Error 403 in HTTPConnection POST in J2ME Nokia S40

[rayrizaldy]

Hi All,

I'm developing an apps for S40 using Nokia SDK 2.0 (J2ME) that can connect via REST API to the server.

However there's some API (using method POST) result an Error 403 - Forbidden. I've checked the API in the apigee site, with exactly the same header and body and the result was surprisingly success (200 OK response). Unfortunately I can't share the URL due to my client's confidential.

But i'm using this function:

Code:

public static String sendHTTPPOST(String url, String parameter, String cookie) {
    HttpConnection httpConnection = null;
    DataInputStream dis = null;
    DataOutputStream dos = null;
    StringBuffer responseMessage = new StringBuffer();
    try {
        httpConnection = (HttpConnection) Connector.open(url, Connector.READ_WRITE);
        httpConnection.setRequestMethod(HttpConnection.POST);
        httpConnection.setRequestProperty("User-Agent", "Profile/MIDP-1.0 Configuration/CLDC-1.0");
        httpConnection.setRequestProperty("Content-Type", "application/json");
    httpConnection.setRequestProperty("Cookie", "eid="+cookie);
        httpConnection.setRequestProperty("Content-length", "" + parameter.getBytes().length);

        dos = httpConnection.openDataOutputStream();
        byte[] request_body = parameter.getBytes();
        for (int i = 0; i < request_body.length; i++) {
            dos.writeByte(request_body[i]);
        }

        dos.flush();

    dis = new DataInputStream(httpConnection.openInputStream());
        int ch;
        while ((ch = dis.read()) != -1) {
            responseMessage.append((char) ch);
        }
    } catch (Exception e) {
        e.printStackTrace();
        responseMessage.append("ERROR");
    } finally {
        try {
            if (httpConnection != null) {
                httpConnection.close();
            }
            if (dis != null) {
                dis.close();
            }
            if (dos != null) {
                dos.close();
            }
        } catch (IOException ioe) {
            ioe.printStackTrace();
        }
    }
    return responseMessage.toString();
}

The parameter is the part of POST body, the cookie is part of the POST header. And it always result 403 Error.

Is there any possibility that make the code may result different response on the apigee (web) and my apps (j2me apps)? If so, how to solve this?

Will appreciate any help.

[grahamhughes]

Have you posted a question on the apigee forum?

Without knowing what you're meant to be sending, it's hard to know if you're sending the same thing or not.

Is there any more information in the response?

Have you tried other apigee APIs?

"Forbidden" would suggest you don't have the correct authentication.

Graham.

[rayrizaldy]

Hi Graham,

Thanks for coming by.
I haven't posted on the apigee forum, because it runs well on the apigee.

I tried to change the Post body with random text in the apigee. It will return 200 - OK response, although the server will have the JSON explain that my post body is not JSON. (remember in my code the body have content-type="application/json")

But different happen in my S40 Asha App. It will always return 403 - Error Forbidden response.
I've set the cookie to be exactly the same in the Apps and the apigee. Nothing wrong with the cookie in the apps because it can run other API with the same authentication.

Regards,

[grahamhughes]

I haven't posted on the apigee forum, because it runs well on the apigee.

Sure. However, the error message appears to be coming from the apigee end, so it might be easier to diagnose from the server end. Posting on the apigee forum will take you ten minutes and might double your chances of getting help.

But different happen in my S40 Asha App. It will always return 403 - Error Forbidden response.

I have some questions.

1. Are you using an emulator, or a device?
2. If a device, are you connecting by wifi or the cellular network?
3. Have you tried a different device or emulator? For example, the emulator from the Java ME SDK?
4. Is there any other information in the response body than just "403 - forbidden"?
5. Does your URL contain a "?" or any non-URL-safe characters?
6. Are you using HTTP or HTTPS?

I've set the cookie to be exactly the same in the Apps and the apigee. Nothing wrong with the cookie in the apps because it can run other API with the same authentication.

Just so I understand: are you saying that you can use the same code on the Asha with a different apigee URL and get a valid (200) response?

A suggestion:

If you're using a device emulator (and I suggest you do), and you can use HTTP, consider using a tool like WireShark to look at exactly what the device is sending. Do the same with a client that sends a successful request, so you can see what's different.

Graham.