cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Not able to trigger POST method to update back-end SAP

Go to solution
agnihotro_sinha2
Active Contributor

on ‎06-26-2015 3:54 AM

0 Kudos

Hello experts,

I can get data in my Fiori app from my backend SAP system. I have my GW service running fine. I have all the relevant method implemented in my SEGW tcode. My get_entityset and Create/Update method is hit from the sap tcode GW_CLIENT. So pretty much everything seems fine.

But from my App when i try to execute the POST method of Odata, it returns with unauthorized.

I have searched here and know that there are couple of things to check before POST.

I have coded "Allow-cross-origin" in my method as per another post i came across..

Checked my login/ticket_only_by_https parameters.

***************************

var requestObj = {

  requestUri: '',

  method: '',

  headers: {

  "X-Requested-With": "XMLHttpRequest",

  "Content-Type": "application/json;odata=minimalmetadata",

  "DataServiceVersion": "2.0",

  "MaxDataServiceVersion": "2.0",

  "Accept": "application/json;odata=minimalmetadata"

  }

    };

  

    var newData = {

        "odata.type": "ZODATA_CUSTOM_TABLE_SRV",

        "Mandt":"010",

        "Matnr":"<****>",

        "Werks":"<****>",

        "Lgort":"<****>",

        "Qty":val.getValue(), //70, //val._lastValue,

        "Maktx":"<****>",

        "Name":"<****>"

    };

  

    var url = "http://<server>:<port>/sap/opu/odata/sap/ZODATA_CUSTOM_TABLE_SRV/ZODATA";//I hv the real serever name here in the code

  var method = "POST";

  requestObj.requestUri = url;

  requestObj.method = method;

  requestObj.data = newData;

  OData.request(requestObj, function() {

  sap.ui.getCore().getModel('Material').refresh();

  });

************************

I have even tried to get the CSRF token in chrome console using Jquery:

**************************************

jQuery.ajax({

     url: "http://<srver><port>/sap/opu/odata/sap/ZODATA_CUSTOM_TABLE_SRV/ZODATA?callback=?",

     type: "GET",

   

     beforeSend: function(xhr){

     xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');

     xhr.setRequestHeader('Content-Type', 'jsonp');

     xhr.setRequestHeader('DataServiceVersion', "2.0");

     xhr.setRequestHeader('X-CSRF-Token', 'Fetch');

   

     },

dataType:"jsonp",

     success: function(response) {

console.log(response)

}

})

**************************************

I dont get the CSRF token so that I can use and call POST method.... Any idea whats wrong ? I suspect some security issues with my backend SAP system.. is that correct?

Any help is really appreciated.

Thanks,

Ags

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

santhu_gowdaz
Active Contributor
‎06-26-2015 6:35 AM
0 Kudos

i noticed couple for error in your code

1. i didn't understand what is the use of "requestObj"? No method is mension.

2. "newData" variable is holding some value but not in the Posing to backend manner.

use this sample code for post,

    OData.request 

         ({  

              requestUri:      "http://server_name/sap/opu/odata/sap/Z_TM_BANK_SRV/BankCollection/?$filter=bankCountry eq'AR'",  

                    method: "GET",  

                    headers:  

                        {       

    "X-Requested-With": "XMLHttpRequest"

   "Content-Type": "application/atom+xml"

"DataServiceVersion": "2.0",          

"X-CSRF-Token":"Fetch"                                 }                    

                 },  

                 function (data, response) 

                 { 

     header_xcsrf_token = response.headers['x-csrf-token']; 

                  OData.request 

                  ({  

                       requestUri: 

                        "http://server_name/sap/opu/odata/sap/Z_TM_BANK_SRV/BankCollection",  

                             method: "POST",  

    headers: {   "X-Requested-With": "XMLHttpRequest",                        

"Content-Type": "application/atom+xml"

     "DataServiceVersion": "2.0",  

"Accept": "application/atom+xml,application/atomsvc+xml,application/xml"

"X-CSRF-Token": header_xcsrf_token    },  

                             data:  

                                 {  

                              bankCountry: bankCountry_var,  

                              bankID:bankID_var, 

                              bankName:bankName_var, 

                              region: region_var, 

                              street: street_var, 

                              city: city_var, 

                      }  

                          },

                          function (data, response) 

                            {  

                           document.location.reload(true);

                                             $("<div>Returned data " + window.JSON.stringify(data) + "</div>").appendTo($("#MessageDiv")); 

                            },  

                                   function (err)  

                                   { 

                                        $("<div>Returned error " + window.JSON.stringify(err.response) + "</div>").appendTo($("#MessageDiv")); 

                                   } 

                  ); 

        },  

        function (err)  

                       { 

                            var request = err.request; // the request that was sent. 

                            var response = err.response; // the response that was received. 

                            alert("Error in Get -- Request "+request+" Response "+response); 

                       } 

        );                      

  oDialog.close();

}}));

  oDialog.open();

},


refer this blogs,

Show replies
Show replies

Answers (5)

Answers (5)

agnihotro_sinha2
Active Contributor
‎07-08-2015 4:19 AM
0 Kudos

Guys,

I just used POSTMAN rest client and I am getting the CSRF token now and its hitting the backend SAP without causing any error code as I have mentioned above.

So now I have the CSRF token from the GET method which is good.

As of now, working on the UI5 code to use GET and POST method in sequence to update backend. Somehow, not been able to achieve it still. In chrome console I still see the unauthorization error although I am hard-coding my credentials.

Will keep trying and updating the post when successful.

regards,

Ags

Show replies
Show replies
agnihotro_sinha2
Active Contributor
‎06-30-2015 9:08 AM
0 Kudos

Guys,

I debugged the backend after raising the CSRF token in GET method and found that system was going for a Dump every time I called by placing CSRF-token:Fetch in the header in the REST client.

********* st22 log ***********

The exception '/IWCOR/CX_REST_HANDLER_EX' was raised, but it was not caught

anywhere along

the call hierarchy.

Since exceptions represent error situations and this error was not

adequately responded to, the running ABAP program

'/IWCOR/CL_REST_BASE_REQUEST===CP' has to be

terminated.

********************************

Message calss - /IWCOR/REST_CORE_TXT

msgno - URI processing - static path conflicts with URI

What I did next , I debugged and skipped the validation part logic of SAP which was raising this exception and somehow executed the code without a dump.

Guess what, the same REST query fetched me a CSRF-Token in the Headers, which we were not getting till now.

Using POSTMAN rest client

So basically, one of the conclusion is that we have some security or validation method which is failing each time while using the CSRF fetch in GET method and hence we are not getting the CSRF token.

Further hints:

in our system :

Class -/IWCOR/CL_REST_BASE_REQUEST

method - PARSE_URI line 72 (LOOP) is raising the exception.

Beyond this I have no clue why this dump is coming and how to avoid it.

Regards,

Ags

Show replies
Show replies
Private_Member_15166
Active Contributor
‎06-30-2015 12:28 PM
0 Kudos

Perhaps here you may get your solution. After that post that solution here. It will help us also.

Former Member
‎07-01-2015 6:00 AM
0 Kudos

Yes, there is authentication and hence I asked to include Authorization parameter in header.

Former Member
‎06-30-2015 8:57 AM
0 Kudos

Hi ,

Please see below code.

In single request first you have to get the token and then you have to set the token.

Please use debugging to know weather you are getting two token means , some time it happend that token which you are getting is different and the token which you are sending it may different ,depend on your code.

OData.request({

            requestUri : "your url",

            method : "GET",

            headers : {            

            "X-Requested-With" : "XMLHttpRequest",

                "Content-Type" : "application/atom+xml",

                "DataServiceVersion" : "2.0",

                "X-CSRF-Token" : "Fetch"

                 }

            },                     

            function(data, response) {

                 header_xcsrf_token = response.headers['x-csrf-token'];

                 oHeaders = {

                      "x-csrf-token" : header_xcsrf_token,

                      'Accept' : 'application/json',

                };

                           

            OData.request({

            requestUri : "ur url", 

            method : "POST",

            headers : oHeaders,

                data : oEntry

               },                  

               function(data,request) {

                  

                 },         

               function(err) {

                    

                  });

                 },

                           

            function(err) {

                 

            });

Show replies
Show replies
Former Member
‎06-30-2015 8:16 AM
0 Kudos

Hi ,

Please see below code.

In single request first you have to get the token and then you have to set the token.

Please use debugging to know weather you are getting two token means , some time it happend that token which you are getting is different and the token which you are sending it may different ,depend on your code.

OData.request({

            requestUri : "your url",

            method : "GET",

            headers : {            

            "X-Requested-With" : "XMLHttpRequest",

                "Content-Type" : "application/atom+xml",

                "DataServiceVersion" : "2.0",

                "X-CSRF-Token" : "Fetch"

                 }

            },                     

            function(data, response) {

                 header_xcsrf_token = response.headers['x-csrf-token'];

                 oHeaders = {

                      "x-csrf-token" : header_xcsrf_token,

                      'Accept' : 'application/json',

                };

                           

            OData.request({

            requestUri : "ur url", 

            method : "POST",

            headers : oHeaders,

                data : oEntry

               },                  

               function(data,request) {

                  

                 },         

               function(err) {

                    

                  });

                 },

                           

            function(err) {

                 

            });

Show replies
Show replies
Private_Member_15166
Active Contributor
‎06-26-2015 7:36 AM
0 Kudos

You have missed X-CSRF-Token. First fetch it at the time you are getting the data and then use it at the time of post. Many times this causes the issues.

Show replies
Show replies
agnihotro_sinha2
Active Contributor
‎06-28-2015 3:00 PM
0 Kudos

Hi,

I have tried to get the CSRF token from inside SAP using GW_CLIENT, but below if the response, which is without any CSRF headers.

regards,

Ags

agnihotro_sinha2
Active Contributor
‎06-29-2015 8:28 AM
0 Kudos

Why am I not getting the CSRF token from my backend? Any diea? can there be some security restrictions on my backend side? How do I confirm that?

santhu_gowdaz
Active Contributor
‎06-29-2015 8:35 AM
0 Kudos

In restClient, call your collection with the "X-CSRF-Token":"Fetch" and the method is get.

Lets check in the response "X-CSRF-Token" is generating or not.

agnihotro_sinha2
Active Contributor
‎06-30-2015 4:12 AM
0 Kudos

Hi,

I used Advance chrome REST client and did the following as asked by you.

Let me know if I did it correctly:

regards,

Ags

santhu_gowdaz
Active Contributor
‎06-30-2015 6:44 AM
0 Kudos

in Response Headers, where is the "X-CSRF-Token"?

agnihotro_sinha2
Active Contributor
‎06-30-2015 7:32 AM
0 Kudos

That is exactly what I am saying that the response from the system is not fetching me this token even though I request it via my GET method

santhu_gowdaz
Active Contributor
‎06-30-2015 8:29 AM
0 Kudos

see these thread regards same token issue.

Fetching csrf token for create service | SCN

Former Member
‎06-30-2015 8:57 AM
0 Kudos

Sometimes X-CSRF-Token is not generated using fetch as well.  We have to pass one more parameter in header - "Authorization"  .  First you can try with your REST client in chrome :

1. Add parameter Authorization and click construct :

2. Now give credentials and click OK

3. This will generate the authorization :

In response header, you should see the token, If not, then you may press F12 and see it in debugging.

Reward points, if its useful.

Ask a Question