CMDBuild Forum

RESTful API - OpenMaint 2 and cmdbuild 3.2

Programming and Web Services
#1

Hello,

Did the authentication process change via the rest-API?
After updating cmdbuild from 3.1.1 to 3.2 I’m now unable to make authentications.

The web service manual 3.2 did not help me to solve this issue.
At this stage, I’m able to authenticate using Postman (and without actually generating an auth key).
But when using the request python library I’m not, receiving the message:
{ "success":false,"messages":[{"level":"ERROR","show_user":false,"message":"org.springframework.security.authentication.InsufficientAuthenticationException: Full authentication is required to access this resource"}]}

#2

I would like to add that this happens when I do the following request:

POST /cmdbuild/services/rest/v3/sessions?scope=service HTTP/1.1
Host: localhost:8090
Content-Type: text/plain
{“username”:“admin”,“password”:“admin”}

The response does not include any “CMDBuild-Authorization=session_token” neither on the data nor the cookies.

If I use the request:

POST /cmdbuild/services/rest/v3/sessions?scope=ui HTTP/1.1
Host: localhost:8090
Content-Type: text/plain
{“username”:“admin”,“password”:“admin”}

Then I will get a “CMDBuild-Authorization=session_token” as a cookie (inside the header)

Since this new update, I’m also unable to create cards via the Rest-API getting the following error:

{
    "success": false,
    "messages": [
        {
            "level": "ERROR",
            "show_user": false,
            "message": "java.lang.NullPointerException: ws3 rest handler not found for uri =< ws3rest:post:classes/MyNewClass>"
        }
    ]
}

Best regards,
André.

#3

To add some detail:
POST /cmdbuild/services/rest/v3/sessions?scope=service
returns the expeced data format. The sessionId is expected to be in the field _id which is statically ‘current’.
As a work around I log in with v2 of the API and use this sessionId instead.

#4

Hi,
due to security issues a new parameter in the Session endpoint has been added to avoid returning the session id. The query parameter is returnId and its default is false, if you pass it in the request with a true value the _id field will be correctly displayed in the response.

The manual will be updated for the next version.

1 Like
#5

Hello,

I’ll try to validate this today. if solved I will let you know (most likely yes)

Best regards,
André.