Skip to Content
May 15, 2015 at 04:34 PM

Batch request failed from Android. 403 Forbidden.



I'm developing a native android app with NetWeaver Gateway, OData sdk, SMP 3.0 SP 04 y SMP sdk SP05. I'm trying to execute a batch request from android with store concept so, I make a read request first, with a created batchItem (which is working on the rest client as on android, both return a satus 200 Ok. Img 1. for GET Method in rest Client) for the store object to gets the CSRF-Token, then I create an entity, assign its properties and create a batchItem2, to execute the batch request but with the same store object. I've read that with OnlineStore concept you don't need to manually set the X-CSRF-Token header, that store autmatically from request #1 (read request) gets it and the pass it to the second request (post request). I'll post a part of my code so anyone can tell me what I'm doing wrong or if the concept is bad an I really have to get the CSRF token manually an then put the X-CSRF-Token header manually.

Img 1. GET Method. 200 Ok.

Img 2. POST Method. 202 Accepted. And every changeset gets a 201 Created.

In my android code I have, based on the following two blogs: on the answers of Former Member, Former Member, @Jitendra Kansal, and the @Claudia Pacheco's Sending batch request using SMP 3.0 SDK for Android blog.

  StoreOpenListener openListener = StoreOpenListener.getInstance();
  OnlineODataStore store = openListener.getStore();

  ODataRequestParamBatch requestParamBatch = new ODataRequestParamBatchDefaultImpl();

  ODataEntity newEntity = new ODataEntityDefaultImpl("MY_SERVICE_SRV.MarcacionImprMat");
  newEntity.getProperties().put("IPedido", new ODataPropertyDefaultImpl("IPedido", "333333"));
  newEntity.getProperties().put("Maktx", new ODataPropertyDefaultImpl("Maktx", "123 Main street"));

  // Create batch item for GET Method
  ODataRequestParamSingle batchItem = new ODataRequestParamSingleDefaultImpl();
  batchItem.setCustomTag("Read operation");

  // Add batch item to batch request
  ODataResponse oDataResponse = store.executeRequest(batchItem); //The response is 200 Ok

  // Create batch item for POST method
  ODataRequestParamSingle batchItem2 = new ODataRequestParamSingleDefaultImpl();
  // Allocate OData Entity
  batchItem2.setCustomTag("Create operation");

  // // Add headers
  Map<String, String> createHeaders = new HashMap<String, String>();
  createHeaders.put("content-type", "multipart/mixed; boundary=batch");

  // // Create change set
  ODataRequestChangeSet changeSetItem = new ODataRequestChangeSetDefaultImpl();

// // Add batch item to change set.
  // // You can add more batch items to the same change set as long as they are CUD operations

  // // Add batch item to batch request

// Send request synchronously oDataResponse = store.executeRequest(requestParamBatch); // Check http status response for batch request. // Status code should be "202 Accepted" Map<ODataResponse.Headers, String> headerMap = oDataResponse.getHeaders(); //Here the response is 403 Forbidden. if (headerMap != null) { String code = headerMap.get(ODataResponse.Headers.Code); }

If I send a POST request from Advanced Rest Client without the X-CSRF-TOKEN header or empty it gives me the 403 Forbidden error and says that is "csrf token validation failed". So I think that, that's the source of the problem.

Thanks in advance.

Best regards.


Ana Velásquez


readReq.png (45.7 kB)
createRequest.png (35.0 kB)