/XMLSchema#long"
>403</err:errorStatus>
</rdf:Description>
</rdf:RDF>
please let me know, how to fix the issue.
7 answers
The If-Match header value must be copied from the GET response header ETag - literally copied, don't add or remove anything.
If this were the only problem I think you'd get a 412 Pre-condition failed response, so I don't think that's the reason you're getting 403 - that means you either don't have permission to modify that type of artifact, or aren't authorised.
Hi Ian Barnard, I have checked with my team, and token has the permission to update
Iam updating the contents inside "dcterms:title" and "dcterms:description" fields
I am updating like below and then sending without changing other fields
<rdf:Description rdf:about="some url">
<dcterms:description rdf:parseType="Literal">Hello world</dcterms:description>
<dcterms:title rdf:parseType="Literal">Hello world</dcterms:title>
is the above fields are updateble through REST API?
Comments
Yes those are updateable - need more detail - what's the error? If it's still 403 then you have authentication/permission problem, can you try the operation using a browser REST client, that's usually the best way to try these things out. It it's 412 then that's If-Match not being copied from the ETag from the GET response. I've never tried the Authorization header, what sort of token is it?
Hi Ian Barnard,
Iam still getting 403 error " >com.ibm.rdm.fronting.server.exception.PermissionsForbiddenException</err:detailedMessage>"
- I also used etag from the GET response as it is
No error observed for below case:
- get the DNG resource using GET response
- Dont modify anything
- Upload to DNG Server without changing anything in GET response.
I got 200 response and no error seen.
Error observed for below case
- get the DNG resource using GET response
- modify only "dcterms:title"
- Upload to DNG Server.
Error response:
<rdf:RDF
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
<rdf:Description>
<err:detailedMessage rdf:datatype="http://www.w3.org/2001/XMLSchema#string"
>com.ibm.rdm.fronting.server.exception.PermissionsForbiddenException</err:detailedMessage>
<err:errorMessage rdf:datatype="http://www.w3.org/2001/XMLSchema#string"
>Forbidden</err:errorMessage>
<err:errorStatus rdf:datatype="http://www.w3.org/2001/XMLSchema#long"
>403</err:errorStatus>
</rdf:Description>
</rdf:RDF>
Authorization header is for adding "Basic" or "Bearer" token or password for authentication in the header.
If I upload to dng server without modifying the GET response, it is not throwing any permission error, but after modifying and upload, it s throwing permission error.
Hi,
Can you try to POST this XML?
<?xml version="1.0" encoding="utf-8"?>
<rdf:RDF
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
>
<rdf:Description rdf:about="">
<rdf:type rdf:resource="http://open-services.net/ns/rm#Requirement"/>
<dcterms:description rdf:parseType="Literal">Hello world</dcterms:description>
<dcterms:title>Hello world</dcterms:title>
</rdf:Description>
</rdf:RDF>
if this one doesn't work, please try finding out your 'instanceShape' and try this one:
'''<?xml version="1.0" encoding="utf-8"?>
<rdf:RDF
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:ns1="http://open-services.net/ns/core#"
>
<rdf:Description rdf:about="">
<rdf:type rdf:resource="http://open-services.net/ns/rm#Requirement"/>
<dcterms:description rdf:parseType="Literal">Hello world</dcterms:description>
<dcterms:title>Hello world</dcterms:title>
<ns1:instanceShape rdf:resource=".........."/>
</rdf:Description>
</rdf:RDF>'''
Otherwise I don't see a problem with the headers, on my side we're using "Accept": "application/xml" instead of your 'rdf+xml' but this shouldn't matter.
Thanks Alexandru.
Currently token dont have permission to create new resources in the DNG. This Info i got from creation factory, there is no "oslc:creation" tag present for "Requirements Creation".
Authentication is happening through microsoft login, not with normal credentials. So I have to use Authentication Bearer token. Using that I cannot test through browser directly, because it is generated from https:/some-url.com/oidc/endpoint/jazzop/token",Only possiblity i can see is using some code. I use python for testing
If I dont have permission to create new resource, does it mean I cannot modify existing resource through "PUT" functionality ?
I have tried multiple ways, I am getting "com.ibm.rdm.fronting.server.exception.PermissionsForbiddenException</err:detailedMessage>"
I have tried your suggested approach also, but got permissio forbidden error. I dont know, how to check whether the token have permission to update, because from creation factory it is clear, I cannot create new resource.
I would reply directly to your comments but the reply character limit is highly restrictive.
1. > Using that I cannot test through browser directly, because it is generated from https:/some-url.com/oidc/endpoint/jazzop/token"
Tokens are fine. I am also using Tokens most of the time.
Please go to your Project Area permissions and give yourself a role with a more leverage on permissions.
2. > "PUT" functionality ?
Please use POST.
3. > I am getting "com.ibm.rdm.fronting.server.exception.PermissionsForbiddenException</err:detailedMessage>"
4. > This Info i got from creation factory, there is no "oslc:creation" tag present for "Requirements Creation".
A user not having permissions to create requirements makes the creation factory say there's no existing 'creation' tag is pretty unexpected. I would expect an 'unable to use', but OK.
Hi Alexandru, Thanks for your quick reply. I am replying here, due to reply section issue
I used POST instead of PUT for updating the resources, Below is the response
Failed to update. Status: 403
<rdf:RDF
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
<rdf:Description>
<err:detailedMessage rdf:datatype="http://www.w3.org/2001/XMLSchema#string"
>CRRRS6400E A HTTP POST request is not valid for this OSLC service</err:detailedMessage>
<err:errorMessage rdf:datatype="http://www.w3.org/2001/XMLSchema#string"
>Forbidden</err:errorMessage>
<err:errorStatus rdf:datatype="http://www.w3.org/2001/XMLSchema#long"
>403</err:errorStatus>
</rdf:Description>
</rdf:RDF>
I thinks POST is only for creating new resources using url from "oslc:creation".