on 05-01-2016 8:51 AM
Hi all,
I'm trying to post the entry to Odata service Url which is created in ABAP backend. When i'm trying to send the data from java code to ABAP system via Odata service, I'm getting CSRF Token validation error. Below is the code snippet for Odata Post service
// TESTCASEXML_ODATA = URL of the Odata service
ODataJerseyConsumer consumer = ODataJerseyConsumer.create(TESTCASEXML_ODATA);
ODataJerseyConsumer.Builder builder = ODataJerseyConsumer.newBuilder(TESTCASEXML_ODATA);
// Authentication
builder.setClientBehaviors(new OClientBehavior(){
@Override
public ODataClientRequest transform(ODataClientRequest request) {
String userPassword = USERNAME + ":" + PASSWORD;
String encoded = Base64.encodeBase64String(userPassword.getBytes());
encoded = encoded.replaceAll("\r\n?", "");
// Necessary headers to do PUT and POST operations
request = request.header("X-Requested-With", "XMLHttpRequest")
.header("Authorization", "Basic " + encoded);
return request;
}});
consumer = builder.build();
OCreateRequest<OEntity> createRequest = consumer.createEntity("LogSet").properties(OProperties.string("TestplanId", "111")).properties(OProperties.string("ProcessId", "222")).properties(OProperties.string("Seqno", "33"));
// Execute the OData post
createRequest.execute();
Please suggest me the solution to avoid this issue
Thanks and Regards,
Naveen
Hi Naveen,
That's because you need to fetch the X-CSRF-Token with a GET method, before doing a POST to an sap gateway.
CSRF (Cross-site request forgery) is type of attack, when attacker tries to send malicious requests from a website that user visits to another site where the victim is authenticated. Prevention from this attack is based on keeping security token during user's session and providing it with every modify operation (PUT, POST, DELETE). If the provided token is not correct, gateway responds with HTTP 403 ("Forbidden") return code. [1, 2]
Check this two blogs where you get detailed information:
https://scn.sap.com/thread/3424154
There is an excellent post that explains how to achieve this using the Odata4j tool kit that you are using:
Regards,
Emanuel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.