cancel
Showing results for 
Search instead for 
Did you mean: 

"Location" is not available in headers for login API

Hi, I"ve followed the documentation to send the REST API to the SIEM ESM service:

URL:

https://<host ip>/rs/esm/login

headers:

Content-Type: application/json

Authorization: Basic ZGV2OlJlc29sdmUxMjM0IQ==

method:

POST

But I got HTTP 500 back with the following error stack trace on the server shown on the bottom.

Then I tried to use the following JSON string in the body, using the same way as the browser does:

{"username": "ZGV2", "password": "UmVzb2x2ZTEyMzQh", "locale": "en_US"}

I got HTTP 201 back, but there is no "Location" field in the headers.

I searched online and found:

"if this is a CORS request and the CORS headers of the response do not allow the location header to be exposed. The CORS header in question is Access-Control-Expose-Headers. If the response has Access-Control-Expose-Headers:Location, then the browser exposes the Location header just fine and superagent yields its value happily."

I'm using McAfee ESM version 10.0. Can anybody help if you can successfully call REST API to login and get the Location value back?

Thank you very much in advance.

10-Mar-2017 22:53:28.546 SEVERE [ajp-nio-127.0.0.1-8009-exec-6] com.mcafee.siem.api.rs.MCXFServlet.invoke Something was wrong:

java.lang.NullPointerException

   at com.mcafee.siem.api.rs.MEssApiImpl.login(MEssApiImpl.java:221)

   at sun.reflect.GeneratedMethodAccessor279.invoke(Unknown Source)

   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

   at java.lang.reflect.Method.invoke(Method.java:498)

   at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:180)

   at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)

   at org.apache.cxf.jaxrs.validation.JAXRSBeanValidationInvoker.invoke(JAXRSBeanValidationInvoker.java:51)

   at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:189)

   at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:99)

   at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)

   at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)

   at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)

   at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)

   at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:252)

   at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)

   at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)

   at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)

   at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180)

   at com.mcafee.siem.api.rs.MCXFServlet.invoke(MCXFServlet.java:58)

   at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299)

   at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:218)

   at javax.servlet.http.HttpServlet.service(HttpServlet.java:644)

   at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274)

   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)

   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

   at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)

   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

   at com.mcafee.siem.api.rs.validation.InputValidationFilter.doFilter(InputValidationFilter.java:26)

   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)

   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)

   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)

   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)

   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)

   at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)

   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)

   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)

   at org.apache.coyote.ajp.AbstractAjpProcessor.process(AbstractAjpProcessor.java:831)

   at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:659)

   at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1558)

   at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1515)

   at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

   at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

   at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

   at java.lang.Thread.run(Thread.java:745)

3 Replies

Re: "Location" is not available in headers for login API

It's has been worked out. The basic authentication only works for version lower than 10.0. Version 10.0 expects the Base64 encoded username and password separately in the JSON body of the POST. And there is no "Location" field returned in the response headers, the session token is in the "Xsrf-Token" field of it, use it for the rest of the API calls as the "X-Xsrf-Token" field of the request headers.

Re: "Location" is not available in headers for login API

Dear,

i have this code:

import json

import base64

import requests

requests.packages.urllib3.disable_warnings()

##############################################

esm_ip = '192.168.230.10'

username = 'NSOC'

passwd = 'Qwer1234'

query = 'essmgtGetESSTime'

##############################################

authString = base64.encodestring(('%s:%s' % (username,passwd)).encode()).decode().strip()

url = 'https://'+esm_ip+'/rs/esm/'

login_url = url+'login'

login_headers = {'Authorization':'Basic '+authString, 'Content-Type': 'application/json'}

# Create the login session

login_response = requests.post(login_url, headers=login_headers, verify=False)

print("{}".format(login_response))

session = login_response.headers['X-Xsrf-Token']

session_header = {'Authorization':'Session '+session, 'Content-Type': 'application/json'}

# Execute the query

result = requests.post(url + query, headers=session_header, verify=False)

print(result.content)

RESULT:

<Response [500]>

Traceback (most recent call last):

  File "siemAPI.py", line 18, in <module>

    session = login_response.headers['X-Xsrf-Token']

  File "/anaconda3/lib/python3.6/site-packages/requests/structures.py", line 54, in __getitem__

    return self._store[key.lower()][1]

KeyError: 'x-xsrf-token'

i don't understand where is the problem. Please, Can you help me?

Thank you!

Highlighted
McAfee Employee andy777
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: "Location" is not available in headers for login API