Forum Discussion
12 Replies
- Prakash_KrishnaNimbostratus2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager - Get connection: HttpRoute[{s}->https://:443], timeout = 0 2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - [HttpRoute[{s}->https://:443]] total kept alive: 0, total issued: 0, total allocated: 0 out of 20 2014-05-02 22:23:40,765 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - No free connections [HttpRoute[{s}->https://:443]][null] 2014-05-02 22:23:40,843 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Available capacity: 2 out of 2 [HttpRoute[{s}->https://:443]][null] 2014-05-02 22:23:40,843 [main] DEBUG org.apache.http.impl.conn.tsccm.ConnPoolByRoute - Creating new connection [HttpRoute[{s}->https://:443]] 2014-05-02 22:23:40,859 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnectionOperator - Connecting to /:443 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: best-match 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.impl.client.DefaultHttpClient - Attempt 1 to execute request 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnection - Sending request: POST /mgmt/tm/sys/software/volume/ HTTP/1.1 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "POST /mgmt/tm/sys/software/volume/ HTTP/1.1[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Content-Type: application/json[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Content-Length: 82[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Host: :443[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "Connection: Keep-Alive[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "User-Agent: Apache-HttpClient/4.1 (java 1.5)[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.wire - >> "[\r][\n]" 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> POST /mgmt/tm/sys/software/volume/ HTTP/1.1 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Content-Type: application/json 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Content-Length: 82 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Host: :443 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> Connection: Keep-Alive 2014-05-02 22:23:45,625 [main] DEBUG org.apache.http.headers - >> User-Agent: Apache-HttpClient/4.1 (java 1.5) 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - >> "{"username":"*****","password":"********","services":["platform","namespace"]}" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "HTTP/1.1 401 F5 Authorization Required[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Date: Sat, 03 May 2014 12:57:12 GMT[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Server: Apache[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "WWW-Authenticate: Basic realm="Enterprise Manager"[\r][\n]" 2014-05-02 22:23:45,640 [main] DEBUG org.apache.http.wire - << "Vary: accept-language,accept-charset[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-Frame-Options: SAMEORIGIN[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Accept-Ranges: bytes[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-Content-Type-Options: nosniff[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "X-XSS-Protection: 1; mode=block[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Strict-Transport-Security: max-age=16070400; includeSubDomains[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Keep-Alive: timeout=4, max=100[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Connection: Keep-Alive[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Transfer-Encoding: chunked[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Type: text/html; charset=iso-8859-1[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "Content-Language: en[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.wire - << "[\r][\n]" 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.impl.conn.DefaultClientConnection - Receiving response: HTTP/1.1 401 F5 Authorization Required 2014-05-02 22:23:45,656 [main] DEBUG org.apache.http.headers - << HTTP/1.1 401 F5 Authorization Required
- Kevin_StewartEmployee
Not sure what your initial request looks like, but it may be worthwhile to test the same with cURL at the command line:
curl -sk -u admin:admin -H "Content-Type: application/json" -X POST https://x.x.x.x/mgmt/tm/sys/software/volume -d '{...post data...}'
Also, and this may just be an artifact of your logs, but note the credentials do not go in the POST data. They need to presented however your Java-based app would work with HTTP Basic authentication.
- kunjan_118660Cumulonimbus
May be can try 'admin' if you are using a different user.
- Sergei_Genchev_NimbostratusIf you use RADIUS, LDAP or some other external authentication, REST does not work unless you also have the same user defined locally. Admin will always work because admin is always local account.
- kunjanNimbostratus
May be can try 'admin' if you are using a different user.
- Sergei_Genchev_NimbostratusIf you use RADIUS, LDAP or some other external authentication, REST does not work unless you also have the same user defined locally. Admin will always work because admin is always local account.
- Richard_Tocci_7Historic F5 Account
In 11.5.1, REST will only accept the admin account credentials. Other users that perform other roles, currently, will not work with REST - you will continue to get 401 responses from REST. This should be fixed in an upcoming hotfix.
Log a case to Support for further updates. I hear tell of a way to allow other "admin" users to perform REST calls but it requires a script to be run. This is also supposed to be fixed in an upcoming hotfix.
- brad_11480Nimbostratus
any information on what version(s) this has been corrected in? I just upgraded to 12.1.1 and i have users who are not able to use the RestAPI. They get 401. What right does the user require? I would hope that it would reflect the same rights structure and not require them to be admin.
- nyif5_225400Nimbostratus
Hi I am having the same 401 auth error. Did any one get the resolution. Or we just need to use the admin user for RestAPI ?
- Jad_Tabbara__J1Cirrostratus
You need to use admin user for RestApi
- brad_11480Nimbostratus
Really?? admin user only? There is no security model for the RestAPI? This renders the use of the RestAPI to be very limited in scope. It certainly can't be used for monitoring systems as the credentials would be required on those systems to call the RestAPI.
This means that anyone who needs to use it basically has the 'keys to the kingdom' and can use those credentials to do whatever they wish on the systems.
Note that generating a token is useless alternative since they expire in 8 hours.
Ref below comment about it being corrected in a subsequent 'hotfix' I'm on 12. no relief.