I want to apply the security to my API end points in mule. Is there any way we can write an http handler in mule?
So that I no need to replicate the code for each API and all my inbound requests can be handled through that handler.
You need to create custom policy in anypoint studio and apply same custom policy in API Manager.
https://dzone.com/articles/creating-custom-policies-in-mulesoft
https://blogs.mulesoft.com/dev/howto/howto-custom-api-policy-with-anypoint-platform/
Thanks,
Manish Yadav
You can use couldhub policies for the same.
You can write your custom java code and use java component
Related
I'm creating a real-time data fusion pipeline where the Sink is a HTTP plugin call to Vertex AI endpoint in another GCP project. The request body will be provided by a previous step in the pipeline. The http sink plugin being used (HTTP v1.2.2) doesn't seem to support any oauth parameters. what is the best way to make that HTTP call with a dynamically generated token in the headers? any help is appreciated. Thank you
As of now, there is no way to achieve this. I also faced the same issue where my OAuth token expires in X days.
I've had to make a dynamic pipeline that doesn't fail so I have used a custom Argument setter and used the token(macro) that the custom args setter initializes in the HTTP plugin.
You can find the actual open-source code at the https://github.com/data-integrations/argument-setter
How to use a variable directly in Http Request Endpoint?
If you close the activity configuration Wizard, your activity will still be there and you can fine tune the configuration freely in the Properties panel. In your case, configuring the Endpoint by using a variable.
Example
I am trying to write a REST endpoint using the ASP.NET Web API framework. The use case is that the endpoint should be able to accept a stream of a zipped file.
The solutions that I have seen so far all use multipart/form-data but I'm trying to see whether it is possible to be able to do so without using multi-part.
Use the multipart/form-data settings as a guide:
https://www.rfc-editor.org/rfc/rfc2388
https://www.rfc-editor.org/rfc/rfc2046
My back-end server is built using the Microsoft WCF REST Starter Kit Preview 2. I want to add some request processing to all requests, except for those methods I explicitly disable by marking them with an attribute. I have over a hundred service methods and there are only a few I want to exclude from this extra processing. I'll tag them all if I have to, but I'm trying to avoid disrupting what's already written.
I haven't seen anything I can add to WebInvoke, and adding an interceptor won't let me examine the method that the request is routed to.
I am asking for an explanation of how to register HttpOperationHandler object(s) so I can do my extra request processing (i.e. authorization based on information in the request headers) before it is handed off to the method it was routed to. Can someone please explain how to do this, without rewriting my existing codebase to use Web API?
You can't use an HttpOperationHandler with WCF REST Starter Kit. However the Web API is very compatible with ServiceContracts that were created for WCF REST Starter kit. You should be able to re-host them in a Web API host relatively easily. You may have to change places where you access WebOperationContext, but it should not be a huge change.
I solved my problem by adopting another method. It authenticates all requests. I can't control which method it applies to, but I was able to work around that.
I created a custom ServiceAuthorizationManager class to process the Authorization header. The CheckAccess() method returns true to allow the request through or false if the user is not authenticated or not authorized to perform the service. I hooked it up to the ServiceHost for my services by creating a custom WebServiceHostFactory class and assigning an instance to the Authorization.ServiceAuthorizationManager in its CreateServiceHost() methods.
Although I can't directly check method attributes for the service being executed, the Message.Headers member of the object passed to CheckAccess() has a To property that contains the URI of the service being called. If necessary, I could examine it to determine what method the request would be routed to.
The ServiceAuthorizationManager applies to all requests, so no web methods or classes must be marked with any special attributes to enable it.
I am using Visual Studio 2010 Ultimate to perform web and load tests. I have a set of web tests that call REST web services that require OAuth credentials and I'm looking for information on how I can access the associated Http Headers and Post body the request. I've created a web test plugin that acts as an Authorization Manager and have overriden the PreWebTest method. When I look at the PreWebTestEventArgs argument, I see the WebTest and its WebTestContext but I don't see any obvious way to access the actual Http Headers or the Post Body where I might be able to insert the OAuth components. Has anyone been able to affect the Http Request with the associated web test? Any insight will be much appreciated. Thanks.
I think you'll need to override PreRequest instead of PreWebTest.
PreRequestEventArgs has the Request property which is the WebTestRequest object that has access to the headers and post body.