Mulesoft: Expose web services/wsdl behind firewall - web-services

How to expose wsdl behind firewall?
Mule generated WSDL has endpoints to server where it runs but exposing it outside requires change of this endpoint.
Current workaround what we use is to use SOAPUI to export internal service wsdl, edit it in text editor substitute all internal addresses for external analogs, pack this wsdl and send it to the external consumer.
Is there better way to do so? Maybe some parameter to some component which generates the WSDL which defines the server name for endpoints?
UPDATE based on comments:
This is not general question about WSDL. This is Mulesoft related question. Mule generates WSDL automatically. Here is part what I'm interested in:
<port binding="tns:Hello_Binding" name="Hello_Port">
<soap:address>
location="http://mule.server.internal.local/SayHello/" />
</port>
It is generate because Mule server is at internal box mule.server.internal.local
But when this server is exposed externally it is "hosted" on external site service.mycompany.com, so WSDL should say
<port binding="tns:Hello_Binding" name="Hello_Port">
<soap:address>
location="http://service.mycompany.com/SayHello/" />
</port>
but Mule does not know about it and so WSDL is invalid.

Related

How to make call out to secured web service

Am receiving the message "System.Net.WebException: The HTTP request was forbidden with client authentication scheme 'Anonymous'." when trying to call the web service at "https://graphical.weather.gov/xml/SOAP_server/ndfdXMLserver.php" using BizTalk 2013.
I've imported the wsdl directly from the site, creating the schemas and the bindings to make the call. The Send port is set up as WCF-BasicHttp, Security Mode: Transport, Transport Client Credential Type: None. I'm able to call the service using SOAP-UI from the BizTalk server, providing no form of authentication.
Have read numerous posts and documentation, but nothing I've done to this point has helped. I'm sure I'm missing something; just not sure what that something is!
From the looks of the WSDL: <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/> it's an RPC type web service
Like the documentation specifies: 'The WCF adapters do not support consuming Remote Procedure Call (RPC)-style Web services because the message parts in RPC-style Web services are referring to the message types rather than the message elements where WCF adapters are using elements for the message parts. We recommend that you add the RPC-style Web services through Add Web Reference wizard for consuming the Web services in BizTalk projects.'

WSDL for WSO2 ESB proxy service

I have done a few use cases on WSO2-ESB including protocol mediation with transformation and service-chaining.
In all of them I had to manually write the wsdl for the proxy service. Having experienced other vendor products including Oracle and Tibco where wsdl generation is done by the tool.
Would it be right to assume in WSO2 ESB one needs to manually write the wsdl file to expose a proxy service on any protocol, do not see any documents calling that out.
Considering the usage of wsdl in practical use cases.
I have seen posts stating "you can give the WSDL available at your Axis2 service" but most of real time use cases would not be pass through and have custom request and response.
Thanks,
Wajid
I'm also confused with manual wsdl creation. As far as I can see there are gaps in wsdl proxy description. When I do wsdl proxy with WSO2 I have to indicate wsdl to expose
its either as:
"none" and I have only mediate function exposed
"same contract" and this breaks the whole idea of proxy because after that clients read original wsdl and go straight to original server access point.
or and I have several options to make my own wsdl.
With rich SOAP API (hundreds of methods) none of above work well, considering that manual support of exposed WSDL is rather cumbersome.
I wonder if there is more adequate way for proxying WSDL?
You can use java2wsdl generator tool to achieve the WSDL generation.
For the proxies, if you try to restrict access for some operations in your backend service, you can attach customized wsdl to the proxy.
The customization has to be done by yourself and it is simple..
If you want to generate a wsdl fro your service, jsut deploy the service in wso2as, and check the service dashboard, wsdl option to view the wsdls.

IP-addresses Log file by all requests in MULE CE 3.3.0?

in MULE CE 3.3.0 I want to implement this process:
1- Post- office has a service for giving postal-code to clients. So post-office creates a WSDL-file for its service.
2- Here, our company is a connector between post-office and clients. Our company using mule and create another WSDL file based on post-office’s WSDL file and published out the WSDL for client usage.
3- Company-A and Company-B, get the WSDL-file URL and for instance in My-eclipse IDE or any other IDEs create a portlet and deploy it in a liferay portal as a web-service for displaying postal-code to its clients.
During this process I want to have a log file of ip-addresses. It means, I want to after each request that Company-A’s client or Company-B’s client sent to the server(Our company), it’s Ip-address insert into a database or in a file.
I illustrated my position in the image by a red Arrow. Now I want to put an script in MULE server that and gather all the ip addresses that Company-A's and Company-B's customers who use post-code webservice.
Can I use cxf-interceptor for this issuse ? and how? guide me?
As genjosanzo has suggested in https://stackoverflow.com/a/15993127/387927, you can access all the Mule headers in a CXF interceptor. This means that yes, you can achieve your goal with a CXF interceptor.
Here is an example of such an interceptor: https://github.com/mulesoft/mule/blob/mule-3.3.1/modules/cxf/src/main/java/org/mule/module/cxf/support/MuleHeadersInInterceptor.java
Here is a configuration sample that shows how to use Spring to instantiate and configure CXF interceptors: https://github.com/mulesoft/mule/blob/mule-3.3.1/modules/cxf/src/test/resources/header-conf.xml
The gist of it is:
<cxf:inInterceptors>
<spring:bean id="foo1" class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
</cxf:inInterceptors>

Configuring WSDL Based Proxy in WSO2 version 4.6

I have down loaded WSO2 ESB Version 4.6 and started the server. Clicked on proxy service. There I have selected WSDL Proxy option. It is asking the following for creating proxy.
Proxy Service Name* OpportunityService
WSDL URI* https://crm-aufsn4x0ruf.oracleoutsourcing.com//opptyMgmtOpportunities/OpportunityService?WSDL
WSDL Service* https://crm-aufsn4x0ruf.oracleoutsourcing.com:443/opptyMgmtOpportunities/OpportunityService
WSDL Port* 443
I just want consume this external web service via ESB. So I dont want publish. Did not configure any publish related fields. Now When I click on create it throws exception "Failed to add proxy service: OpportunityService. Check whether the Proxy already exists
". But I am sure that there is no existed service with that. I have tried with different names but the error is same.
I suspect that may gave values wrong for fields WSDL Service and WSDL Port. If click on Test URI its giving success.Can any one please suggest where I am doing wrong.
Thanks&Regards,
Raghu
For wsdl service parameter you need to give the <wsdl:service name>which you can find in the particular wsdl itself. I dont think it will be a URI like you have mentioned above. Likewise for port you can find the <wsdl:port> parameter in the wsdl.

How to remove link references from web service request/response

I have a web service with a client written in Java. The service works behind a firewall and if the java client wants to consume the service, then its request is blocked because the request contains links. So the request contains validator references like this:
...<S:Envelope xmlns:S="http://schemas.xmlsoap.org/wsdl/"...
Shall I fix it in the wsdl file? That is the only place which contains this link:
<definitions targetNamespace="http://mycompany.com/" name="RentalServiceService"
xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:wsp="http://www.w3.org/ns/ws-policy"
xmlns:tns="http://mycompany.com/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsp1_2="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
If I generate a client in .net from the wsdl file, then it does not put any link references into the request...
Thanks
Zoltan
Don't remove namespaces from the XML message. Configure your firewall instead!
Normally, SOAP is friendly with firewalls because it piggybacks on top of HTTP. If you remove the namespaces from the XML you might get it through the firewall but the web service that must make use of the message might fail to parse it because you removed the namespaces from it. XML namespaces are important because they correctly identify the domain to which each element inside the message belongs to.
Just as an observation, the <S:Envelope xmlns:S="http://schemas.xmlsoap.org/wsdl/"... is a copy paste error of some sort?... or maybe part of the problem?! The namespace for the SOAP envelope should be http://schemas.xmlsoap.org/soap/envelope/ for SOAP 1.1 or http://www.w3.org/2003/05/soap-envelope for SOAP 1.2.
That aside, if the SOAP message is correctly formatted, it should pass through the firewall. If it doesn't, then the solution is to configure the firewall properly and not mess with the SOAP message. Your network administrators should spend time understanding web services security and properly configure the firewall.
My suggestion would be to keep port 80 just for your users requests/responses from browsers and expose the service on a different port number with proper configurations. Maybe you could even set up a reverse proxy inside a DMZ to improve the web service security. With that, you won't expose your internal web service server directly to the Internet.