How can I get the Cookie:csrftoken=64142f8e6fc9f9bedc70b15aef657ef4 ?? Best wishes Joe zhang
From: Parth Brahmbhatt [mailto:[email protected]] Sent: Wednesday, December 24, 2014 12:49 AM To: [email protected] Cc: Joe Zhang (SDE) Subject: Re: Missing CSRF token error when trying to use POST operations of Storm Rest API Hey, Try using this curl 'http://localhost:8080/api/v1/topology/wordcount-1-1417552268/deactivate<http://www.google.com/url?q=http%3A%2F%2Flocalhost%3A8080%2Fapi%2Fv1%2Ftopology%2Fwordcount-1-1417552268%2Fdeactivate&sa=D&sntz=1&usg=AFQjCNHoQwJSyBCU7x5ZJ2c6b4r18gkRtw>' -X POST -H 'x-csrf-token: K7RAB7TXD579g4JCs2hK6S0bxP35x8IZB4uFZqueT1eqj451+pvz0b7BGvFi2DZ2HKLenCJQTSE5hSlE' -H 'Cookie:csrftoken=64142f8e6fc9f9bedc70b15aef657ef4; ring-session=e1c4715f-e3d3-47e1-8573-1f736cefdb34' On Mon, Dec 22, 2014 at 10:23 PM, Xiaoyong Zhu <[email protected]<mailto:[email protected]>> wrote: Hi Storm experts, My colleague and I are trying to using the REST API to active or detactive storm topology using C# Httpclient. Unfortunately , no matter how we tried, Storm returns the same error : { "error" : "Forbidden action.", "errorMessage" : "missing CSRF token." } We notice that “ All the post requests below must include a header "x-csrf-token" with the value of "antiForgeryToken" from the GET response”, but we still hit this error. Below is my code: <1> First Get CSRF Token string requestUrl = "http://127.0.0.1:8744/api/v1/topology/my_word_count-4-1417592340";; HttpServerBroker serverBroker = new HttpServerBroker(null, null); string jsonResult = serverBroker.GetHttpRequestResult(requestUrl, "GET"); <2> Using the token do the post request HttpServerBroker serverBroker = new HttpServerBroker(null, token); string requestUrl = "http://127.0.0.1:8744/api/v1/topology/my_word_count-4-1417592340/deactivate";; string jsonResult = serverBroker.GetHttpRequestResult(requestUrl, "POST"); public class HttpServerBroker { // In order to prevent CSRF vulnerability, storm rest API uses a CSRF token private readonly string _antiForgeryToken; private ICredentials _credentials; public HttpServerBroker(ICredentials credentials, string antiForgeryToken) { _credentials = credentials; _antiForgeryToken = antiForgeryToken; } public string GetHttpRequestResult(string requestUrl, string method, string contentType = "application/x-www-form-urlencoded", string strPostData = null) { string httpResultString = null; HttpWebRequest httpRequest = this.GenerateHttpRequest(requestUrl, contentType, method, strPostData); using (HttpWebResponse response = (HttpWebResponse)httpRequest.GetResponse()) { using (Stream responseStream = response.GetResponseStream()) { if (responseStream != null) { using (StreamReader reader = new StreamReader(responseStream)) { httpResultString = reader.ReadToEnd(); } } } } return httpResultString; } public HttpWebRequest GenerateHttpRequest(string requestUrl, string contentType, string method, string strPostData) { HttpWebRequest request = (HttpWebRequest)WebRequest.Create(requestUrl); request.ContentType = contentType; request.Method = method; if (!String.IsNullOrWhiteSpace(_antiForgeryToken)) { request.Headers.Add("x-csrf-token", _antiForgeryToken.Trim()); } // This is necessary since during NTLM authentication with the // auth server, a session ID is passed around in a cookie. This // cookie will not be passed correctly during authentication if // a cookie container is not specified as cookies are disabled // by default. request.CookieContainer = new CookieContainer(); return request; } } Any help will be appreciated! Thanks! Xiaoyong & Joe -- Thanks Parth CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
