How To Know The Client Url in Wso2ESB sing property Mediator - wso2

i have two proxys . i wish to filter the Client url in second proxy means
my first proxy implemented and send some data to 2nd proxy.Its working fine But my wish i dont want allow any other service to use my proxy .In that case i need to filter based On the URL. We have option in ESb get-property('To') for know to url of target service but How we can know that Which client is calling me
`<property name="client-host" expression="get-property('From')"/>`
this property not working
even i defined in Client and target service also but its returning "null"
<property name="client-host" expression="get-property('To')"/>
this property returning me present service URl
But i need Client Url Who is calling me...
how could i define it and where can i define either in Client Or Target
http://docs.wso2.org/wiki/display/ESB460/Property+Mediator#PropertyMediator-PropertiesToFromActionFaultToReplyToMessageID

can you enable the ws-addressing module to your proxies and see that "from" property is working or not?
Generally from,to action properties are captured from transport receiver..
WS-addressing will capture same properties and if they are already available, ws-addressing will overwrite them...

Related

Envoy access logs format validation

We are using envoy access logs
https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage , does envoy validate the fields that are passed to the access logs, e.g. the field format.
I ask it from basic security reason to verify that if I use for example %REQ(:METHOD) I will get a real http method like get post etc and not something like foo. or [%START_TIME%] is in time format and I will not get something else...
I think it's related to this envoy code
https://github.com/envoyproxy/envoy/blob/24bfe51fc0953f47ba7547f02442254b6744bed6/source/common/access_log/access_log_impl.cc#L54
I ask it since we are sending the data from the access logs to another system and we want to verify that the data is as its defined in the access logs and no one will change it from security perspective.
like ip is real ip format and path is in path format and url is in url format
I'm not sure I understand the question. Envoy doesn't have to validate anything as it is generating those logs. Envoy is HTTP proxy who receives the request and does some routing/rewriting/auth/drop/.. actions based on the configuration (configured by virtualservice / destinationrule / envoyfilter if we're talking about istio). After the action it generates the log entry and fills the fields with details about original request and actions taken.
Also there is nothing like 'real' http method. HTTP method is just a string and it can hold any value. Envoy is just the proxy who sits between client and application and passes the requests (unless you explicitly configure it i.e. drop some method).
It depends on application who receives the method how it's treated. GET/POST/HEAD are commonly associated with standard HTTP and static pages. PUT/DELETE/PATCH are used in REST APIs. But nothing prevents you to develop application who will accept 'FOOBAR' method and runs some code over it.

How to achieve the dynamic integration pattern in WSO2 ESB

My requirement is I will expose the ESB integration implementation as a REST API.
1) In the implementation part whenever they will call This ESB API it has to route based on content in the post request sent to ESB(this can be achieved by content based routing pattern ).
2) But on the Endpoint side Which is to be called by the ESB while routing based on content may vary means, if today there is 2 end point to call tomorrow it may rise to 5 like that how to apply changes are is there any solution. So, how to achieve this dynamic integration.
I have 4 ways to achieve this integration pattern.
1) Deploy files in the registry which has the endpoint in it and having the file name which is same as the content name(regex) sent in the payload for routing. Then by storing that name in property mediator and use concat function to read that file in another property mediator, and by pattern matching read the endpoint. Thus you can use that endpoint and achieve the dynamic content based routing.
2) Have separate sequence each one to call one endpoint and have the same name as the content name. The main sequence will call the sequence based on the content.
3)Store the content on which to be routed and endpoint in the RDBMS database then use DB lookup mediator to retrieve the endpoint based on this you can route.
4) I think this is best and suitable for integration scenario where tomorrow the endpoint may change( that is when the number of the endpoint is not fixed ) and each endpoint wants a different transformation of the payload(I mean XML to json or JSON to XML etc..).
First, use one API and store the content in property mediator and use that mediator to call another API which has the implementation to call the endpoint.
For example, if the content based on which routing has to happen has the payload like this
{ "content":"c1" }
Store the content in property mediator using name uri.var.address. Then create another API's which will have the implementation to call endpoint(For each endpoint create separate API's) and URI-Template of the API's should have content stored in the property mediator(same as payload request). While using send mediator to call these ENDPOINT implemented API's use http request having url of the API with /{uri.var.address} because to match the URI-template details.

Can you statically set a Header and it's value when setting up an HTTP Proxy using AWS Api Gateway endpoint?

I am creating an http proxy using AWS Api Gateway. I would like to hard code some of the headers and their values to be forwarded as part of the request. I thought this might be possible in the 'Integration Request' portion of the proxy setup, but I can't seem to figure it out.
I'm trying to pass an Authorization header with an oauth key. I don't want to share this key with clients that have access to this service, since I will only provide a subset of access to users of this specific endpoint.
In the Integration Request, you can configure a static header value to be sent to the integration endpoint by putting the value inside of single quotes, e.g. 'my_static_header_value'.
Is it a problem to put those hardcoded headers in the request body ? It not, you could just use a template (in the integration request screen) :
{
"hardcoded_header": "$input.params('hardcoded_header')"
}
Hope this helps.

wso2 esb endpoint can not be changed

I have some external URL (restful api) to be integrated.
Those URL have different prefixed URL with different parameter at url, for example:
www.abc.com/books
www.abc.com/book/11
www.abc.com/book/11/authors
When get response from those invocation, esb needs to convert response from one json format to our standard json format.
I plan to use esb javascript mediator to perform convert operation, but I didn't find any way to attach url parameters.
Any one have any idea?
I have used mediator by java code to implement it, but it is too heavy.
I am also looking into connector for another option.
I have got a solution by use url template. By this solution, I can change url according to template defined.
With this solution, I didn't need to write mediator or connector.

Consuming a webservice with jsessionid in URL

I`m working on a SAP project, where i have to call a non-sap service with jsessionid in binding url. I already generated a proxy class out of the wsdl and defined a logical port with my URL. In my case it should be dynamic like: {host}/service/foo/binding;jsessionid={xxx} but its static like: {host}/service/foo/binding
How can i achieve that session handling?
EDIT: The problem here is, its not only for authentification its also for load balancing. The jsessionid MUST be submitted via URL rewriting. Any ideas?
You should be able to configure this with the soamanager transaction:
Go to the service configuration screen and select your consumer proxy
Edit the existing, or create a new logical port
Go to the transport settings tab and change the URL access path
Once saved, you can find the logical port as a destination in transaction SM59. It's one of the generated ones in the external HTTP connections tree.
Providing a value for the parameter will probably require a modification of the SAP software though. The system uses the cl_http_client=>create_by_destination method to obtain a client object to perform the http call, so maybe you can implement some custom code there.