cancel
Showing results for 
Search instead for 
Did you mean: 

forbidden error during POST on odata service

0 Kudos

Hello Experts,

I trying to create POST operation on my odata web-service for that,

first I am doing GET on odata

After that, using CSRF token I am doing POST operation like below

and result of that POST is 403 forbidden.

Can someone please help me why its give 403 error . I also cross check my Payload but its correct.

Thanks in advance,

Sincerely,

Vipul

Accepted Solutions (1)

Accepted Solutions (1)

SergioG_TX
Active Contributor
0 Kudos

Vipul,

does your user have access to insert/delete/update into the database table?

if so, please verify directly on the sql console that you can insert/update new record

does your odata service allow for the insert/update? make sure it does not prevent it in the service definition.

Answers (2)

Answers (2)

agentry_src
Active Contributor
0 Kudos

Discussion successfully moved from SAPUI5 Developer Center to SMP Developer Center

as the more appropriate community for this topic.

Regards, Mike (Moderator)

SAP Technology RIG

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
0 Kudos

Check if you are able to ping application in SMP management cockpit? (if endpoint url is https, you have to import its certificate into smp keystore)

Make a POST call directly in the backend. Does it work?

Regards,

JK

0 Kudos

Hey Jitendra ,

I able to ping my application from SMP management cockpit . And my endpoint URL is https, can you please help me which certificated i have to import in keystore?

0 Kudos

I also try to POST direct on back end . But it also give same 403 forbidden .

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
0 Kudos

If ping is successful and if backend request is reaching successfully, then endpoint url's certificate is already there in SMP keystore (as its HTTPS based)


I also try to POST direct on back end . But it also give same 403 forbidden .

So here is the problem, first you have to solve this and then you can try via SMP.

You have to get involved with Gateway and backend team on the POST request you are trying. Hope they will be able to help you.

Regards,

JK

0 Kudos

Hello ,

I checked with backend team for POST but still didnt find any exact solution . We checked our sql server its working fine. I also added some data on table by manually its added successfully . dont know why its give error using REST.

Is there any way to check in sql server manager  when I hit POST request on url what happen in sql server manager ?

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
0 Kudos

Is your backend SQL server?

How exactly did you expose its data into OData service ? Via Integration gateway? If yes, can you share BACKEND settings done in Admin cockpit?

Regards,

JK

0 Kudos

Yes My backnd is SQL server . and By creating jdbc connection we expose data .

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
0 Kudos


Please provide more info, you haven't mentioned how you have converted backend data into odata service?


Regards,

JK

0 Kudos

this is my SMP admin cockpit destination window. Here I created TEST name service.

Also success ping from this destination.

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
0 Kudos

Looks like you are using Integration gateway to convert JDBC data into OData.

Did you enable Microsoft's JDBC driver for OSGi  already? Check this ()

Are you able to retrieve content of BYPASS entity in the OData service? Can you share it?

Once this works, then you can test it via SMP AppID.

Regards,

JK

0 Kudos

yes I already enable OSGi.

and Yes In browser I am able to get data of BYPASS entity.

Is there any kind of permission issue in SQL server manager for POST data.?

Jitendra_Kansal
Product and Topic Expert
Product and Topic Expert
0 Kudos

Can you share what is authentication provider you have selected for the app (in Admin cockpit)?

Also check if you are able to make a DELETE call to the same url?

url: https://server:8086/gateway/odata/SAP/TEST;v=1/BYPASS('1')

steps:

1. Do GET call, fetch csrf token

2. DELETE call with above url

     header:

authorization, x-smp-appcid, csrf-token, content-type

Regards,

JK

0 Kudos

Hello

OData.request 

                ({  

                     requestUri: 

         "proxy/http/cors-anywhere.herokuapp.com/XXXX:8081/com.sap.elogbook/BYPASS",  

                           method: "GET",  

                           headers:  

                               {       

                                               "X-SMP-APPCID": "b5c4d3c6-1745-4d53-9465-91a8fc2c53f9",

                                              "X-Requested-With": "XMLHttpRequest", 

                                              "Content-Type": "application/atom+xml", 

                                              "DataServiceVersion": "2.0",          

                                              "X-CSRF-Token":"Fetch"      

                                 }                    

                        },  

                         function (data, response) 

                         { 

                                     var header_xcsrf_token = response.headers['X-CSRF-TOKEN'];

                                     //var cookie = response.headers['Set-Cookie'];

                          OData.request 

                          ({  

                               requestUri: 

         "proxy/http/cors-anywhere.herokuapp.com/XXXX:8081/com.sap.elogbook/BYPASS",  

                                     method: "POST",  

                                     headers: {  

                                         "X-SMP-APPCID": " b5c4d3c6-1745-4d53-9465-91a8fc2c53f9",

                                                            "X-Requested-With": "XMLHttpRequest",                        

                                                            "Content-Type": "application/atom+xml", 

                                                            "DataServiceVersion": "2.0",  

                                                            "Accept": "application/atom+xml,application/atomsvc+xml,application/xml", 

                                                            "X-CSRF-Token": header_xcsrf_token  

                                                        },  

                                     data:  

                                         {  

                                         LOGNO: "66",

                                         BYPASSNAME: "PANARA",

                                         DATE: "2016-02-02",

                                         UNIT: "3",

                                         STATUS: "inservice",

                                         TIME: "02:02:00",

                                         LOCATIONID: "1",

                                         CREATED_DATE: "3016-02-02 00:00:00.0",

                                         UPDATED_DATE: "2016-03-03 00:00:00.0",

                                         CREATED_BY: "AAA",

                                         UPDATED_BY: "BBB"

                                                         }  

                                  },  

                                    function (data, response) 

                                    {  

                                                     $("<div>Returned data " + window.JSON.stringify(data) + "</div>").appendTo($("#MessageDiv")); 

                                    },  

                                           function (err)  

                                           { 

                                                $("<div>Returned error " + window.JSON.stringify(err.response) + "</div>").appendTo($("#MessageDiv")); 

                                           } 

                          ); 

                },  

                               function (err)  

                               { 

                                    var request = err.request; // the request that was sent. 

                                    var response = err.response; // the response that was received. 

                                    alert("Error in Get -- Request "+request+" Response "+response); 

                               } 

                );

I can get data success throw this URL but POST give 403 forbidden. Can you please help me in eclipse code.

ravitiwari
Associate
Associate
0 Kudos

Hi Vipul,

Did you try with Authorization header in your post request.

Regards

Ravi Tiwari

0 Kudos

Hey Raviprakash,

There is no authorization in my SMP based web-service .