Creating WorkItems using OSLC services
Bartosz Chrabski (3.4k●2●29●49)
| asked May 18 '13, 9:21 a.m.
retagged May 20 '13, 3:09 a.m. by Krzysztof Kaźmierczyk (7.5k●4●80●103)
Hi Team,
With the article https://jazz.net/wiki/bin/view/Main/WorkItemAPIsForOSLCCM20 I was trying to create sample work items but failed. I would be thankful for any help.
https://myserver.pl:9443/ccm/oslc/contexts/_HeU8o6FZEeKEFa0gk6Ppqw/workitems/defect
Header (method POST):
Accept: application/rdf+xml
OSLC-Core-Version: 2.0
Body :
<rdf:RDF
xmlns:dcterms="http://purl.org/dc/terms/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:rtc_cm="http://jazz.net/xmlns/prod/jazz/rtc/cm/1.0/" >
<rdf:Description rdf:nodeID="A0">
<dcterms:title rdf:parseType="Literal">Sample Work Item</dcterms:title>
</rdf:Description>
</rdf:RDF>
I get 403 Forbidden as status and as body
<html><head><title>Apache Tomcat/7.0.32 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 403 - The user has the roles required to perform this operation, but the permission has been denied because this request might have been forged by a malicous website. To prove that this request is not part of a CSRF attack add a new HTTP header with the name 'X-Jazz-CSRF-Prevent' and use the current JSESSIONID value as the value.</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>The user has the roles required to perform this operation, but the permission has been denied because this request might have been forged by a malicous website. To prove that this request is not part of a CSRF attack add a new HTTP header with the name 'X-Jazz-CSRF-Prevent' and use the current JSESSIONID value as the value.</u></p><p><b>description</b> <u>Access to the specified resource has been forbidden.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.32</h3></body></html>
|
2 answers
Hi Bartek,
I remember we had really difficult PMR similatr to that. The root cause was that proxy server or WAS itself was changing JSESSIONID cookie. Do you have any proxy between server and client? Could you check if your script is working on the testing environment e.g. located on your laptop? Comments
Bartosz Chrabski
commented May 20 '13, 7:06 a.m.
Krzyszotf,
There is no proxy server between client and JTS server.
Server is tomcat and db2 based. It is not working local and remotely, I have to set X-Jazz-CSRF-Prevent which is impossible in case of the created solution.
|
The "solution" is to add the "X-Jazz-CSRF-Prevent" header as suggested in the error message. Before you can create a work item, you must log on to the server already - in this case, you _should_ have the JSESSIONID cookie (unless you have got the issue which Krzysztof mentioned).
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.
Comments
Hi Bartosz Chrabski, had you got any solution for this issue? Please let me know as I am too facing similar kind of error while creating work item in RTC.