WSO2 Http Endpoint Error Handling - http

I'm currently trying to implement error handling on a http endpoint.
This endpoint is used to POST data via a rest API.
<endpoint name="Test_Post_Endpoint" xmlns="http://ws.apache.org/ns/synapse">
<http method="post" statistics="enable" uri-template="https://{uri.var.host}/api/{uri.var.api}">
<timeout>
<duration>60000</duration>
<responseAction>discard</responseAction>
</timeout>
<markForSuspension>
<errorCodes>500</errorCodes>
<retriesBeforeSuspension>5</retriesBeforeSuspension>
<retryDelay>60000</retryDelay>
</markForSuspension>
</http>
<description>Test API</description>
</endpoint>
My goal is to let the ESB retry to connect to the endpoint every minutes maximum 5 times in case of http error 500 (in the ideal world event if the host is not reachable, in case of network issue...)
It this the correct approach ?
Thanks for helping
Nicolas

Related

Apigee shared flow to validate token

I am using Apigee as gateway to our application. Several applications will hit Apigee and Apigee will in-turn route the request to backend servers. Every incoming request will have a JWT token.
I want Apigee to pass that token to a auth server and auth server will validate if the token is valid or not.
If token is invalid(if auth server return any status other then 200) , I want Apigee to return 403 error as response to request else pass the request to backend server.
How can I implement this kind of shared flow? Is it even possible with Apigee ? Is there any better way to achieve this?
You can do that.
Create a shared flow for Authentication/Authorization which includes ServiceCallout policy which will make a call to auth server.
Based on result for Unauthorized/Bad request you can raise a fault response with help of RaiseFault.
If the response is OK it will proceed smooth to backend.
Sample shared flow.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SharedFlowBundle revision="1" name="Auth">
<Policies>
<Policy>AssignVariableJwks</Policy> <!-- Assign Input values if needed via AssignMessage policy -->
<Policy>RequestAuthServer</Policy> <!-- Extrnal auth server call using ServiceCallout policy -->
<Policy>TokenNotFoundValidation</Policy> <!-- Validate response and raise fault if needed using RaiseFault policy -->
</Policies>
<Resources/>
<Spec/>
<subType>SharedFlow</subType>
<SharedFlows>
<SharedFlow>default</SharedFlow>
</SharedFlows>
</SharedFlowBundle>
For above shared flow create & attach required policies with logic and you're good to go.

Sabre: GetReservation equivalent to TravelItineraryRead

I'm implementing GetReservation because TravelItineraryRead will soon be deprecated.
When creating a PNR, I get successful responses of GetReservation, but when I try to query the previously created PNR, Sabre WS rejects with "Viewership is restricted for the PNR, caused by [Viewership is restricted for the PNR (Unsupported security check), code: 700102, severity: MODERATE"
I'm connecting to Sabre WS via SOAP, in test endpoint https://sws-tls.cert.sabre.com.
The RQ I'm sending is:
<GetReservationRQ xmlns="http://webservices.sabre.com/pnrbuilder/v1_19" Version="1.19.0">
<Locator>XWYZA</Locator>
<RequestType>Stateless</RequestType>
<ReturnOptions PriceQuoteServiceVersion="3.2.0">
<SubjectAreas>
<SubjectArea>FULL</SubjectArea>
</SubjectAreas>
<ViewName>Full</ViewName>
<ResponseFormat>STL</ResponseFormat>
</ReturnOptions>
</GetReservationRQ>
I've tried with others Views and SubjectAreas, but I always get that response, what am I doing wrong?
The problem was that I needed to send RequestType: Stateful instead of Stateless
<GetReservationRQ xmlns="http://webservices.sabre.com/pnrbuilder/v1_19" Version="1.19.0">
<Locator>KDQPNP</Locator>
<RequestType>Stateful</RequestType>
<ReturnOptions PriceQuoteServiceVersion="3.2.0">
<SubjectAreas>
<SubjectArea>FULL</SubjectArea>
<SubjectArea>PRICE_QUOTE</SubjectArea>
</SubjectAreas>
<ViewName>Full</ViewName>
<ResponseFormat>STL</ResponseFormat>
</ReturnOptions>
</GetReservationRQ>

My Samsung TV won't respond to some UPNP XML requests to describe its service

I've been reading this UPNP PDF and it says that when a device enters the network, it sends a SSDP message with its LOCATION, which is an address that will describe its services. When I turn my Samsung Smart TV on, I get around 6 or 7 SSDP messages. One of them is the following:
NOTIFY * HTTP/1.1
HOST: 239.255.255.250:1900
CACHE-CONTROL: max-age=1800
LOCATION: http://192.168.1.107:7676/smp_7_
NT: upnp:rootdevice
NTS: ssdp:alive
SERVER: SHP, UPnP/1.0, Samsung UPnP SDK/1.0
USN: uuid:uuid_here::upnp:rootdevice
So when I try to connect to the LOCATION in this SSDP message, I get this:
<?xml version="1.0"?>
<root xmlns='urn:schemas-upnp-org:device-1-0' xmlns:sec='http://www.sec.co.kr/dlna' xmlns:dlna='urn:schemas-dlna-org:device-1-0'>
<specVersion>
<major>1</major>
<minor>0</minor>
</specVersion>
<device>
<deviceType>urn:dial-multiscreen-org:device:dialreceiver:1</deviceType>
<friendlyName>[TV]Samsung LED40</friendlyName>
<manufacturer>Samsung Electronics</manufacturer>
<manufacturerURL>http://www.samsung.com/sec</manufacturerURL>
<modelDescription>Samsung TV NS</modelDescription>
<modelName>UN40HU7000</modelName>
<modelNumber>1.0</modelNumber>
<modelURL>http://www.samsung.com/sec</modelURL>
<serialNumber>serialNumberHere</serialNumber>
<UDN>uuid:uuid_here</UDN>
<sec:deviceID>EXCNHA5ILPT66</sec:deviceID>
<sec:ProductCap>Resolution:1920X1080,Y2014</sec:ProductCap>
<serviceList>
<service>
<serviceType>urn:dial-multiscreen-org:service:dial:1</serviceType>
<serviceId>urn:dial-multiscreen-org:serviceId:dial</serviceId>
<controlURL>/smp_9_</controlURL>
<eventSubURL>/smp_10_</eventSubURL>
<SCPDURL>/smp_8_</SCPDURL>
</service>
</serviceList>
<sec:Capabilities>
<sec:Capability name='samsung:multiscreen:1' port='8001' location='/ms/1.0/'></sec:Capability>
</sec:Capabilities>
</device>
</root>
The UPNP PDF says that I must connect to the controlURL in the service described above, but when i GET http://192.168.1.107/smp_9_ I get no response. It simply does not respond. I though it was something related to the service being not activated at the moment, but for example, this post teaches how to send a SOAP message to the RenderingControl1 service to change the volume. This service should be active when I'm using the TV to watch something. So I tried to respond to the SSDP message related to RenderingControl1:
NOTIFY * HTTP/1.1
HOST: 239.255.255.250:1900
CACHE-CONTROL: max-age=1800
LOCATION: http://192.168.1.107:7676/smp_3_
NT: urn:samsung.com:device:RemoteControlReceiver:1
NTS: ssdp:alive
SERVER: SHP, UPnP/1.0, Samsung UPnP SDK/1.0
USN: uuid:uuid_here::urn:samsung.com:device:RemoteControlReceiver:1
When I GET 192.168.1.107:7676/smp_3_ the response is:
<?xml version="1.0"?>
<root xmlns='urn:schemas-upnp-org:device-1-0' xmlns:sec='http://www.sec.co.kr/dlna' xmlns:dlna='urn:schemas-dlna-org:device-1-0'>
<specVersion>
<major>1</major>
<minor>0</minor>
</specVersion>
<device>
<deviceType>urn:samsung.com:device:RemoteControlReceiver:1</deviceType>
<friendlyName>[TV]Samsung LED40</friendlyName>
<manufacturer>Samsung Electronics</manufacturer>
<manufacturerURL>http://www.samsung.com/sec</manufacturerURL>
<modelDescription>Samsung TV RCR</modelDescription>
<modelName>UN40HU7000</modelName>
<modelNumber>1.0</modelNumber>
<modelURL>http://www.samsung.com/sec</modelURL>
<serialNumber>serialNumberHere</serialNumber>
<UDN>uuid:uuid_here</UDN>
<sec:deviceID>EXCNHA5ILPT66</sec:deviceID>
<sec:ProductCap>Resolution:1920X1080,ImageZoom,ImageRotate,Y2014,ENC</sec:ProductCap>
<serviceList>
<service>
<serviceType>urn:samsung.com:service:MultiScreenService:1</serviceType>
<serviceId>urn:samsung.com:serviceId:MultiScreenService</serviceId>
<controlURL>/smp_5_</controlURL>
<eventSubURL>/smp_6_</eventSubURL>
<SCPDURL>/smp_4_</SCPDURL>
</service>
</serviceList>
<sec:Capabilities>
<sec:Capability name='samsung:multiscreen:1' port='8001' location='/ms/1.0/'></sec:Capability>
</sec:Capabilities>
</device>
</root>
but when I try to GET 192.168.1.107:7676/smp_5_ I also get no response. I also tried to GET 192.168.1.107:7676/smp_3_/smp_5_ because /smp_5_ is a 'subset' of /smp_3_ I get BAD Request, which tells that my TV is ignoring /smp_5_ but explictly tells that /smp_3_/smp_5_ is wrong, so /smp_3_ is quite rigth, but I don['t know what's happening. According to the UPNP PDF,
GET 192.168.1.107:7676/smp_5_ should retrieve the description for the service... How to get the description of the RenderingControl?
According to UPnP Specification,
http://192.168.1.107:7676/smp_7_ from SSDP is called DeviceDescription URL, so you could get XML via HTTP GET
while URLs in
<controlURL>/smp_9_</controlURL>
<eventSubURL>/smp_10_</eventSubURL>
<SCPDURL>/smp_8_</SCPDURL>
http://192.168.1.107:7676/smp_9_ is control URL, you need to do SOAP action with HTTP Post and necessary parameters.
http://192.168.1.107:7676/smp_10_ is event subscription URL, but you need to do SUBSCRIBE with necessary parameters not GET.
http://192.168.1.107:7676/smp_8_ is ServiceDescription URL, you can do GET and get XML file.
More in: http://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.1.pdf
Give this a shot. Maybe it will prove useful. It is the decompiled source for the Smart View windows application
https://drive.google.com/open?id=0B4rFn8xXaiKsZ3lCNFBpcklDRE0

Integration Testing of secure Spring Web Service

I am trying to write server side integration tests of my Spring Web Service Endpoint secured using
- Spring WS Security 2.1.2.RELEASE and
- WSS4j 1.6.9.
I am trying to follow Spring documentation http://static.springsource.org/spring-ws/sites/2.0/reference/html/server.html. With the setup that I have got so far, I can send a request payload
<myns:MyRequest xmlns:myns="...">
...
</myns:MyRequest>
using MockWebServiceClient as
mockWebServiceClient.sendRequest(withPayload(requestPayload)).andExpect(clientOrSenderFault());
which the integration test properly maps to the endpoint in the test context and I get a "Could not validate request: No WS-Security header found" error as expected.
Problem: Now the problem here is if I send a request in a SOAP envelope with a security header and body, I would get an endpoint not found exception.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:myns="...">
<soapenv:Header>
...
</soapenv:Header>
<soapenv:Body>
<myns:MyRequest>
...
</myns:MyRequest>
</soapenv:Body>
</soapenv:Envelope>
since it will try to find an endpoint around "{http://schemas.xmlsoap.org/soap/envelope/}Envelope".
Is there a way to work around this problem?
The newer version of Spring WS Test which is 2.1 has two methods added in RequestCreaters: RequestCreators.withSoapEnvelope(Source soapEnvelope) and RequestCreators.withSoapEnvelope(Resource soapEnvelope) which allow sending SOAP envelopes for Integration testing. http://forum.springsource.org/showthread.php?135298-Integration-Testing-of-secure-Spring-Web-Service

Payment Gateway Integration error solving

I have a windows application that requires Payment Gateway Integration.
All these stuff i have done.
The process includes the following...
-Creating Xml Request header
-Encoding it as Url
-send the url encoded data to a Rest API with link being provided in the documentation.
-The test server performs the transaction and sends response back to the application.
What I have done to achieve these functionality...
1) I have used 'HttpWebRequest' class to create request to the URL : I am not going to share it since it security and confidential.
2) I have generated xml header and send it as url encoded.
3) The Server is even responses back to the application. but with Status not success
I am going to post the request formate and response formate.
<?xml version="1.0" encoding="UTF-8"?>
<payment xmlns="http://www.elastic-payments.com/schema/payment">
<merchant-account-id>!#-merchant-account-id-#!</merchant-account-id>
<request-id>!#-request-id-#!</request-id>
<transaction-type>purchase</transaction-type>
<requested-amount currency="AUD">!#-requested-amount-#!</requested-amount>
<account-holder>
<first-name>!#-first-name-#!</first-name>
<last-name>!#-last-name-#!</last-name>
<email>!#-email-#!</email>
<phone>!#-phone-#!</phone>
<address>
<street1>!#-street1-#!</street1>
<street2>!#-street2-#!</street2>
<city>!#-city-#!</city>
<state>!#-state-#!</state>
<country>!#-country-#!</country>
<postal-code>!#-postal-code-#!</postal-code>
</address>
</account-holder>
<card>
<account-number>!#-account-number-#!</account-number>
<expiration-month>!#-expiration-month-#!</expiration-month>
<expiration-year>!#-expiration-year-#!</expiration-year>
<card-type>!#-card-type-#!</card-type>
<card-security-code>!#-card-security-code-#!</card-security-code>
</card>
<notifications>
<notification url="!#-notification-url-#!" transaction-state="failed" />
<notification url="!#-notification-mail-#!" />
</notifications>
<custom-fields>
<custom-field field-name="order no" field-value="!#-order no-#!" />
</custom-fields>
<ip-address>!#-ip-address-#!</ip-address>
</payment>
The following is the response coming back from the server.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<payment xmlns="http://www.elastic-payments.com/schema/payment" self="http://sandbox-engine.thesolution.com/engine/rest/merchants/null/payments/null">
<merchant-account-id ref="http://sandbox-engine.thesolution.com/engine/rest/config/merchants/null"/>
<transaction-state>failed</transaction-state>
<completion-time-stamp>2012-11-28T08:19:31.024Z</completion-time-stamp>
<statuses>
<status code="400.1018" description="The same Request Id for the Merchant Account is being tried a second time. Please use another Request Id. " severity="error"/>
<status code="400.1009" description="The Transaction Type is invalid. Please check your input and try again." severity="error"/>
</statuses>
<requested-amount/>
<api-id>elastic-api</api-id>
</payment>
I have cross checked twice with the request header,Each time i do have unique Request id which is 'hiren-'+GUID+DATETIMEWITHTIME
I even have cross checked with the documentation of the gateway for the transaction-type and it's valid but even then it's giving the same error.
To encode url i have used the following code
string sendString = "param=" + HttpUtility.UrlEncode(xmlData);
I'm thinking that the above code may be having the error but it's giving reply back...
so need help to solve the problem.
Please don't ask for the document file but you can ask for extra information.

Resources