Topic
  • 5 replies
  • Latest Post - ‏2013-06-20T02:47:40Z by swlinn
isc-hoa
isc-hoa
11 Posts

Pinned topic Using a "Results Asynchronous" Action with User-Authentication

‏2013-06-18T06:30:09Z |

Hi all

I'm having a question about using a "Resuts Asyncronous" - action in a response-rule and propagating user-credentials.

This is my environment:

  • I have a XML-FW for my busines-service called "ServiceA"
  • The XML-FW-Policy has a client-to-server-rule and a server-to-client-rule where I'm doing xsd-validation and logging
  • the business-service "ServiceA" needs user-authentication. Therefore, the user-credentials are in the HTTP-Basic-Auth-Header of the request to "ServiceA"
  • Until here, everything works fine...

Now, I would like to add the following behaviour to my policy:

  • In our company, we have a central statistics-service for "meta-information" about requests (user, duration, result, ...)
  • In the response-rule of my xml-fw-policy I want to add a "Resuts Asyncronous" - action for a call-out the the statistics-service
  • This has to be an asyncronous call ("fire&forget"), because problems with the statistics-service should not influence the business-service
  • My statistics-service also needs user-authentication, so I have to propagate the HTTP-Basic-Auth-Header from the request-to "ServiceA" to my call-out

Now my problem:

  • The HTTP-Headers of the request are not propagated to the "Results Asynchronous" - action by default. Maybe that is the way it should be, because I'm in the response rule, where the Basic-Auth-Header is not set.

And finaly my question:

How could I tweak the HTTP-Headers of a "Result Asynchronous" - action? Especially in a response rule?

Thanks for your help!

Regards

André

Updated on 2013-06-18T06:32:12Z at 2013-06-18T06:32:12Z by isc-hoa
  • swlinn
    swlinn
    1395 Posts

    Re: Using a "Results Asynchronous" Action with User-Authentication

    ‏2013-06-18T11:01:34Z  

    Hi Andre,

    In your response rule, you'll need a transformation that creates the content that you send to your statistics service via the result async.  That transformation will output the content to an output context that the result async consumes as the input context.  In the transformation, you must set headers that are sent that are specific to the context.  Headers from your previous request or on your response are not sent here, they are used by the OUTPUT context.  To set these context specific headers use:

    var://local/_extension/header/
    Appends the specified header field to the protocol connection. Variables of
    the following form can be set to append headers to the dp:url-open()
    extension function or results action or fetch action connection when a
    context that contains them is used as the input context:

    so in your case:

    <dp:set-variable name="'var://local/_extension/header/Authorization'" value="$base64AuthData" />

    Regards,
    Steve

  • isc-hoa
    isc-hoa
    11 Posts

    Re: Using a "Results Asynchronous" Action with User-Authentication

    ‏2013-06-19T05:57:52Z  
    • swlinn
    • ‏2013-06-18T11:01:34Z

    Hi Andre,

    In your response rule, you'll need a transformation that creates the content that you send to your statistics service via the result async.  That transformation will output the content to an output context that the result async consumes as the input context.  In the transformation, you must set headers that are sent that are specific to the context.  Headers from your previous request or on your response are not sent here, they are used by the OUTPUT context.  To set these context specific headers use:

    var://local/_extension/header/
    Appends the specified header field to the protocol connection. Variables of
    the following form can be set to append headers to the dp:url-open()
    extension function or results action or fetch action connection when a
    context that contains them is used as the input context:

    so in your case:

    <dp:set-variable name="'var://local/_extension/header/Authorization'" value="$base64AuthData" />

    Regards,
    Steve

    Hi Steve

    Setting the extension-variable works like a charm.

    Thank you very much for your help!

    Regards

    André

  • isc-hoa
    isc-hoa
    11 Posts

    Re: Using a "Results Asynchronous" Action with User-Authentication

    ‏2013-06-19T14:23:25Z  
    • isc-hoa
    • ‏2013-06-19T05:57:52Z

    Hi Steve

    Setting the extension-variable works like a charm.

    Thank you very much for your help!

    Regards

    André

    Hi Steve

    My "Result Asynchronous" - call-out is now working fine over http.

    Now I'm trying to switch to https, asuming that the call-out will use the same SSL-Proxy-Profie defined in the configuration of the xml-fw and used for my business-service.

    Unfortunately, it looks like that this SSL-Proxy-Profile is not used. I'm getting the following error-message in the log-file:

    
    xmlfirewall (my-test-firewall): 
    SSL connection to 'https://esb.mycompany.vom:1234/myapp/services/service_v1' failed, unable to get SSL Proxy Profile ''
    

    Is there also a variable to set the SSL Proxy Profile?

    Thanks for your help

    Regards

    André

     

  • isc-hoa
    isc-hoa
    11 Posts

    Re: Using a "Results Asynchronous" Action with User-Authentication

    ‏2013-06-19T14:37:27Z  
    • isc-hoa
    • ‏2013-06-19T14:23:25Z

    Hi Steve

    My "Result Asynchronous" - call-out is now working fine over http.

    Now I'm trying to switch to https, asuming that the call-out will use the same SSL-Proxy-Profie defined in the configuration of the xml-fw and used for my business-service.

    Unfortunately, it looks like that this SSL-Proxy-Profile is not used. I'm getting the following error-message in the log-file:

    <pre dir="ltr"> xmlfirewall (my-test-firewall): SSL connection to 'https://esb.mycompany.vom:1234/myapp/services/service_v1' failed, unable to get SSL Proxy Profile '' </pre>

    Is there also a variable to set the SSL Proxy Profile?

    Thanks for your help

    Regards

    André

     

    Just found the solution:

    If the results-async action is using https://* backend URLs, the SSL Proxy Profile Policy tab in the user agent of corresponding XML manager may be used.

  • swlinn
    swlinn
    1395 Posts

    Re: Using a "Results Asynchronous" Action with User-Authentication

    ‏2013-06-20T02:47:40Z  
    • isc-hoa
    • ‏2013-06-19T14:37:27Z

    Just found the solution:

    If the results-async action is using https://* backend URLs, the SSL Proxy Profile Policy tab in the user agent of corresponding XML manager may be used.

    Hi Andre,

    Glad you found the answer.  The user agent SSL Proxy Profile Policy tab allows you to set the policy by a url match. You can also create one that will server as a default for the service.

    Regards,
    Steve