JSON API using Java

I’m trying to use the Java code sample provided at https://docs.openmicroscopy.org/omero/5.4.0/_downloads/JSONClient.java (thanks, Dominik).

I can get the version, service URLs, and the CSRF token from our server just fine. I can log on and get a session ID back.

But I can’t get any other information. The generated URLs work in a browser. I’ve tried to get the list of images given a dataset id (no data returned) and a particular image given an image id (I get back a message like “Cannot download archived file because Images not found (ids: [‘21871’])”). Although the URLs work in a browser.

I noticed that the sessionID returned on the log in does not match the sessionID in the HttpClient object’s cookie. Also, the csrftoken cookie in the HttpClient object does not match token I got back from the call to server. Does this matter?

Did I miss an obvious step here? It almost seems like the server I logged into OK is not the same server I’m querying for image data.

Any help would be appreciated, of course.

In the example I used CSRFToken as header name but apparently according to django docs this should be called HTTP_X_CSRFTOKEN now. However I don’t even manage to get past the login stage. Unfortunately I don’t know what else has changed in the underlying web frameworks since I wrote this example and why the Java example isn’t working any longer. Maybe someone else has a hint?
Kind Regards,

Finally figured it out (thanks to my colleagues Josh and Will who pointed me to the Python example: examples/Training/python/Json_Api/Login.py).
What’s missing in the Java example is to set the Referer header. So if you modify the post() and put() methods in the example by adding httpPost.addHeader("Referer", url); respectively httpPut.addHeader("Referer", url); after the CSRF token is set, the example should work again. By the way for some reason contrary to the django docs you really have to use X-CSRFToken as header name for the token.
Kind Regards,

1 Like

Thanks, Dominik (and Josh and Will). I appreciate it!
Does it matter that the cookies in the HttpClient don’t match? That is, the csrftoken and sessionid cookie values.

If it works it probably doesn’t matter :slight_smile: I can imagine that calling the login URL creates a new session, which is probably better anyway so that you don’t interfere with other web sessions. Sorry for being that vague but I’m not very familiar with the web API myself.

I forgot to follow up: It works. My problem was that after I logged in the CSRF token and session ID were different. So, I just skipped the log in.

Thanks for the help!