Hi Storm experts,
My colleague and I are trying to using the REST API to active or detactive
storm topology using C# Httpclient. Unfortunately , no matter how we tried,
Storm returns the same error :
{
"error" : "Forbidden action.",
"errorMessage" : "missing CSRF token."
}
We notice that " All the post requests below must include a header
"x-csrf-token" with the value of "antiForgeryToken" from the GET response", but
we still hit this error.
Below is my code:
<1> First Get CSRF Token
string requestUrl =
"http://127.0.0.1:8744/api/v1/topology/my_word_count-4-1417592340";;
HttpServerBroker serverBroker = new HttpServerBroker(null, null);
string jsonResult = serverBroker.GetHttpRequestResult(requestUrl,
"GET");
<2> Using the token do the post request
HttpServerBroker serverBroker = new HttpServerBroker(null, token);
string requestUrl =
"http://127.0.0.1:8744/api/v1/topology/my_word_count-4-1417592340/deactivate";;
string jsonResult = serverBroker.GetHttpRequestResult(requestUrl, "POST");
public class HttpServerBroker
{
// In order to prevent CSRF vulnerability, storm rest API uses a CSRF
token
private readonly string _antiForgeryToken;
private ICredentials _credentials;
public HttpServerBroker(ICredentials credentials, string
antiForgeryToken)
{
_credentials = credentials;
_antiForgeryToken = antiForgeryToken;
}
public string GetHttpRequestResult(string requestUrl, string method,
string contentType = "application/x-www-form-urlencoded", string strPostData =
null)
{
string httpResultString = null;
HttpWebRequest httpRequest = this.GenerateHttpRequest(requestUrl,
contentType, method, strPostData);
using (HttpWebResponse response =
(HttpWebResponse)httpRequest.GetResponse())
{
using (Stream responseStream = response.GetResponseStream())
{
if (responseStream != null)
{
using (StreamReader reader = new
StreamReader(responseStream))
{
httpResultString = reader.ReadToEnd();
}
}
}
}
return httpResultString;
}
public HttpWebRequest GenerateHttpRequest(string requestUrl, string
contentType, string method, string strPostData)
{
HttpWebRequest request =
(HttpWebRequest)WebRequest.Create(requestUrl);
request.ContentType = contentType;
request.Method = method;
if (!String.IsNullOrWhiteSpace(_antiForgeryToken))
{
request.Headers.Add("x-csrf-token", _antiForgeryToken.Trim());
}
// This is necessary since during NTLM authentication with the
// auth server, a session ID is passed around in a cookie. This
// cookie will not be passed correctly during authentication if
// a cookie container is not specified as cookies are disabled
// by default.
request.CookieContainer = new CookieContainer();
return request;
}
}
Any help will be appreciated! Thanks!
Xiaoyong & Joe
