Batch request failed from Android. 403 Forbidden.

Hi,

I'm developing a native android app with NetWeaver Gateway, OData sdk, SMP 3.0 SP 04 y SMP sdk SP05. I'm trying to execute a batch request from android with store concept so, I make a read request first, with a created batchItem (which is working on the rest client as on android, both return a satus 200 Ok. Img 1. for GET Method in rest Client) for the store object to gets the CSRF-Token, then I create an entity, assign its properties and create a batchItem2, to execute the batch request but with the same store object. I've read that with OnlineStore concept you don't need to manually set the X-CSRF-Token header, that store autmatically from request #1 (read request) gets it and the pass it to the second request (post request). I'll post a part of my code so anyone can tell me what I'm doing wrong or if the concept is bad an I really have to get the CSRF token manually an then put the X-CSRF-Token header manually.

Img 1. GET Method. 200 Ok.

Img 2. POST Method. 202 Accepted. And every changeset gets a 201 Created.

In my android code I have, based on the following two blogs: https://scn.sap.com/thread/3732019 on the answers of Former Member, Former Member, @Jitendra Kansal, and the @Claudia Pacheco's Sending batch request using SMP 3.0 SDK for Android blog.

  StoreOpenListener openListener = StoreOpenListener.getInstance();
  OnlineODataStore store = openListener.getStore();

  ODataRequestParamBatch requestParamBatch = new ODataRequestParamBatchDefaultImpl();

  ODataEntity newEntity = new ODataEntityDefaultImpl("MY_SERVICE_SRV.MarcacionImprMat");
  newEntity.getProperties().put("IPedido", new ODataPropertyDefaultImpl("IPedido", "333333"));
  newEntity.getProperties().put("Maktx", new ODataPropertyDefaultImpl("Maktx", "123 Main street"));

  // Create batch item for GET Method
  ODataRequestParamSingle batchItem = new ODataRequestParamSingleDefaultImpl();
  batchItem.setResourcePath("MarcacionImprMatSet(Matnr='123456',IUsuario='READ_GW')");
  batchItem.setMode(ODataRequestParamSingle.Mode.Read);
  batchItem.setCustomTag("Read operation");

  // Add batch item to batch request
  requestParamBatch.add(batchItem);
  ODataResponse oDataResponse = store.executeRequest(batchItem); //The response is 200 Ok

  // Create batch item for POST method
  ODataRequestParamSingle batchItem2 = new ODataRequestParamSingleDefaultImpl();
  // Allocate OData Entity
  batchItem2.setResourcePath("MarcacionImprMatSet(Matnr='123456',IUsuario='READ_GW')");
  batchItem2.setMode(ODataRequestParamSingle.Mode.Create);
  batchItem2.setCustomTag("Create operation");
  batchItem2.setPayload(newEntity);

  // // Add headers
  Map<String, String> createHeaders = new HashMap<String, String>();
  createHeaders.put("content-type", "multipart/mixed; boundary=batch");
  batchItem2.setOptions(createHeaders);

  // // Create change set
  ODataRequestChangeSet changeSetItem = new ODataRequestChangeSetDefaultImpl();

// // Add batch item to change set.
  // // You can add more batch items to the same change set as long as they are CUD operations
  changeSetItem.add(batchItem2);

  // // Add batch item to batch request
  requestParamBatch.add(changeSetItem);


  // Send request synchronously
  oDataResponse = store.executeRequest(requestParamBatch);

  // Check http status response for batch request.
  // Status code should be "202 Accepted"
  Map<ODataResponse.Headers, String> headerMap = oDataResponse.getHeaders(); //Here the response is 403 Forbidden.
   if (headerMap != null) {
   String code = headerMap.get(ODataResponse.Headers.Code);
  }

If I send a POST request from Advanced Rest Client without the X-CSRF-TOKEN header or empty it gives me the 403 Forbidden error and says that is "csrf token validation failed". So I think that, that's the source of the problem.

Thanks in advance.

Best regards.

--

Ana Velásquez