Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Explorer

Web API problem

Hi, I'm having an issue testing the v1.1 web-api. I can perform the initial login correctly and get the following response -

[uid:0529db8e-495a-4021-9826-e05ffa17baf5, sid:EYWMOM37tdp8Ji-SG9ioDlKR1Poop795DgwWqvyCe7c, url:https://192.168.31.134:443/web_api, session-timeout:600, last-login-was-at:[posix:1506825546427, iso-8601:2017-09-30T22:39-0400], api-server-version:1.1]

POST Success: HTTP/1.1 200 OK

I then add the sid into the next request (show-changes) and get the following response:

[code:generic_err_invalid_syntax, message:Login request message processing failed]
POST Failure: HTTP/1.1 400 Bad Request

I can validate the query at httpbin.org which shows the following is the query I am generating -

[args:[:], data:{"from-date":"2017-02-01T08:20:50","to-date":"2017-10-21"}, files:[:], form:[:], headers:[Accept:application/json, application/javascript, text/javascript, Connection:close, Content-Length:58, Content-Type:application/json, Host:httpbin.org, X-Chkp-Sid:EYWMOM37tdp8Ji-SG9ioDlKR1Poop795DgwWqvyCe7c], json:[from-date:2017-02-01T08:20:50, to-date:2017-10-21], origin:122.106.201.39, url:http://httpbin.org/post]

As far as I can see the headers look correct and I am passing the X-chkp-sid, though this is getting passed as X-Chkp-Sid I believe the http rfc states the header is case insensitive.

Can anyone help?

0 Kudos
Reply
15 Replies
Highlighted
Employee++
Employee++

From where are you running the API commands?

Generally, you can redirect the Login command response with the session-id token into a file, and then use this token in the successive commands:

mgmt_cli login -u aa -p aaaa > sid.txt

mgmt_cli show-changes -s sid.txt

0 Kudos
Reply
Highlighted
Explorer

Hi, I am running the API commands from an IDE (Intellij) using a groovy script.

I found the initial problem, I was making the 2nd post request using the same HTTPbuilder method call which was not working (I have not figured out why as I need to debug the tcp session to understand where that was failing) so I initiated a 2nd HTTPbuilder call and passed the X-chkp-sid in that and it works.

The issue I now have is that my 'logout' request is not working, trying to pass an empty 'body' gives me the response -

[code:generic_err_invalid_syntax, message:Payload is not valid]
HTTP/1.1 400 Bad Request

The v1.1 API manual shows the body to be empty in the logout API call.

0 Kudos
Reply
Highlighted
Contributor

Hi,

try body: { } 

mm

0 Kudos
Reply
Highlighted
Explorer

No, body:{} just receives the same response -

[code:generic_err_invalid_syntax, message:Payload is empty]

I suspect the issue is due to the different default headers in how I am sending the request ie I make the request in a groovy script using HTPBuilder and not curl.

Can anyone provide the output (from a working script) from the following curl command so I can compare the headers -

curl -I https://x.x.x.x/web_api/logout

0 Kudos
Reply
Highlighted

please check this code package and compare the syntax with yours: https://community.checkpoint.com/docs/DOC-1358?sr=search&searchId=17c78e35-8ce0-41f0-b9a7-29f69eca02... 

0 Kudos
Reply
Highlighted
Explorer

Thanks. I finally got round to looking at this again. As yet I cannot unravel the library to find the java coding that calls the logout API call. In the interim I have set the disconnect timeout (in the original login call) down to 10 seconds so that gets round the problem. It would be nice to clean up the session correctly though.

0 Kudos
Reply
Highlighted
Employee++
Employee++

Hi,

The logout command requires the SID parameter from previous login command.

From API docs - 

https://sc1.checkpoint.com/documents/latest/APIs/index.html#web/logout~v1.1

Robert.

0 Kudos
Reply
Highlighted
Explorer

Hi,

I am passing the SID, the problem I have is with an empty body payload -

response with no added body:

[code:generic_err_invalid_syntax, message:Payload is empty]

response with 'body = [ ]'

[code:generic_err_invalid_syntax, message:Payload is not valid]

Response with

body = [
        "session-comments" : "leaving now"
          ]
[code:generic_err_invalid_parameter_name, message:Unrecognized parameter [session-comments]]

I suspect the issue is with Groovy's RESTClient, possibly there is a way to construct this that equates to the python example given but I cannot find it.

Ray

0 Kudos
Reply
Highlighted
Employee++
Employee++

Ray,

 The body of logout command should be empty, but the command header must contain the X-chkp-sid field having SID as a value -

POST {{server}}/logout
Content-Type: application/json
X-chkp-sid: {{session}}

{ }

Robert.

0 Kudos
Reply
Highlighted
Explorer

Hi,

It does (note the uri path changes are not shown) -


httpLOGIN.request(POST,JSON ) { req ->
    headers.'Content-Type' = 'application/json'

    body = [
            "user"    : "user",
            "password": "password",
            "session-timeout" : 15,
            "read-only" : true,
    ]

    response.failure = { resp, json ->
        println(json)
        println "POST Failure. LOGIN: ${resp.statusLine}"
    }
    response.success = { resp, json ->
        println(json)
        CHKPsid = (json.sid)
        println "POST Success. LOGIN: ${resp.statusLine}"
    }
}
httpLOGOUT.request(POST,JSON) { req ->

    headers.'Content-Type' = 'application/json'
    headers.'x-chkp-sid' = CHKPsid
    body = [
            ""
              ]

    response.failure = { resp, json ->
        println (json)
        println "POST Failure. LOGOUT: ${resp.statusLine}"
    }
    response.success = { resp, json ->
        println (json)
        println "POST Success. LOGOUT: ${resp.statusLine}"
    }
}
0 Kudos
Reply
Highlighted
Employee++
Employee++

Seems ok, but I'm not expert in Groovy script and cannot confirm that the final request is 100 compliant.

I'd like to know why our API rejects your posts. Therefore - 

Post again your login and logout commands.

Go to your management server and "cd $FWDIR/log". There is a log file named api.elg.

Open the file and go to the end, you should see the REST requests and responses for your commands.

Please copy and paste here the relevant log lines for examination.

Robert.

0 Kudos
Reply
Highlighted
Explorer

Here you go (this is for the logout script as you see in my last message)-

--------------------------------------
2018-01-29 04:15:37,741  INFO org.apache.cxf.interceptor.LoggingInInterceptor.log:250 [qtp1931300154-27] - Inbound Message
----------------------------
ID: 397
Address: http://127.0.0.1:50276/web_api/logout
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/json
Headers: {Accept=[application/json, application/javascript, text/javascript], connection=[keep-alive], Content-Length=[4], content-type=[application/json], Host=[127.0.0.1:50276], x-chkp-sid=[Y-fFsOhcAlWa5W4wRc580o9mFx14_HsK1yo53LwzQWU], X-Forwarded-For=[x.x.x.x], X-Forwarded-Host=[x.x.x.x.:4434], X-Forwarded-Host-Port=[4434], X-Forwarded-Server=[x.x.x.x]}
Payload: [""]
--------------------------------------
2018-01-29 04:15:37,748  WARN com.checkpoint.management.web_api_is.utils.helpers.RequestHeadersHelper.getMediaType_aroundBody6:24 [qtp1931300154-27] - Multiple Accept headers received. Falling back to default media type [application/json].
2018-01-29 04:15:37,749  INFO com.checkpoint.management.web_api_is.utils.helpers.ApiCache.<init>:25 [qtp1931300154-27] - Cache created and initialized
2018-01-29 04:15:37,750 ERROR com.checkpoint.management.web_api.utils.WebApiCommandExceptionUtils.getErrorReply:219 [qtp1931300154-27] -
com.fasterxml.jackson.databind.JsonMappingException: Can not deserialize instance of com.checkpoint.management.web_api.core.handler.commands.session.logout.WebApiLogoutRequest out of START_ARRAY token
 at [Source: [""]; line: 1, column: 1]
        at com.fasterxml.jackson.databind.JsonMappingException.from(JsonMappingException.java:148)
        at com.fasterxml.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:835)
        at com.fasterxml.jackson.databind.DeserializationContext.mappingException(DeserializationContext.java:831)
        at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.deserializeFromArray(BeanDeserializerBase.java:1220)
        at com.fasterxml.jackson.databind.deser.BeanDeserializer._deserializeOther(BeanDeserializer.java:165)
        at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:144)
        at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:3560)
        at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:2576)
        at com.checkpoint.management.web_api.web_services.WebApiEntryPoint.postEntryPoint(WebApiEntryPoint.java:101)
        at sun.reflect.GeneratedMethodAccessor108.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
        at java.lang.reflect.Method.invoke(Method.java:508)
        at org.apache.cxf.service.invoker.AbstractInvoker.performInvocation(AbstractInvoker.java:181)
        at org.apache.cxf.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:97)
        at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:204)
        at org.apache.cxf.jaxrs.JAXRSInvoker.invoke(JAXRSInvoker.java:101)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
        at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:96)
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
        at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
        at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:251)
        at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208)
        at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160)
        at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:171)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:293)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:212)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:755)
        at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:268)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
        at org.eclipse.jetty.servlets.CrossOriginFilter.handle(CrossOriginFilter.java:247)
        at org.eclipse.jetty.servlets.CrossOriginFilter.doFilter(CrossOriginFilter.java:210)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
        at com.checkpoint.management.web_api.core.filter.LogCustomDebugFieldFilter.doFilter(LogCustomDebugFieldFilter.java:3)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:557)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:255)
        at org.eclipse.jetty.server.handler.IPAccessHandler.handle(IPAccessHandler.java:203)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:154)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
        at org.eclipse.jetty.server.Server.handle(Server.java:370)
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
        at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
        at java.lang.Thread.run(Thread.java:785)
2018-01-29 04:15:37,752  INFO com.checkpoint.management.web_api_is.utils.CsvFileWriterUtils.writeCsvLine:1 [qtp1931300154-27] - 2018-01-29,04:15:37 -0500,logout,FAILED,4
2018-01-29 04:15:37,754  INFO org.apache.cxf.interceptor.LoggingOutInterceptor.log:250 [qtp1931300154-27] - Outbound Message
---------------------------
ID: 397
Response-Code: 400
Content-Type: application/json
Headers: {Content-Type=[application/json], Date=[Mon, 29 Jan 2018 09:15:37 GMT]}
Payload: {
  "code" : "generic_err_invalid_syntax",
  "message" : "Payload is not valid"
}

0 Kudos
Reply
Highlighted
Employee++
Employee++

Ok, thanks to this log records, the problem is now obvious - your payload is incorrect - 

Payload: [""]

It should be - 

Payload: {}

And indeed, in yor script you use - 

body = [""]

It shoud be - 

body = {}

Hope this helps.

Robert.

0 Kudos
Reply
Highlighted
Explorer

Unfortunately, this

body = {}

is not valid...

Caught: java.lang.NullPointerException
java.lang.NullPointerException
    at groovyx.net.http.EncoderRegistry.encodeJSON(EncoderRegistry.java:318)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at groovyx.net.http.HTTPBuilder$RequestConfigDelegate.encodeBody(HTTPBuilder.java:1268)
    at groovyx.net.http.HTTPBuilder.doRequest(HTTPBuilder.java:442)
    at groovyx.net.http.HTTPBuilder.doRequest(HTTPBuilder.java:434)
    at groovyx.net.http.HTTPBuilder.request(HTTPBuilder.java:383)
    at groovyx.net.http.HTTPBuilder$request$0.call(Unknown Source)
    at Login.run(Login.groovy:188)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

As I stated earlier, I think its an issue with Groovy and the RESTclient, the httpLOGOUT is an iteration of HTTPBuilder ie

def httpLOGOUT = new HTTPBuilder(uri)

I think I need to post something on SatckOverflow so somebody from the Groovy developer group can tell me how to send a valid empty payload.

Ray

0 Kudos
Reply
Highlighted
Explorer

I resolved this, thought I would share the solution. When the CP api needs an empty payload, the way to do this in groovy and HTTPbuilder is:

body = [:]

0 Kudos
Reply