Skip to Content

Batch request failed from Android. 403 Forbidden.

Hi,

I'm developing a native android app with NetWeaver Gateway, OData sdk, SMP 3.0 SP 04 y SMP sdk SP05. I'm trying to execute a batch request from android with store concept so, I make a read request first, with a created batchItem (which is working on the rest client as on android, both return a satus 200 Ok. Img 1. for GET Method in rest Client) for the store object to gets the CSRF-Token, then I create an entity, assign its properties and create a batchItem2, to execute the batch request but with the same store object. I've read that with OnlineStore concept you don't need to manually set the X-CSRF-Token header, that store autmatically from request #1 (read request) gets it and the pass it to the second request (post request). I'll post a part of my code so anyone can tell me what I'm doing wrong or if the concept is bad an I really have to get the CSRF token manually an then put the X-CSRF-Token header manually.

Img 1. GET Method. 200 Ok.

Img 2. POST Method. 202 Accepted. And every changeset gets a 201 Created.


In my android code I have, based on the following two blogs: https://scn.sap.com/thread/3732019 on the answers of Former Member, Former Member, @Jitendra Kansal, and the @Claudia Pacheco's Sending batch request using SMP 3.0 SDK for Android blog.

  StoreOpenListener openListener = StoreOpenListener.getInstance();
  OnlineODataStore store = openListener.getStore();

  ODataRequestParamBatch requestParamBatch = new ODataRequestParamBatchDefaultImpl();

  ODataEntity newEntity = new ODataEntityDefaultImpl("MY_SERVICE_SRV.MarcacionImprMat");
  newEntity.getProperties().put("IPedido", new ODataPropertyDefaultImpl("IPedido", "333333"));
  newEntity.getProperties().put("Maktx", new ODataPropertyDefaultImpl("Maktx", "123 Main street"));

  // Create batch item for GET Method
  ODataRequestParamSingle batchItem = new ODataRequestParamSingleDefaultImpl();
  batchItem.setResourcePath("MarcacionImprMatSet(Matnr='123456',IUsuario='READ_GW')");
  batchItem.setMode(ODataRequestParamSingle.Mode.Read);
  batchItem.setCustomTag("Read operation");

  // Add batch item to batch request
  requestParamBatch.add(batchItem);
  ODataResponse oDataResponse = store.executeRequest(batchItem); //The response is 200 Ok

  // Create batch item for POST method
  ODataRequestParamSingle batchItem2 = new ODataRequestParamSingleDefaultImpl();
  // Allocate OData Entity
  batchItem2.setResourcePath("MarcacionImprMatSet(Matnr='123456',IUsuario='READ_GW')");
  batchItem2.setMode(ODataRequestParamSingle.Mode.Create);
  batchItem2.setCustomTag("Create operation");
  batchItem2.setPayload(newEntity);

  // // Add headers
  Map<String, String> createHeaders = new HashMap<String, String>();
  createHeaders.put("content-type", "multipart/mixed; boundary=batch");
  batchItem2.setOptions(createHeaders);

  // // Create change set
  ODataRequestChangeSet changeSetItem = new ODataRequestChangeSetDefaultImpl();

// // Add batch item to change set.
  // // You can add more batch items to the same change set as long as they are CUD operations
  changeSetItem.add(batchItem2);

  // // Add batch item to batch request
  requestParamBatch.add(changeSetItem);

// Send request synchronously oDataResponse = store.executeRequest(requestParamBatch); // Check http status response for batch request. // Status code should be "202 Accepted" Map<ODataResponse.Headers, String> headerMap = oDataResponse.getHeaders(); //Here the response is 403 Forbidden. if (headerMap != null) { String code = headerMap.get(ODataResponse.Headers.Code); }

If I send a POST request from Advanced Rest Client without the X-CSRF-TOKEN header or empty it gives me the 403 Forbidden error and says that is "csrf token validation failed". So I think that, that's the source of the problem.


Thanks in advance.



Best regards.

--

Ana Velásquez

readReq.png (45.7 kB)
createRequest.png (35.0 kB)
Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

4 Answers

  • Best Answer
    May 18, 2015 at 02:56 PM

    Looping @Claudia Pacheco for more inputs.

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    May 16, 2015 at 09:16 AM

    Hi Ana,

    Sorry to say that I am not experienced with android. May be @Midhun VP or @jitendra kansal can help you.

    You have mentioned you are trying with SP05 SDK. It will be better if you could try with SP07 or SP08.

    Regards,

    Dhani

    Add comment
    10|10000 characters needed characters exceeded

  • May 17, 2015 at 07:09 AM

    @Ana Velasquez

    In the beginning you said you have passed X-CSRF-TOKEN value for POST (most precisely for BATCH). Then you say

    If I send a POST request from Advanced Rest Client without the X-CSRF-TOKEN header or empty it gives me the 403 Forbidden error and says that is "csrf token validation failed".

    I really couldn't understood this. Can you provide some points on this?

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    May 15, 2015 at 04:53 PM

    Hi Ana,

    Sorry. I don't know about Android. I just can help about Server. But because you can use READ and POST in REST Client, so your Server do not have any problem ( just my opinion).


    If you have time, i think you should follow these blog:

    - http://scn.sap.com/docs/DOC-60634.

    - Technical Cache for Online Apps - SMP 3.0 OData SDK SP06 (Android)

    Hope this can help.

    Best Regards,

    Sao Vu.

    Add comment
    10|10000 characters needed characters exceeded