CUCM 10.5.2 - SXML DimeGetFileService API issue

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2015 03:54 AM
Hi,
I'm using the SXML API DimeGetFileService (OneFile), to get from the CUCM some logs files via HTTP. Upgrading from 9.1 to 10.5 calls to the logcollectionservice/services/DimeGetFileService GetOneFile API fail with the error "file not allowed for download":
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server.generalException</faultcode><faultstring>DimeGetFileService:GetOneFile(): file not allowed for download: /var/log/active/syslog/messages</faultstring><detail><ns1:stackTrace xmlns:ns1="http://xml.apache.org/axis/">DimeGetFileService:GetOneFile(): file not allowed for download: /var/log/active/syslog/messages at com.cisco.ccm.serviceability.soap.LogCollection.GetFile.DimeGetFileService.GetOneFile(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397) at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186) at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:454) at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281) at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699) at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.cisco.vos.platform.tomcat.valves.CiscoResponseHeaderFilter.doFilter(Unknown Source) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:613) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:312) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) </ns1:stackTrace><ns2:hostname xmlns:ns2="http://xml.apache.org/axis/">ucrmsxrsub01</ns2:hostname></detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>
With CUCM 9.1.2 the same API works fine, with 10.5.2 it fails. Has someone experienced something similar? I cannot figure out what's changed with new 10.5 APIs (can't find any documentation).
If someone has any information about it, please share!
Thanks in advance.
Regards,
Francesco
- Labels:
-
UC Manager Serviceability
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2015 12:58 PM
Can you post the XML request you're using? You can sanitize anything that you want to remain private.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-06-2015 02:29 PM
Hi Nicholas,
here the XML request:
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.cisco.com/ast/soap/">
<soapenv:Header/>
<soapenv:Body>
<soap:GetOneFile soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<FileName xsi:type="get:FileName" xmlns:get="http://cisco.com/ccm/serviceability/soap/LogCollection/GetFile/">/var/log/active/platform/cli/phones-rep-PST.txt</FileName>
</soap:GetOneFile>
</soapenv:Body>
</soapenv:Envelope>
I'm trying to download a file generated by a risdb command on CUCM. In CUCM version 9.1 all work fine.
I get the same error even using the SoapUI test tool.
Thanks in advance,
Francesco
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2015 12:27 AM
I'm doing other tests on this, and I found that for some files it works correctly. For example, if I try to download a file in the Tomcat Logs folder, the API is executed. Below, working XML request:
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.cisco.com/ast/soap/">
<soapenv:Header/>
<soapenv:Body>
<soap:GetOneFile soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<FileName xsi:type="get:FileName" xmlns:get="http://cisco.com/ccm/serviceability/soap/LogCollection/GetFile/">/var/log/active/tomcat/logs/localhost.2015-08-03.log</FileName>
</soap:GetOneFile>
</soapenv:Body>
</soapenv:Envelope>
Could it be a permission issue on some folders? I'm using an application user belonging to the following groups:
- Standard CCM Superuser
- Standard CCM Server Monitoring
- Standard RealtimeAndTraceCollection
It seams no other groups are related to the use of SXML APIs.
Ciao,
Francesco
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-07-2015 12:28 PM
Hi Francesco,
Yes, that's what I suspect it is. In CUCM (logged in as an administrator), go to User Management -> User Settings -> Role, and take a look at the roles your system has defined and what privileges they afford. You can always define a new role, too, and assign it the privileges you need for your application. Also, check out User Management -> User Settings -> Access Control Group.
Unless you just mis-typed it, maybe someone has defined new roles and permissions and you're not getting the permissions you expect. On our lab, the ACL is called Standard CCM Super Users, not Standard CCM Superuser.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-11-2016 06:35 AM
Hi Francesco,
Did you manage to resolve this?
I am encountering the same issue.
Thanks,
Enda

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2016 07:05 AM
Looks like there is a bug with DimeGetFileService API GetOneFile() on CUCM 10.5.2 CSCuv89821
I've tried to move Cisco AMC service logs to IM&P server, but got the same error.
