I have a working solution for the requirement as stated below. However, I am NOT convinced that it is cleanly implemented. There are a lot of configuration options in DataPower that I am fuzzy on and though the response comes back, I am not confident about it. Can I get some help on how this should be implemented to avoid any quirky behavior.
Requirement
When a SOAP client sends a request that fails schema validation rule in the inbound client->server policy (before going to backend server), our system needs to respond with custom SOAP Fault message and skip backside processing.
Current Solution
My MPG has the following rule configuration:
Client to Server. . .
matches all->sets on-error to call error rule->Validation Action-> . . .
Error rule . . .
matches validation error->sets skip-backside to true->transformation building custom SOAPFault message->results action->sets Content Type header
Any help on this or suggestions for a better way to do this would be helpful. I would like to do the schema validation inside the MPG and not a separate WS Firewall.
Once error rule is triggered it will not go for backend. I think Skip backend is not required.
match function-->transformation action with custom message---> Results action
Just add a validation action for the XSD in the MPGW Processing Policy.
You don't need the skip-backside or on-error actions. Backside will be skipped on Request error and Error rule will always be triggered anyway.
Apart from that your solution is solid.
<xsl:variable name="error" select="dp:variable('var://context/scratch/Response')"/> //invoke to another file as a working backend failed
<error_message>
<code><xsl:value-of select="$error/result/responsecode"/></code>
//this type you can configure other responses
</error_message>
Related
We are trying to deploy an EAR on WebSphere Liberty.
Our application contains an EJB-module, which contains and EJB that makes a call to another SOAP server.
The WSDL of the service defines a wsp:Policy with ExactlyOne of http:BasicAuthentication xmlns:http="http://schemas.microsoft.com/ws/06/2004/policy/http"/
After deployment when we send a request to our application, which would trigger that SOAP-call we get an error: None of the policy alternatives can be satisfied.
I found some java-code on how to solve this
HTTPConduit http = (HTTPConduit) client.getConduit();
http.getAuthorization().setUserName("user");
http.getAuthorization().setPassword("pass");
But I do not want to do this in the Java-code but I want to make it part of the server config.
I found several helpful links, but still could not get it working.
Does anybody have any suggestions on how I can set this up?
https://www.ibm.com/support/knowledgecenter/en/SSEQTP_8.5.5/com.ibm.websphere.wlp.doc/ae/twlp_wssec_migrating.html
https://www.ibm.com/support/knowledgecenter/en/SSEQTP_8.5.5/com.ibm.websphere.wlp.doc/ae/twlp_sec_ws_clientcert.html
You could use the JNDI feature to express the userid and password in server.xml, then have your java code pull it out of JNDI.
https://www.ibm.com/support/knowledgecenter/en/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/twlp_dep_jndi.html
I have an Apigee proxy that has two resources (/resource1 and /resource2). If tried to access /resource3. How do I return a 404 error instead of the Apigee default fault?
Apigee displays the below fault string:
{
"fault": {
"faultstring": "The Service is temporarily unavailable",
"detail": {
"errorcode": "messaging.adaptors.http.flow.ServiceUnavailable"
}
}
}
Thanks
Currently the way flows work in apigee this way - It parses through your default.xml (in proxy) and tries to match your request with one of the flow either through the path-suffix like "/resource1, /resource2" or VERB or any other condition you might have. If it does not find any matching condition, it throws the error like above.
You can add a special flow which will be kicked in if the condition matches none of the valid flows you have. You can add a raisefault policy in that flow and add a custom error response through that flow.
A better solution is to:
be sure to define something in the base path of all Proxy APIs
create an additional Proxy API called "catchall" with a base path of "/" and with just a Raise fault throwing a 404
Apigee execute Proxy APIs from longest Base Path to shortest; the catchall will run last and always throw back a 404
I just want to clarify Vinit's answer. Vinit said:
If it does not find any matching condition, it throws the error like above.
Actually, if no matching flow condition is found, the request will still be sent through to the backend. The error you mentioned:
{
"fault": {
"faultstring": "The Service is temporarily unavailable",
"detail": {
"errorcode": "messaging.adaptors.http.flow.ServiceUnavailable"
}
}
}
was returned after attempting to connect to the backend without matching a flow.
Vinit's solution to raise a fault to create the 404 is the best solution for your requirements.
In some cases, however, it is appropriate to pass all traffic through to the backend (for example, if you don't need to modify each resource at the Apigee layer, and you don't want to have to update your Apigee proxy every time you add a new API resource). Not matching any flow condition would work fine for that use case.
I'm using Workilight version 6.0 and I'm trying to use a security test with Workilght's adapter.
First of all, I developed a login page and home page where I'll display some informations after the user will be authenticated.
The authentication seems to be OK because I'm getting the user information and session Id which I'll sent in the cookie of the next HTTP adapter using the security test.
The problem is that I'm getting NullPointerException from the specified adapter but when I execute the request with RestClient, I get the response so the WS is OK.
Any body have an idea about how to that ?
PS: my code was working on worklight V5.0 but not with V6.0
I resolved this issue by deleting non useful Security Test like "MobileSecurityTest".
So before testing your adapter make sure that your declaration in the "authenticationConfig.xml" file is well done.
For more information about that, you can visit this URL :
http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v600/08_03_Adapter_based_authentication.pdf
In addition, you have to figure out the root response in the adapter response to see first how looks your received data, otherwise you may be will receive a "NullPointerException" as response if you attempt to get for example "response.result" and the attribut "result" doesn't exist.
Hope that help you for future issues like I got.
Hi I am trying to add a web service in flex 4. This web service is deployed in share point 2010 in the intranet . I am able to see this wsdl file through browser but trying to introspect the service is giving an authentication error.
I am getting the following error :-
There was an error during service introspection.
WSDLException: faultCode=OTHER_ERROR: Unable to resolve imported document at 'http://sql2008:47672/_vti_bin/StoryboardingDatabaseConnect.asmx?WSDL'.: java.io.IOException: Authentication failure
Edit :-
Have added the video showing the error at http://www.youtube.com/watch?v=moXfxmiHAqQ
The Data Services Wizard does not support (as of now, afaik) connection to https services, neither to ones that need authentication.
So you should add your credentials manually to your soap request's header using name-value pairs:
[{name: "userName", value: "yourUserName"},
{name: "password", value: "yourPassword"}].
You can read more about it in the Working with SOAP Headers section of this article (Using WebService components).
You might also find this post from the Adobe forums useful, elaborating this issue.
I've inherited a BizTalk 2006 application that uses several SOAP ports to request data from a 3rd party web service. The web service is secured by "basic" authentication - username / password. After making a few enhancements to the application I deployed to an integration test server which has access to the 3rd party web service. The BizTalk app was unable to retrieve the data and I soon realised that I had forgotten to set the username / password on the SOAP send ports. I wanted the make deployment of the BizTalk app as automated as possible because I may not be present when it is deployed to the live server. I opened up the binding file, located the 1st of the problem SOAP send ports and looked for the * that BizTalk uses to replace the password - except that it doesn't! It seems that the password for SOAP ports is set to NULL rather than *, see here for more details:
http://msdn.microsoft.com/en-us/library/aa547319.aspx
I proceeded to update the binding but when I came to test, after importing my amended binding file, I found that I had the same problem as before. I've double checked and can confirm that the correct password is now present in the binding file but, although BizTalk doesn't complain during the import, when I run the app I get the following exception:
Details:"ArgumentNullException: String reference not set to an instance of a String.
Parameter name: s
".
If I then manually amend the password through the BizTalk admin console everything work fine.
Has anyone else had a similar problem with the bindings for a SOAP port - does anyone have a solution?
I've been bit by something like this in the past. The password is either put in as '****'. This is ok. I wouldn't want all of my secrets exported with the binding file. What does get you is when you export the bindings and you leave the password NULL. The Variable Type (vt) attribute on the XML element for the password is set to vt="1" which is the same as NULL. It won't matter what you put in for the password. It may even cause the error you described. I would suggest you include a copy of the binding XML for review.
I've never seen this problem before - I'm doing exactly what you are trying to do and it works perfectly.
I've included the <TransportTypeData> element from one of my BizTalk bindings that works. Hopefully having something to compare against helps.
<TransportTypeData>
<CustomProps>
<AuthenticationScheme vt="8">Basic</AuthenticationScheme>
<AssemblyName vt="8">WebService.ProxyClass, Version=1.0.0.0,
Culture=neutral, PublicKeyToken=xyz</AssemblyName>
<Username vt="8">soapUser</Username>
<UseProxy vt="11">0</UseProxy>
<UseSoap12 vt="11">0</UseSoap12><UsingOrchestration vt="11">0</UsingOrchestration>
<UseSSO vt="11">0</UseSSO>
<Password vt="8">MYPASSWORD</Password>
<ProxyPort vt="3">80</ProxyPort><AssemblyPath
vt="8">C:\ProxyClass\bin\Debug\ProxyClass.dll</AssemblyPath>
<TypeName vt="8">ProxyClass.Webservice.servicesService</TypeName>
<MethodName vt="8">PickupRequest</MethodName>
<UseHandlerSetting vt="11">-1</UseHandlerSetting>
</CustomProps>
</TransportTypeData>