on 08-06-2015 2:52 PM
Hello everyone,
I have built a Fiori Application using OData Service, which is created from the XS engine and is accessed via an .xsodata file. I am able to show the data (executing GET HTTP requests). However, I cannot do a write (PUT, POST) or delete (DELETE) on the database. It gives me the following error:
PUT https://webidetesting*****-*****.dispatcher.neo.ondemand.com/datasetcorpus/Dataset(47L) 403 (Forbidden)
The server refused to fulfill the request. More information about why the request was refused may be found in the server logs.
Now I will describe everything I have tried without any success. First thing I tried is using OData.request(), then I decided to use the update(), create(), delete() methods from sap.m.oDataModel.
In the .xsaccess file I have tried both with and without using a X-CSRF-Token header.
In the first case I have in the .xsaccess:
"prevent_xsrf" : true
Then I take the header from a GET request and pass it to a PUT request as follows:
var bindingContext = oEvent.getSource().getBindingContext();
var oModel = oView.getModel();
oModel.setHeaders({
"X-Requested-With": "XMLHttpRequest"
"Content-Type": "application/json",
"DataServiceVersion": "2.0",
"X-CSRF-Token": "Fetch"
});
var headerXcsrfToken;
oModel.read(bindingContext.getPath(), null, null, true,
function(oData, oResponse){
alert("Read successful");
headerXcsrfToken = oResponse.headers['X-CSRF-Token'];
},
function() {
alert("Read failed");
});
oModel.setHeaders({
"X-Requested-With": "XMLHttpRequest",
"Content-Type": "application/json",
"DataServiceVersion": "2.0",
"X-CSRF-Token": headerXcsrfToken
});
oModel.update(bindingContext.getPath(), oEntry, null,
function() {
alert("Update successful");
},
function() {
alert("Update failed");
});
I have also tried using this instead of the oModel.read() to handle the X-CSRF token automatically:
oModel.refreshSecurityToken();
In the second case without using a X-CSRF token I have in the .xsaccess:
"prevent_xsrf" : true
And my code is then just as follows:
var oModel = oView.getModel();
oModel.update(bindingContext.getPath(), oEntry, null,
function() {
alert("Update successful");
},
function() {
alert("Update failed");
});
None of the approaches worked. Apparently the issue is not only in the X-CSRF token. What I have also unsuccessfully tried is executing POST, PUT, DELETE using a REST client, with Basic Authentication (since we are using Basic in the .xsaccess file) and with the technical user for our database.
Then I took a look at the Server logs as suggested by the 403 Forbidden error and this is what I have found from the xsengine log:
2015-08-05 08:51:25.519895 e XSAuthentication Wire.cpp(00108) : SQL error. Code: 10, Message: invalid username or password at ptime/query/catalog/userinfo.cc:958
[2435]{2435}[-1/-1] 2015-08-05 08:51:51.388753 i TraceContext TraceContext.cpp(00827) : UserName=, ApplicationName=*****, ApplicationSource=*******/****.xsodata/, EppRootContextId=*****C3A6, EppTransactionId=*****FC81, EppConnectionId=*****3431, EppConnectionCounter=0, EppComponentName=SAP_E2E_TA_UI5LIB, EppAction=Step 2
2015-08-05 08:51:51.388717 e XSAuthentication Wire.cpp(00108) : SQL error. Code: 416, Message: user is locked; try again later: lock time is 1440 minutes; user is locked until 2015-08-06 08:51:51.3830000 (given in UTC) [1440,2015-08-06 08:51:51.3830000] at ptime/query/catalog/userinfo.cc:952
and from the HTTP log:
172.16.240.17 (172.16.240.21) - - [05/Aug/2015:13:42:59 +0000] DELETE ****/datasets/***.xsodata/Temp(1) HTTP/1.1 403 1932 9
Apparently the technical user is being locked for 1440 minutes (24 hours). I used the wrong password and that is why the technical user was locked. After these 24 hours passed I also tried updating the database this time with the correct password, but again it does not work. No log is saved in the xsengine logs, I see the entry only in the HTTP log.
Does anyone have any idea how to unlock the technical user before these 24 hours, and how this affects the whole problem that I have?
Thank you very much in advance.
Best Regards,
Elena
Hi Elena,
Have you resolved the issue...?
Pls share the solution if you have resolved..!
Regards,
ThamizharasaN.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Karan, hi Thamizharasan,
we indeed finally found a solution to this issue. The issue was apparently related to the fact that CORS needs to be enabled in that case. While reading data from the OData service was possible without this setting, writing/updating/deleting was not.
Our setup is that we host the OData service on the XS Engine (XS Classic), while we use a Fiori frontend hosted on the HTML5 engine.
As shown on the screenshot, you need to navigate to /sap/hana/xs/admin/ on your HANA instance, then drill down all the way to the respective package, then select the CORS tab and set it to enabled for all the HTTP methods that you want to allow (e.g. make sure that POST, PUT, etc. are enabled).
Hope this help,
Daniel
Hello Karan and Thamizharasan,
I am sorry for my late reply. Indeed what Daniel just explained about enabling CORS was strongly related to the solution of the problem.
What we also did before enabling CORS was to give full privileges to our database user SLSMT for the particular schema LABS where our tables are. After that that we had some problems that Firefox and Internet Explorer still gave us a 403 Forbidden error. Chrome did not give an error and it was working fine, returning a HTTP status 204 No Content. Then, after enabling CORS, the problem was resolved for all browsers.
In order to show how to grant full privileges to your user for your schema, I have attached the picture below. You should go to sap/hana/ide/security/ in your HANA instance, select your user, go to the Object Privileges tab, choose the desired schema and tick all privileges.
Thank you all and do not hesitate to ask me any other related questions, I would be glad to help further if I can.
Best Regards,
Elena Elenkova
Hello Elena and Daniel,
Thank you for your response.
For us, It turned out to be an incorrect .xsaccess file and incorrect entry in the web dispatcher.
We are trying to build a custom kpi based analytical application. Have you tried it?
Regards,
Karan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Elena
I think the problem here might be that what XS needs is the SAML IdP user, not the DB one.
Possibly the two have different passwords (if not different userid at all), hence the error.
You could try to logon with a userid from SAP ID service, which I guess is your default IdP, unless you configured a different one.
thanks, regards
Vincenzo
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
9 | |
8 | |
6 | |
6 | |
6 | |
5 | |
3 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.