Compiled REST-API always returns 302

Openfire Plugins
1

Hi,

I’m currently running Openfire 4.7.0 Alpha with the downloaded REST-API 1.6.0 plugin (which works)

But, when I download the source code for REST-API 1.6.0 or 1.10.1 and add a method I only get a HTTP 302 response. Not only for the new method but for all.

Is there anything special that I need to do in my build when I want to deploy my own compiled plugin?

Example request

# curl -v http://myhostname.com:9090/plugins/restapi/v1/system/statistics/sessions -H "Accept: application/json" -H "Authorization:Basic ....."
*   Trying IP...
* TCP_NODELAY set
* Connected to myhostname.com (IP) port 9090 (#0)
> GET /plugins/restapi/v1/system/statistics/sessions HTTP/1.1
> Host: myhostname.com:9090
> User-Agent: curl/7.61.1
> Accept: application/json
> Authorization:Basic .....
> 
< HTTP/1.1 302 Found
< Date: Wed, 15 Nov 2023 09:58:11 GMT
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: JSESSIONID=node021gwpvb7trcq1372oazjklaf40.node0; Path=/; HttpOnly
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Location: http://myhostname.com:9090/login.jsp?url=%2Fplugins%2Frestapi%2Fv1%2Fsystem%2Fstatistics%2Fsessions
< Content-Length: 0
< 
* Connection #0 to host myhostname.com left intact

Thanks!
Stefan

2

I get this error in debug.log
2023.11.15 12:14:48 org.jivesoftware.util.WebManager - Unable to get user: no session or no auth token on session.

It’s easy to think that the credentials are wrong, but I use the same request with Basic Auth towards the standard 1.6.0 REST API and it works.

3

Hi Stefan! I can’t think of anything that would cause this, or anthing ‘special’ that you’d need to do.

If you’re not using the exact same name for your custom plugin, maybe the properties aren’t loaded properly, which effectively gives your plugin a different configuration - maybe that’s the cause?

4

Hi Guus,

Thank you for your reply.

I just cloned the git-repo for 1.6.0 and added my code and compiled using mvn.
Mvn created restAPI-openfire-plugin-assembly.jar as output. I renamed it to restAPI.jar and copied it to the server so it extracts in the exact same folder as the standard REST-API jar.

But the error I get doesn’t seem to be from the plugin itself. It’s from WebManager that is a part of the xmpp-server. Atleast that is the only place where I can find the errormessage that is thrown.

This is the code I added. It’s for getting a session-count based on username = %search%

SessionService.java
    @GET
    @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
    public WCSessionsCount getWildcardUserSessionCount(@QueryParam("search") String userSearch)
            throws ServiceException {
        return sessionController.getWildcardSessionsCount(userSearch);
    }

SessionController.java
public WCSessionsCount getWildcardSessionsCount(String userSearch) throws ServiceException {
        Collection<ClientSession> clientSessions = SessionManager.getInstance().getSessions();
        int count = 0;
        for (ClientSession clientSession : clientSessions) {
        	try {
				if(userSearch != null && clientSession.getUsername().contains(userSearch)) {
					count++;
				}
			} catch (UserNotFoundException e) {
				throw new ServiceException("Could not get user", "", ExceptionType.USER_NOT_FOUND_EXCEPTION,
                        Response.Status.NOT_FOUND, e);
			}
        }
        return new WCSessionsCount(userSearch, count);
    }

I have a lot of devices from different manufacturers that talk to my XMPP-server and I want to be able to graph the number of active sessions per device-model that is reflected in the username of the device.

5

I’m not seeing anthing wrong here.

Grasping at straws:

  • Have you tried restarting Openfire after you deployed the plugin? Maybe some kind of issue prevents the authentication mechanism to re-initialize.
  • Review not only openfire.log, but also look for the console-out (either in a window somewhere, or in a file called nohup.out). Maybe those contain clues.
6

I found the problem!

This was the code i SessionService.java

    @GET
    @Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
    public SessionEntities getAllSessions() throws ServiceException {
        return sessionController.getAllSessions();
    }

    @GET
       @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
    public WCSessionsCount getWildcardUserSessionCount(@QueryParam("search") String userSearch)
            throws ServiceException {
        return sessionController.getWildcardSessionsCount(userSearch);
    }

There was a conflict on the url …/sessions since both of theese methods handled the same endpoint. One with no arguments and one with ?search=xxx and they didn’t return the same data structure.

I added a Path to my new method and now it works.

@GET
    @Path("/search")
       @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
    public WCSessionsCount getWildcardUserSessionCount(@QueryParam("search") String userSearch)
            throws ServiceException {
        return sessionController.getWildcardSessionsCount(userSearch);
    }

Now my request towards …/sessions/search?search=xxx works fine.

Simple but stupid misstake.

Thank you for you help.

/Stefan

7

Ah, good find!

Did this register somewhere in a log? How did you discover the mistake?

8

I got this message when restarting Openfire (I must have made som log-changes to get standard out because I didn’t get this earlier)

Nov 16, 2023 10:20:14 AM com.sun.jersey.spi.inject.Errors processErrorMessages
SEVERE: The following errors and warnings have been detected with resource and/or provider classes:
SEVERE: Producing media type conflict. The resource methods
public org.jivesoftware.openfire.plugin.rest.entity.WCSessionsCount org.jivesoftware.openfire.plugin.rest.service.SessionService.getWildcardUserSessionCount(java.lang.String) throws org.jivesoftware.openfire.plugin.rest.exceptions.ServiceException
and
public org.jivesoftware.openfire.plugin.rest.entity.SessionEntities org.jivesoftware.openfire.plugin.rest.service.SessionService.getAllSessions() throws org.jivesoftware.openfire.plugin.rest.exceptions.ServiceException
can produce the same media type
Successfully loaded plugin ‘restapi’.

So I added Path to the WCSessionCount to get it to work.

1 Like
9

Hi,
I am using Openfire 4.7.6 Alpha, build 814abf1 and RestApi 1.10.1, encountering the same problem. Can Guus help me :joy:.

Restclient log is:

14:45:42 DEBUG [Quarkus Main Thread] (MainClientExec.java:255) Executing request GET /plugins/restapi/v1/users HTTP/1.1
14:45:42 DEBUG [Quarkus Main Thread] (MainClientExec.java:266) Proxy auth state: UNCHALLENGED
14:45:42 DEBUG [Quarkus Main Thread] (LoggingManagedHttpClientConnection.java:133) http-outgoing-0 >> GET /plugins/restapi/v1/users HTTP/1.1
14:45:42 DEBUG [Quarkus Main Thread] (LoggingManagedHttpClientConnection.java:136) http-outgoing-0 >> Accept: application/json
14:45:42 DEBUG [Quarkus Main Thread] (LoggingManagedHttpClientConnection.java:136) http-outgoing-0 >> Authorization: JxHQUSsqDLJbArL7
14:45:42 DEBUG [Quarkus Main Thread] (LoggingManagedHttpClientConnection.java:136) http-outgoing-0 >> Content-Type: application/json
14:45:42 DEBUG [Quarkus Main Thread] (LoggingManagedHttpClientConnection.java:136) http-outgoing-0 >> Host: ***.com:9090
14:45:42 DEBUG [Quarkus Main Thread] (LoggingManagedHttpClientConnection.java:136) http-outgoing-0 >> Connection: Keep-Alive
14:45:42 DEBUG [Quarkus Main Thread] (LoggingManagedHttpClientConnection.java:136) http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.8.1)
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 >> "GET /plugins/restapi/v1/users HTTP/1.1[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 >> "Accept: application/json[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 >> "Authorization: JxHQUSsqDLJbArL7[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 >> "Content-Type: application/json[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 >> "Host: meet.chuanshaninfo.com:9090[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.8.1)[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 >> "[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 << "HTTP/1.1 302 Found[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 << "Date: Sat, 18 Nov 2023 06:45:42 GMT[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 << "X-Frame-Options: SAMEORIGIN[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 << "Set-Cookie: JSESSIONID=node013no55l4e7vw65kfq3m91mebv52.node0; Path=/; HttpOnly[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 << "Expires: Thu, 01 Jan 1970 00:00:00 GMT[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 << "Location: http://***.com:9090/login.jsp?url=%2Fplugins%2Frestapi%2Fv1%2Fusers[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 << "Content-Length: 0[\r][\n]"
14:45:42 DEBUG [Quarkus Main Thread] (Wire.java:73) http-outgoing-0 << "[\r][\n]"
10

I think your issue might be different. From the latest version of the REST API Plugin readme in GitHub:

Important Step: To enable the plugin make sure to set the system property adminConsole.access.allow-wildcards-in-excludes to true

Without the above step the REST API plugin always redirects to login. This was done in response to a security issue.

I’ll sort a release to get that new readme bundled.