3 Replies Latest reply on Apr 19, 2017 10:15 PM by andy777

    "Location" is not available in headers for login API

    fx90034@gmail.com

      Hi, I"ve followed the documentation to send the REST API to the SIEM ESM service:

       

      URL:

      https://<host ip>/rs/esm/login

       

      headers:

      Content-Type: application/json

      Authorization: Basic ZGV2OlJlc29sdmUxMjM0IQ==

       

      method:

      POST

       

      But I got HTTP 500 back with the following error stack trace on the server shown on the bottom.

       

      Then I tried to use the following JSON string in the body, using the same way as the browser does:

       

      {"username": "ZGV2", "password": "UmVzb2x2ZTEyMzQh", "locale": "en_US"}

       

      I got HTTP 201 back, but there is no "Location" field in the headers.

       

      I searched online and found:

       

      "if this is a CORS request and the CORS headers of the response do not allow the location header to be exposed. The CORS header in question is Access-Control-Expose-Headers. If the response has Access-Control-Expose-Headers:Location, then the browser exposes the Location header just fine and superagent yields its value happily."

       

      I'm using McAfee ESM version 10.0. Can anybody help if you can successfully call REST API to login and get the Location value back?

       

      Thank you very much in advance.

       

       

      10-Mar-2017 22:53:28.546 SEVERE [ajp-nio-127.0.0.1-8009-exec-6] com.mcafee.siem.api.rs.MCXFServlet.invoke Something was wrong:

      java.lang.NullPointerException

         at com.mcafee.siem.api.rs.MEssApiImpl.login(MEssApiImpl.java:221)

         at sun.reflect.GeneratedMethodAccessor279.invoke(Unknown Source)

         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:43)

         at java.lang.reflect.Method.invoke(Method.java:498)

         at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoke r.java:180)

         at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:96)

         at org.apache.cxf.jaxrs.validation.JAXRSBeanValidationInvoker.invoke(JAXRSBeanVali dationInvoker.java:51)

         at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:189)

         at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:99)

         at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterc eptor.java:59)

         at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvok erInterceptor.java:96)

         at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.ja va:308)

         at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObser ver.java:121)

         at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestin ation.java:252)

         at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletCon troller.java:234)

         at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.jav a:208)

         at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.jav a:160)

         at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet .java:180)

         at com.mcafee.siem.api.rs.MCXFServlet.invoke(MCXFServlet.java:58)

         at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTP Servlet.java:299)

         at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet .java:218)

         at javax.servlet.http.HttpServlet.service(HttpServlet.java:644)

         at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServle t.java:274)

         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:291)

         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:206)

         at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:239)

         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:206)

         at com.mcafee.siem.api.rs.validation.InputValidationFilter.doFilter(InputValidatio nFilter.java:26)

         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:239)

         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:206)

         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java: 220)

         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java: 106)

         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.ja va:501)

         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)

         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)

         at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve .java:610)

         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88 )

         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:516)

         at org.apache.coyote.ajp.AbstractAjpProcessor.process(AbstractAjpProcessor.java:83 1)

         at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractPr otocol.java:659)

         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1 558)

         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:151 5)

         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java: 61)

         at java.lang.Thread.run(Thread.java:745)

        • 1. Re: "Location" is not available in headers for login API
          fx90034@gmail.com

          It's has been worked out. The basic authentication only works for version lower than 10.0. Version 10.0 expects the Base64 encoded username and password separately in the JSON body of the POST. And there is no "Location" field returned in the response headers, the session token is in the "Xsrf-Token" field of it, use it for the rest of the API calls as the "X-Xsrf-Token" field of the request headers.

          • 2. Re: "Location" is not available in headers for login API
            jcandiat

            Dear,

             

            i have this code:

             

            import json

            import base64

            import requests

            requests.packages.urllib3.disable_warnings()

            ##############################################

            esm_ip = '192.168.230.10'

            username = 'NSOC'

            passwd = 'Qwer1234'

            query = 'essmgtGetESSTime'

            ##############################################

            authString = base64.encodestring(('%s:%s' % (username,passwd)).encode()).decode().strip()

            url = 'https://'+esm_ip+'/rs/esm/'

            login_url = url+'login'

            login_headers = {'Authorization':'Basic '+authString, 'Content-Type': 'application/json'}

            # Create the login session

            login_response = requests.post(login_url, headers=login_headers, verify=False)

            print("{}".format(login_response))

            session = login_response.headers['X-Xsrf-Token']

            session_header = {'Authorization':'Session '+session, 'Content-Type': 'application/json'}

            # Execute the query

            result = requests.post(url + query, headers=session_header, verify=False)

            print(result.content)

             

            RESULT:

            <Response [500]>

            Traceback (most recent call last):

              File "siemAPI.py", line 18, in <module>

                session = login_response.headers['X-Xsrf-Token']

              File "/anaconda3/lib/python3.6/site-packages/requests/structures.py", line 54, in __getitem__

                return self._store[key.lower()][1]

            KeyError: 'x-xsrf-token'

             

            i don't understand where is the problem. Please, Can you help me?

            Thank you!