cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CSRF token validation failed in Odata4j

former_member267007
Explorer

on ‎05-01-2016 8:51 AM

0 Kudos

Hi all,

I'm trying to post the entry to Odata service Url which is created in ABAP backend. When i'm trying to send the data from java code to ABAP system via Odata service, I'm getting CSRF Token validation error. Below is the code snippet for Odata Post service

// TESTCASEXML_ODATA = URL of the Odata service

ODataJerseyConsumer consumer = ODataJerseyConsumer.create(TESTCASEXML_ODATA);

  ODataJerseyConsumer.Builder builder = ODataJerseyConsumer.newBuilder(TESTCASEXML_ODATA);

              

                 // Authentication

                 builder.setClientBehaviors(new OClientBehavior(){          

                          @Override

                          public ODataClientRequest transform(ODataClientRequest request) {

                             String userPassword = USERNAME + ":" + PASSWORD;

                             String encoded = Base64.encodeBase64String(userPassword.getBytes());

                             encoded = encoded.replaceAll("\r\n?", "");

                                   

                              // Necessary headers to do PUT and POST operations

                             request = request.header("X-Requested-With", "XMLHttpRequest")

                                              .header("Authorization", "Basic " + encoded);     

                                           

                             return request;

                       }});

                 consumer = builder.build();

              

            

  OCreateRequest<OEntity> createRequest = consumer.createEntity("LogSet").properties(OProperties.string("TestplanId", "111")).properties(OProperties.string("ProcessId", "222")).properties(OProperties.string("Seqno", "33"));

       

  // Execute the OData post

  createRequest.execute();

Please suggest me the solution to avoid this issue

Thanks and Regards,

Naveen

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member190010
Contributor
‎05-05-2016 2:16 AM
0 Kudos

Hi Naveen,

That's because you need to fetch the X-CSRF-Token with a GET method, before doing a POST to an sap gateway.


CSRF (Cross-site request forgery) is type of attack, when attacker tries to send malicious requests from a website that user visits to another site where the victim is authenticated. Prevention from this attack is based on keeping security token during user's session and providing it with every modify operation (PUT, POST, DELETE). If the provided token is not correct, gateway responds with HTTP 403 ("Forbidden") return code. [1, 2]

Check this two blogs where you get detailed information:

https://scn.sap.com/thread/3424154

There is an excellent post that explains how to achieve this using the Odata4j tool kit that you are using:

Regards,

Emanuel

Show replies
Show replies
Ask a Question