on 02-20-2013 8:25 AM
Hello,
we try to run the SAP CART APPROVAL App in our Systemlandscape.
We have implement an RelayServer, SUP, Gateway and Backend System.
The baskets were displayed on the device but when we try to approve or reject,
we received an error.
We receive the following information on the Android device:
[09:00] EntityManager Online request: ...ApplyDecision?WorkitemID=000006289817&DecisionKey=APPROVED&Comment=
[09:00] EntityManager onError, ...ApplyDecision?WorkitemID=000006289817&DecisionKey=APPROVED&Comment=
[09:00] EntityManager Error occured, SDM ErrorCode: 1, HTTPStatusCode: 403
[09:00] EntityManager HttpResponse Status code: 403, Reason: Forbidden
[09:00] EntityManager ParseSDMODataErrorXML() could not parse the message. Message was:
[09:00] EntityManager Validation of CSRF-Token failed
In the SUP we the follwoing Informations:
2013-02-19 09:00:20.800 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler]ODP:Returning Response from Gateway Back to Message Channel
2013-02-19 09:00:20.799 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP:Read response body from Gateway
2013-02-19 09:00:20.799 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]Response code is HTTP/1.1 403 Forbidden
2013-02-19 09:00:20.799 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP:Recieved the response from the gateway
2013-02-19 09:00:20.732 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP: Firing the request to the Gateway
2013-02-19 09:00:20.729 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWCRequestAdapter]ODP: Read the Request information
2013-02-19 09:00:20.727 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler]ODP :Recieved a request to fire to Gateway
2013-02-19 09:00:16.946 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler]ODP:Returning Response from Gateway Back to Message Channel
2013-02-19 09:00:16.945 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP:Read response from Gateway
2013-02-19 09:00:16.945 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]Response code is HTTP/1.1 200 OK
2013-02-19 09:00:16.945 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP:Recieved the response from the gateway
2013-02-19 09:00:15.859 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP: Firing the request to the Gateway
2013-02-19 09:00:15.855 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWCRequestAdapter]ODP: Read the Request information
2013-02-19 09:00:15.853 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler]ODP :Recieved a request to fire to Gateway
2013-02-19 09:00:06.234 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler]ODP:Returning Response from Gateway Back to Message Channel
2013-02-19 09:00:06.232 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP:Read response from Gateway
2013-02-19 09:00:06.232 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]Response code is HTTP/1.1 200 OK
2013-02-19 09:00:06.232 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP:Recieved the response from the gateway
2013-02-19 09:00:03.603 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP: Firing the request to the Gateway
2013-02-19 09:00:03.599 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWCRequestAdapter]ODP: Read the Request information
2013-02-19 09:00:03.597 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler]ODP :Recieved a request to fire to Gateway
2013-02-19 09:00:02.866 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler]ODP:Returning Response from Gateway Back to Message Channel
2013-02-19 09:00:02.863 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP:Read response from Gateway
2013-02-19 09:00:02.862 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]Response code is HTTP/1.1 200 OK
2013-02-19 09:00:02.862 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP:Recieved the response from the gateway
2013-02-19 09:00:02.555 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP: Firing the request to the Gateway
2013-02-19 09:00:02.553 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWCRequestAdapter]ODP: Read the Request information
2013-02-19 09:00:02.552 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler]ODP :Recieved a request to fire to Gateway
2013-02-19 09:00:01.822 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler]ODP:Returning Response from Gateway Back to Message Channel
2013-02-19 09:00:01.820 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP:Read response from Gateway
2013-02-19 09:00:01.820 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]Response code is HTTP/1.1 200 OK
2013-02-19 09:00:01.820 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP:Recieved the response from the gateway
2013-02-19 09:00:01.522 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWProxy]ODP: Firing the request to the Gateway
2013-02-19 09:00:01.517 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GWCRequestAdapter]ODP: Read the Request information
2013-02-19 09:00:01.515 INFO PROXY MessageChannel Thread-380 [com.sybase.suplite.gwc.req.handler.GatewayConnectorHandler]ODP :Recieved a request to fire to Gateway
2013-02-19 09:00:01.511 WARN Security MessageChannel Thread-380 [com.sybase.security.core.PreConfiguredUserLoginModule]Authentication failed Authentication failed due to invalid credentials.
2013-02-19 09:00:01.511 WARN Security MessageChannel Thread-380 [com.sybase.security.core.PreConfiguredUserLoginModule]Authentication failed Authentication failed due to invalid credentials.
From my point of view we have a problem with the CSRF-Token.
When we connect to the Gateway via Browser and try to retrieve an Token it works:
Status Code: 200 OK
Age: 0
Cache-Control: proxy-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 664
Content-Type: application/xml
Date: Wed, 20 Feb 2013 07:58:30 GMT
Proxy-Connection: Keep-Alive
Server: SAP NetWeaver Application Server / ABAP 731
Set-Cookie: MYSAPSSO2=AjQxMDIBABgAQQBQAFAAUQBFAFUARABFADAAMQAgACACAAYAMQAwADADABAAQgBNAEQAIAAgACAAIAAgBAAYADIAMAAxADMAMAAyADIAMAAwAD cANQA4BQAEAAAACAYAAgBYCQACAEX%2fAPowgfcGCSqGSIb3DQEHAqCB6TCB5gIBATELMAkGBSsOAwIaBQAwCwYJKoZIhvcNAQcBMYHGMIHDAgEBMBkwDjEM MAoGA1UEAxMDQk1EAgcgEhEHFEZWMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xMzAyMjAwNzU4Mjda MCMGCSqGSIb3DQEJBDEWBBQoQvYZzNAklv5z74dA2YIFgofCjDAJBgcqhkjOOAQDBC4wLAIUMhHj5Z4INdzsqEXLbvwu1jfrkmgCFCBZjFqrgT6l28odXnoG96M2FkDx; path=/; domain=ben-bmd SAP_SESSIONID_BMD_100=Caq_vzGfPjfPmBNTJQNk9VEkGjhPBhVg4QCAAKwaY30%3d; path=/
X-CSRF-Token: Zmcy5Fs0QnaZHX6q2BhMfw==
dataserviceversion: 2.0
When activating the Debug Mode on the Gatewayserver it seems that the App does not send an CSRF Token back to the Server.
Has anybody an Idea what we have forgotten?
The paramterer for CSRF Check is enable on the gateway.The Class /IWFND/CL_SODATA_HTTP_HANDLER is also active.
Thanks for your answer.
Hello Benjamin,
Any modifying request needs CSRF token to be passed in the headers.
Perform a GET operation and get the token by setting header as below.
GET response will have the Token value :
X-CSRF-Token : Zmcy5Fs0QnaZHX6q2BhMfw==
Now pass this value as below in the header of your modifying request.
On passing Token you will be able to fire any of your Modifying request through GW.
Regards,
Ashwin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
can you try to call the Odata service from the browser and pass the same values as url parameter,usually it will prompt for user name and password, see http error codes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Benjamin,
Any modify request in OData would require a CSRF token which you fetched in the GET request. You can check in the appl. if you have passed the X-CSRF-Token header in the HTTP request to approve the cart.
Best regards,
Aakash
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.