IBM Support

How to troubleshoot HTTP response code: 403 error for InteropHttpServlet

Troubleshooting


Problem

When a custom Java client connecting remotely to the InteropHttpServlet (via HTTP or HTTPS) is in use, and security for the servlet is enabled (yfs.interopservlet.security.enabled=Y), you may encounter an error returning HTTP response code: 403 for the servlet.

Symptom

You will get the following error on the client side. Normally, the server will not show anything in the logs.

<Errors>
<Error ErrorCode="java.io.IOException"
ErrorDescription="java.io.IOException" ErrorRelatedMoreInfo="">
<Attribute Name="ErrorCode" Value="java.io.IOException"/>
<Attribute Name="ErrorDescription" Value="java.io.IOException"/>
<Error ErrorCode="java.io.IOException" ErrorDescription=""
ErrorRelatedMoreInfo="Server returned HTTP response code: 403 for URL: https://9.155.214.198:9443/smcfs/interop/InteropHttpServlet"&gt;
<Stack>java.io.IOException: Server returned HTTP response code: 403 for URL: https://9.155.214.198:9443/smcfs/interop/InteropHttpServlet

Cause

There are multiple reasons why this error is thrown:
1.) The login() API is not called, or called incorrectly, before any other API is called.
2.) Token authentication is disabled on the Sterling server.
3.) The return of an API Security Token is disabled on the Sterling server.
4.) The API Security Token is not set in the client's YFSEnvironment after the login() API was called.

Environment

This article describes multiple scenarios assuming that security for the InteropHttpServelt is enabled (yfs.interopservlet.security.enabled=Y), and that token-based authentication is used (that is, Sterling will authenticate the request, not the application server).

Resolving The Problem

1.) Examine your custom code and check if you call the login() API before any other call like:
Document loginOutput = api.login(YFSenv, loginInput);

Also, verify that the input XML for the API does not contain any typos or incorrect user credentials. The input should look like this:
<Login LoginID="admin" Password="password" />

2.) Look if the yfs.interopservlet.auth.token.enabled property is set to N or false on the Sterling server. Set it to Y or true and restart the server.

3.) Look if the yfs.api.security.token.enabled property is set to N or false on the Sterling server. Set it to Y or true and restart the server.

4.) Examine your custom code and check if the UserToken attribute from the output XML of the login() API call is set in your YFSEnvironment like:
YFSenv.setTokenID(loginOutput.getDocumentElement().getAttribute("UserToken"));

[{"Product":{"code":"SS6PEW","label":"Sterling Order Management"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF033","label":"Windows"},{"code":"PF027","label":"Solaris"},{"code":"PF034","label":"Windows Mobile"},{"code":"PF016","label":"Linux"},{"code":"PF010","label":"HP-UX"},{"code":"PF002","label":"AIX"}],"Version":"9.2.1;9.2;9.1;9.0","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21641003

Page Feedback