Skip to Content
0
Former Member
Feb 24, 2015 at 09:45 PM

403 Forbidden issue in SMP 3.0 (new error)

259 Views

Hello experts,


I recently fixed my issue in my previous discussion. It worked using the Advanced Rest Client extension for Chrome. In the previous discussion I was sending XML payload, now I'm sending JSON.


My next step is to move the POST to my hybrid app in javascript, where I have the same result (403 Forbidden) for a different reason, I imagine.


Below are transcripts in JavaScript. First I register the app:

var uri = smpDomainAndPort + pathConnections;

var oHeaders = {};

oHeaders["Authorization"] = "Basic " + btoa(userID + ":" + password);

oHeaders["Content-Type"] = "application/json";

var request = {

headers : oHeaders,

requestUri : uri,

data: connectionData,

method : "POST"

};

OData.request(request, registerSuccess, registerError);


Then I save the APPCID:

function registerSuccess(result) {

appCID = result.ApplicationConnectionId;

window.localStorage.setItem("appcid", appCID);


Later I will do a GET in the Route collection

var oHeaders = {};

oHeaders['X-SMP-APPCID'] = appCID;

oHeaders['X-CSRF-Token'] = 'FETCH';

oHeaders['Authorization'] = "Basic " + btoa(userID + ":" + password);

var strUri = smpDomainAndPort + pathCheckRoute;

strUri = strUri.replace('{0}',1); // ID_USUARIO

strUri = strUri.replace('{1}', '2015-02-24'); // DT_ROTEIRO

var request = {

headers : oHeaders,

requestUri : strUri,

method : "GET"

};

OData.read(request, checkRouteSucess, checkRouteError);


And then save the CSRF token and the SetCookiw with X-SMP-SESSIDSSO X-SMP-SESSID

function checkRouteSucess(data, response) {

csrfToken = response.headers['X-CSRF-Token'];

cookie = response.headers['Set-Cookie'];



Finally I will do a POST in the Route collection

var route = {

ID_ROTEIRO : 7,

DT_ROTEIRO : new Date(),

FINALIZADO : false,

ID_USUARIO : 1

}

var oHeaders = {};

oHeaders['X-SMP-APPCID'] = appCID;

oHeaders['X-CSRF-Token'] = csrfToken;

oHeaders['Authorization'] = "Basic " + btoa(userID + ":" + password);

oHeaders['Content-Type'] = 'application/json';

//oHeaders['Content-Type'] = 'application/json;odata=verbose';

//oHeaders['DataServiceVersion'] = '2.0';

//oHeaders['Content-Length'] = JSON.stringify(route).length;

//oHeaders['Cookie'] = cookie;


var strUri = smpDomainAndPort + pathRoute;

var request = {

headers : oHeaders,

requestUri : strUri,

method : "POST",

data: JSON.stringify(route),

//dataType: 'json'

};

OData.request(request, postRouteSucess, postRouteError);


The result is a 403 Forbidden error.


Captura de Tela 2015-02-24 às 18.06.30.png


There are some commented out above, which I'm not sure are needed. I tested them also, with the same result: 403. Browser is Safari. It also does not work within the hybrid web container (Cordova) in iOS.


I'm not sure if the X-SMP-SESSIDSSO X-SMP-SESSID cookies are needed. But I don't know how to set them correctly. I didn't find any material about this in SCN.


I have tested with front end and back end URLs. I have the 403 error for both:

var smpDomainAndPort = "http://dbs-sap-01:8080";

//var pathApp = '/routetogo_app';

var pathApp = '/gateway/odata/dbserver/routetogo_srv;v=1';

var pathRoute = pathApp + "/ROTEIRO";


SMP version is 3.0 with SP3. Below is a log of the error on the SMP side:


2015-02-24 12:31:16.343#DEBUG#SMPCorrelatedLoggingHandler#null#POST

2015-02-24 12:31:16.343#DEBUG#SMPApplicationProxyHandler#null#Retrieve appHandler=proxy, application=routetogo_app and backendURL=/ROTEIRO.

2015-02-24 12:31:16.343#DEBUG#ApplicationConnectionHelper#null#Process application connection id.

2015-02-24 12:31:16.343#DEBUG#ApplicationConnectionHelper#null#Request Header ApplicationConnection ID= 381dffb0-d4bc-4c2f-8077-e1a1304de4e4

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#----------In DirectProxy handle()--------- : routetogo_app

2015-02-24 12:31:16.358#INFO#DirectProxy#null#URL rewrite enabled?: true

2015-02-24 12:31:16.358#INFO#DirectProxy#null#Final endpoint URL is http://dbs-sap-01:8080/gateway/odata/dbserver/routetogo_srv;v=1/ROTEIRO

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#----Application Id sent from client is-------- routetogo_app

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#--------------About to fire the request to the backend-----------

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#----------In DirectProxy fireRequest()----------

2015-02-24 12:31:16.358#DEBUG#ProxyUtility#null#Inside getURLRewriteTable()

2015-02-24 12:31:16.358#DEBUG#ProxyUtility#null#appId : routetogo_app

2015-02-24 12:31:16.358#DEBUG#ProxyUtility#null#servlet_url : http://dbs-sap-01:8080/routetogo_app/ROTEIRO

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#Request body before re-write "{\"ID_ROTEIRO\":7}"

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#Request body after re-write "{\"ID_ROTEIRO\":7}"

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#Request headers and cookies

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#header: key=accept value=application/atomsvc+xml;q=0.8, application/json;odata=fullmetadata;q=0.7, application/json;q=0.5, */*;q=0.1

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#header: key=authorization value= *****

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#header: key=maxdataserviceversion value=3.0

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#header: key=accept-language value=pt-br

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#header: key=accept-encoding value=gzip, deflate

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#header: key=content-type value=application/json

2015-02-24 12:31:16.358#DEBUG#DirectProxy#null#header: key=origin value=file://

2015-02-24 12:31:16.374#DEBUG#DirectProxy#null#header: key= content-length value=20

2015-02-24 12:31:16.374#DEBUG#DirectProxy#null#header: key=x-csrf-token value=82A8702ECA13EE8B9F684D4BABA2B075

2015-02-24 12:31:16.374#DEBUG#DirectProxy#null#header: key=dataserviceversion value=1.0

2015-02-24 12:31:16.374#DEBUG#ConnectionPoolManager#null#ConnectionPoolManager get connection

2015-02-24 12:31:16.374#DEBUG#DirectProxy#null#--------------Finished firing the request to backend-----------

2015-02-24 12:31:16.374#DEBUG#DirectProxy#null#Setting Access-Control-Expose-Headers for CORS request

2015-02-24 12:31:16.374#DEBUG#DirectProxy#null#Setting Access-Control-Expose-Headers for CORS request

2015-02-24 12:31:16.374#DEBUG#DirectProxy#null#ODP:Recieved the response from the backend server

2015-02-24 12:31:16.374#DEBUG#DirectProxy#null#Response code is :403

2015-02-24 12:31:16.374#DEBUG#DirectProxy#null#Response cookie: name= X-SMP-SESSIDSSO

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#Response cookie: name= X-SMP-SESSID

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#Response header key:Server Response header value:SAP

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#Response header key:Date Response header value:Tue, 24 Feb 2015 20:31:16 GMT

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#Content Length is : 927

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#Response header key:Content-Type Response header value:text/html;charset=utf-8

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#Response header key:X-CSRF-Token Response header value:Required

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#Response header key:Access-Control-Allow-Credentials Response header value:true

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#Response header key:Access-Control-Allow-Origin Response header value:file://

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#------------content type:|encoding|length--------text/html;charset=utf-8--------927----

2015-02-24 12:31:16.389#ERROR#DirectProxy#null#Response code from backend is 403 for request http://dbs-sap-01:8080/gateway/odata/dbserver/routetogo_srv;v=1/ROTEIRO

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#prepareResponse finally block

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#Content-Type::: text/html;charset=utf-8

2015-02-24 12:31:16.389#DEBUG#ProxyUtility#null#Inside getURLRewriteTable()

2015-02-24 12:31:16.389#DEBUG#ProxyUtility#null#appId : routetogo_app

2015-02-24 12:31:16.389#DEBUG#ProxyUtility#null#servlet_url : http://dbs-sap-01:8080/routetogo_app/ROTEIRO

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null#URL rewrite : response is sent

2015-02-24 12:31:16.389#DEBUG#DirectProxy#null# prepareResponse() method ends

2015-02-24 12:31:16.389#DEBUG#SMPCORSHandler#null#Access-Control-Expose-Headers for CORS request already set by Backend


Thank you,


Luciano Sclovsky


Tags edited by: Jitendra Kansal (Moderator)