synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruwan Yatawara <ruw...@wso2.com>
Subject Re: Introducing transport level (HTTPs etc.) access restriction to APIs
Date Thu, 25 Jul 2013 09:55:35 GMT
On Tue, Jul 2, 2013 at 9:46 AM, Udayanga Wickramasinghe <
mastershield2007@gmail.com> wrote:

> converting


Thanks for the response Udayanga! I was indeed able to handle this without
meddling with the axis2 code.

This is how i did it.

1) Introduced a new transports property to api configuration xml (If a
transport is not listed in the api, it will be assumed, the API is
accessible via both HTTP and HTTPs)
2) Introduced a validation in the canProcess method to see if the transport
with which the api is accessed is listed in the transports section of said
api.
3) If its a restricted transport and canProcess returns false, a warning
will be listed on console and a property will be set in the synapse context
to indicate transport was rejected.
4) Message will be directed to main sequence as usual, the user may include
a filter mediator in the main sequence to display a custom error message
using the variables added to synapse/axis2 context. Pls. refer below
example.

E.g.

<!-- Filter for handling Rest-API access via unauthorized transports  -->
        <filter source="$ctx:TRANSPORT_DENIED" regex="true">
            <payloadFactory>
                <format>
                    <fault>
                        <code>403</code>
                        <type>Status report</type>
                        <message>Forbidden</message>
                        <description>Unsupported Transport $2. The
requested resource (/$1) is not available.</description>
                    </fault>
                </format>
                <args>
                    <arg expression="$axis2:REST_URL_POSTFIX"/>
                    <arg expression="$ctx:IN_TRANSPORT"/>
                </args>
            </payloadFactory>
            <property name="HTTP_SC" value="403" scope="axis2"/>
            <property name="RESPONSE" value="true"/>
            <header name="To" action="remove"/>
            <property name="NO_ENTITY_BODY" scope="axis2" action="remove"/>
            <property name="ContentType" scope="axis2" action="remove"/>
            <property name="Authorization" scope="transport"
action="remove"/>
            <property name="Host" scope="transport" action="remove"/>
            <property name="Accept" scope="transport" action="remove"/>
            <send/>
        </filter>


Thanks,

Ruwan Yatawara

Mime
View raw message