on 11-13-2012 8:58 AM
Hi,
I want to get an example of request (SAP NW SP5),
because the old example does not work:
"x-requested-with: XMLHttpRequest\r\n
\r\n
<?xml version="1.0" encoding="utf-8" standalone="yes"?>\r\n
<entry xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns="http://www.w3.org/2005/Atom">\r\n
<content type="application/xml">\r\n
<m:properties>\r\n
<d:value>0209_US021200089</d:value> \r\n
<d:scheme_id>Z_BANK_GEBO2</d:scheme_id> \r\n
<d:scheme_agency_id>LOCAL</d:scheme_agency_id> \r\n
<d:post_bank /> \r\n
<d:bank_branch>Sacramento</d:bank_branch> \r\n
<d:street>123 Main St.</d:street> \r\n
<d:city>El Dorado Hills</d:city> \r\n
<d:swift_code/>\r\n
<d:region>CA</d:region> \r\n
<d:bank_name>Bank of Gebo</d:bank_name> \r\n
<d:pobk_curac /> \r\n
<d:bank_group /> \r\n
<d:addr_no /> \r\n
</m:properties>\r\n
</content>\r\n
</entry>\r\n"
I get then error mesage "<p>Your browser sent a request that this server could not understand.<br />\n"
Regards
Vladislav
Hi,
With the latest version of GW the method to create and update is changed a bit.
To create a record . you can either use the REST Clients available with the browser or the transaction in Gateway system /iwfnd/gw_client.
1> You need to send a Get request with the read URL with custom Request header as
x-csrf-token: fetch (Case sensitive) for any record created earlier -(Not required if doing via Gateway system /iwfnd/gw_client )
2> in the Response Header you will get some value for x-csrf-token: 23eer...............== (Not required if doing via Gateway system /iwfnd/gw_client )
3> copy this token and paste it to the custom request header in place for 'fetch' (i.e. copy 23eer... in place for 'fetch') (Not required if doing via Gateway system /iwfnd/gw_client )
4> change the request type to POST.
5> add another custom request header as Content-Type: application/atom+xml;type=entry
6> copy the same contents of the GET request you received in the response body into the request body . and change attributes which needs to be updated .
7> Send the request.
Regards
Gururaj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I got to my GET Request (QUERY Operation) such a response:
<feed xml:base="..." xmlns="http://www.w3.org/2005/Atom" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices">
<id>...Collection</id>
<title type="text">...Collection</title>
<updated>2012-11-23T06:49:03Z</updated>
<author>
<name/>
</author>
<link href="...Collection" rel="self" title="...Collection"/>
<entry>
<id>...Collection(bank_key='10010010',bank_ctry='DE')</id>
....
<content type="application/xml">
<m:properties>
<d:bank_key>10010010</d:bank_key>
<d:max_rows>0</d:max_rows>
<d:city>6000 Frankfurt</d:city>
<d:bank_name>Giro-Bank</d:bank_name>
<d:bank_ctry>DE</d:bank_ctry>
</m:properties>
</content>
</entry>
</feed>
When I want to execute create operation with this GET answer I got an Error:
<?xml version="1.0" encoding="utf-8" ?>
<code>CX_ST_MATCH_ELEMENT/544FAE4641562346A1372144E7396586</code>
<message xml:lang="en">System expected the element '{http://www.w3.org/2005/Atom}entry'</message>
<innererror>
</innererror>
</error>
Regards
Vladislav
Hi
I think the feed tag is causing the problem
because when i do a Get in the Postman Rest client in my Firefox browser i get it in the below format.
<?xml version="1.0" encoding="utf-8"?>
<entry xml:base="http://xyz:8010/sap/opu/odata/sap/ZORDER_ODATA_SERVICE/"
xmlns="http://www.w3.org/2005/Atom"
xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"
xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices">
<id>http://xyz:8010/sap/opu/odata/sap/ZORDER_ODATA_SERVICE/Order('5000025')</id>
<title type="text">Order('5000025')</title>
<updated>2012-11-23T10:03:24Z</updated>
<category term="ZORDER_ODATA_SERVICE.Order" scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme"/>
<link href="Order('5000025')" rel="edit" title="Order"/>
<link href="Order('5000025')/OrderItem" rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/OrderItem" type="application/atom+xml;type=entry" title="OrderItem"/>
<content type="application/xml">
<m:properties>
<d:orderID>5000025</d:orderID>
<d:postingDate>2012-05-19T00:00:00</d:postingDate>
<d:netAmount>84330.00</d:netAmount>
<d:currency>GBP</d:currency>
<d:soldToParty>600101</d:soldToParty>
<d:lastName>BROWN</d:lastName>
<d:firstName>MICHEAL</d:firstName>
<d:city/>
<d:country>AG</d:country>
<d:description>test me1</d:description>
</m:properties>
</content>
</entry>
May be you can try formatting your data as above and try.
Regards
Gururaj
Hi Vladislav,
There are two ways .
1 . By ignoring the CSRF
TCODE - SICF
Execute (Press F8)
Goto to ur service
default_host -> SAP -> opu -> odata -> sap -> ur service name
Open ur service -> select GUI configuration
Parameter Name : ~CHECK_CSRF_TOKEN
value : 0
For Create
URL : http://xxxxxx.xxxx:8080/sap/opu/odata/sap/xxxxx/xxxxCollection
Content-Body :
<?xml version="1.0" encoding="utf-8"?>
<atom:entry
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices"
xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata">
<atom:content type="application/xml">
<m:properties>
<d:orderID>5000025</d:orderID>
<d:postingDate>2012-05-19T00:00:00</d:postingDate>
<d:netAmount>84330.00</d:netAmount>
<d:currency>GBP</d:currency>
<d:soldToParty>600101</d:soldToParty>
<d:lastName>BROWN</d:lastName>
<d:firstName>MICHEAL</d:firstName>
<d:city/>
<d:country>AG</d:country>
<d:description>test me1</d:description>
</m:properties>
</atom:content>
</atom:entry>
For Update
URL : http://xxxxxx.xxxx:8080/sap/opu/odata/sap/xxxxx/xxxxCollection(bank_key='10010010',bank_ctry='DE')
Method : PUT
Header : Same as Create
Content-Body :
<?xml version="1.0" encoding="utf-8"?>
<atom:entry
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices"
xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata">
<atom:content type="application/xml">
<m:properties>
<d:orderID>5000025</d:orderID>
<d:postingDate>2012-05-19T00:00:00</d:postingDate>
<d:netAmount>84330.00</d:netAmount>
<d:currency>GBP</d:currency>
<d:soldToParty>600101</d:soldToParty>
<d:lastName>BROWN</d:lastName>
<d:firstName>MICHEAL</d:firstName>
<d:city/>
<d:country>AG</d:country>
<d:description>test me1</d:description>
</m:properties>
</atom:content>
</atom:entry>
For Update
URL : http://xxxxxx.xxxx:8080/sap/opu/odata/sap/xxxxx/xxxxCollection(bank_key='10010010',bank_ctry='DE')
Method : DELETE
Header : Same as Create
2. Considering CSRF Token
which is mentioned by Gururaj
Regards,
Jibin Joy
Hi Vladislav,
seems that you've missed a little note in Gurujaj's comment:
1.) you need to get the xml, which serves as template for the POST operation.
You obtain it with a READ operation - not with a query.
So you have to adjust the URL in order to point to an entry
The READ operation returns a single resource, which is an <entry>
This <entry> contains the "namespace" information, which is required and which
had been mentioned in your error message.
In case you have to manually adjust your xml (e.g. for a deep insert), you can safely
copy&paste it into the <entry> tag
2) For executing the POST, you have to change the URL back to the QUERY
collection (feed).
One more remark:
When activating your service in transaction /IWFND/MAINT_SERVICE, you have two options:
ICF-Nodes:
SDATA - compatibility Mode
ODATA - Standard Mode
The difference is in the implementation of the underlying OData library
I recommend using the odata-branch in SICF, because it is more advanced, supports more odata-features, better error handling, better security-support, etc
This means that the URL of your service changes to
.../sap/opu/odata/...
instead of
.../sap/opu/sdata/...
The disadvantage is that - for the sake of security - you have to provide the x-csrf-token header (for POST, PUT, DELETE operations)
The header x-requested-with is not required in the odata-branch
I'd as well recommend to use the transaction /IWFND/GW_CLIENT because it will implicitely handle the x-csrf-token for you.
Amongst other comfortables features of this client, there is a button "Use as Request", which copies the http-response into the request-body field, which is exactly the use case in POST and PUT operations
Hope this has added some more clarification,
cheers,
Carlos
Hello Carlos,
Even i am facing same kind of issue.
I am implementing the method EXECUTE_ACTION , with HTTP method 'POST'. When i execute the service in the browser i get the error saying
'The specified HTTP method is not allowed for the resource identified by the Data Service Request URI".
When i run the same URL in the REST client with the x-csrf token it says "CSRF token validation failed".
I assigned the csrf token which i got from the GET method.
Could you please help me out how can i resolve this..??
Best Regards,
Prasanna
Hello Prasanna,
I can only try to provide some hints for investigation:
- if executing a function import will have impact on Backend data, it would be defined with HTTP method POST, in the metadata-provider-class.
This can be checked using the $metadata url
Executing a function import from browser is possible, but only if the specified HTTP-method is GET, because the browser only sends a GET-request.
As such, the error message you got is understandable in this context
A function import which enforces HTTP-POST, can only be executed with REST client
- when using a REST client like Firefox, you have to ensure that your browser-session is the same when you do the GET the csrf-token and when you execute the POST
Otherwise the csrf-token is not valid anymore
- You could try using transaction /IWFND/GW_CLIENT. Since it automatically handles the csrf-token, one cannot make any mistake (copy&paste, time-out, etc)
- You could ensure that you are using the service in the ODATA branch of SICF
- You could try disabling the csrf-token
(Transaction SICF, choose service, “display Service”, press GUI configuration,
enter ~CHECK_CSRF_TOKEN value 0/1 (disable/enable))
- Note that when disabling the csrf-token, it will switch to the old
X-Requested-With=XMLHttpRequest
Kind Regards,
Carlos
Hello Carlos,
Thanks a lot for quick response.
I tried the same in gateway client( /IWFND/GW_CLIENT) by making the ~CHECK_CSRF_TOKEN value as 0, ie disabling the csrf-token. Every thing is working fine now .
But a small query, will it not affect if we disable the csrf token..??
Best Regards,
Prasanna.
Hi Prasanna,
the csrf-token mechanism has been introduced for security reasons, it is a <feature> 😉
Disabling it has the side-effect of losing the protection.
So I'd say that I don't see any issue during prototyping/testing, but it should be enabled for poductive usage.
For more info see here
http://help.sap.com/saphelp_gateway20sp06/helpdata/en/89/ea6a0543dc4e13b20b3462f57d7404/frameset.htm
and there
http://help.sap.com/saphelp_gateway20sp06/helpdata/en/e6/cae27d5e8d4996add4067280c8714e/content.htm
Kind Regards,
Carlos
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.