Topic
  • 11 replies
  • Latest Post - ‏2013-06-14T21:56:34Z by smashyrahul
smashyrahul
smashyrahul
385 Posts

Pinned topic DataPower response shouldn't contain xml payload in case of http response other than 200

‏2013-06-11T11:01:04Z |

Hello Expert,

I have below requirement. Whenever datapower sends any http response other than 200, client doesn't want datapower to send the XML payload included in the response as they would not be able to make use of it. However, in case of http 200 response, they would expect the xml payload.

If I use the response type as XML, how would I make sure that in case of any http respose than 200, client doesn't receive xml payload?

Could anyone please help me in this?

 

Thanks,

Rahul

  • swlinn
    swlinn
    1347 Posts
    ACCEPTED ANSWER

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-14T16:37:02Z  

    Hi Steve,

    I have implemented the requirement successfully.

    I have simply configured two error rules one each for AAA failure and backend failure.I have removed both the on error actions that I had configured previously.

    Error rules.

    1) For AAA failure I have configured 'error-security' Error rule with having the match for 0x00d30003.

    2) For backend connectivity issue I have configured 'backend-error' error rule having the match for error code 0x01130006.

    So far it is working fine. Do you find any kind of issues in configuring the error rules in such a way?

    Please let me  know your views.

    Thanks,

    Rahul

     

    Your config works fine, and since your backend connectivity is configured after the error-security rule, then you could have easily specified a match of url * if you have no other error rule provided.  Otherwise its always a good practice to have a match all rule to catch any error that you've not caught in the above rules.  It will allow you to have some custom error (soap fault, etc) for otherwise uncaught errors.

    Regards,

    Steve

  • swlinn
    swlinn
    1347 Posts

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-11T12:15:12Z  

    In your service, set "Process backend errors" off.  DataPower will handle any non 200 error by calling your error rule.  In your error rule, have your result action specify a NULL context for the input context and OUTPUT as the output context.  It's interesting that your client does not want a SOAP fault telling themm exactly what the error was.

    Regards,

    Steve

  • smashyrahul
    smashyrahul
    385 Posts

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-11T14:11:02Z  
    • swlinn
    • ‏2013-06-11T12:15:12Z

    In your service, set "Process backend errors" off.  DataPower will handle any non 200 error by calling your error rule.  In your error rule, have your result action specify a NULL context for the input context and OUTPUT as the output context.  It's interesting that your client does not want a SOAP fault telling themm exactly what the error was.

    Regards,

    Steve

    Thanks Stephen,

    yes it sotunds like a strange requirement from client. Now after discussion with client we came to an below agreement.

    Datapower will send a 200 OK http restponse in any case and along with that, it will send a XML payload with logical error message.

    For example,

    In case of backend connection failure, datapower will convert the 500 http response to 200 and send the error message in xml such as " back end not available".

    I am new to datapower and trying to check how can i implement this. Any help from your side will be much appreciated.

    Cheers,

    Rahul

     

     

  • swlinn
    swlinn
    1347 Posts

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-11T14:23:31Z  

    Thanks Stephen,

    yes it sotunds like a strange requirement from client. Now after discussion with client we came to an below agreement.

    Datapower will send a 200 OK http restponse in any case and along with that, it will send a XML payload with logical error message.

    For example,

    In case of backend connection failure, datapower will convert the 500 http response to 200 and send the error message in xml such as " back end not available".

    I am new to datapower and trying to check how can i implement this. Any help from your side will be much appreciated.

    Cheers,

    Rahul

     

     

    You can have a transformation action in your error rule that would produce any XML response you wish.  I'm used to creating soap faults per the spec, but you can create any XML that your client wishes.  If you have "Process Backend Errors" disabled, then the non-200 errors will immediately drive your error rule processing.  There are plenty of discussions in this forum on how to do that, but unfortunately the search function isn't working so well to look at older entries :-(  Here's a cut/paste I have from our internal forum:

    To Get Backside Response Code:
    <!-- obtain response code received from 'backside/backend' call -->
    <!-- for HTTP(s): it is a concatentated variable, first 3 characters are code, rest is reason -->
    <xsl:variable name="backendRspCode" select="dp:http-response-header('x-dp-response-code')"/>
    <xsl:variable name="httpStatusCode" select="substring($backendRspCode,1,3)" />

    Set/Update Response Code In an Error Rule:
    <dp:set-variable name="'var://service/error-protocol-response'" value="'200'" />
    <dp:set-variable name="'var://service/error-protocol-reason-phrase'" value="'OK'" />

    Set/Update Response Code In a Response Rule:
    <dp:set-http-response-header name="'x-dp-response-code'" value="'200 OK'"/>

    You would get the backside response code in a response rule transformation if you have "Process Backend Errors" enabled, and you can also change it by setting the response code response header in a response rule transformation.  In the error processing, you need to set the service variables, so if you have "Process Backend Errors" disabled, that would be your approach.

    Regards,

    Steve

  • smashyrahul
    smashyrahul
    385 Posts

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-11T15:48:38Z  
    • swlinn
    • ‏2013-06-11T14:23:31Z

    You can have a transformation action in your error rule that would produce any XML response you wish.  I'm used to creating soap faults per the spec, but you can create any XML that your client wishes.  If you have "Process Backend Errors" disabled, then the non-200 errors will immediately drive your error rule processing.  There are plenty of discussions in this forum on how to do that, but unfortunately the search function isn't working so well to look at older entries :-(  Here's a cut/paste I have from our internal forum:

    To Get Backside Response Code:
    <!-- obtain response code received from 'backside/backend' call -->
    <!-- for HTTP(s): it is a concatentated variable, first 3 characters are code, rest is reason -->
    <xsl:variable name="backendRspCode" select="dp:http-response-header('x-dp-response-code')"/>
    <xsl:variable name="httpStatusCode" select="substring($backendRspCode,1,3)" />

    Set/Update Response Code In an Error Rule:
    <dp:set-variable name="'var://service/error-protocol-response'" value="'200'" />
    <dp:set-variable name="'var://service/error-protocol-reason-phrase'" value="'OK'" />

    Set/Update Response Code In a Response Rule:
    <dp:set-http-response-header name="'x-dp-response-code'" value="'200 OK'"/>

    You would get the backside response code in a response rule transformation if you have "Process Backend Errors" enabled, and you can also change it by setting the response code response header in a response rule transformation.  In the error processing, you need to set the service variables, so if you have "Process Backend Errors" disabled, that would be your approach.

    Regards,

    Steve

    Thanks Stephen,

    I will try one of these methods and will let you know how it goes.

    Thanks,

    Rahul

  • smashyrahul
    smashyrahul
    385 Posts

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-11T17:31:42Z  
    • swlinn
    • ‏2013-06-11T14:23:31Z

    You can have a transformation action in your error rule that would produce any XML response you wish.  I'm used to creating soap faults per the spec, but you can create any XML that your client wishes.  If you have "Process Backend Errors" disabled, then the non-200 errors will immediately drive your error rule processing.  There are plenty of discussions in this forum on how to do that, but unfortunately the search function isn't working so well to look at older entries :-(  Here's a cut/paste I have from our internal forum:

    To Get Backside Response Code:
    <!-- obtain response code received from 'backside/backend' call -->
    <!-- for HTTP(s): it is a concatentated variable, first 3 characters are code, rest is reason -->
    <xsl:variable name="backendRspCode" select="dp:http-response-header('x-dp-response-code')"/>
    <xsl:variable name="httpStatusCode" select="substring($backendRspCode,1,3)" />

    Set/Update Response Code In an Error Rule:
    <dp:set-variable name="'var://service/error-protocol-response'" value="'200'" />
    <dp:set-variable name="'var://service/error-protocol-reason-phrase'" value="'OK'" />

    Set/Update Response Code In a Response Rule:
    <dp:set-http-response-header name="'x-dp-response-code'" value="'200 OK'"/>

    You would get the backside response code in a response rule transformation if you have "Process Backend Errors" enabled, and you can also change it by setting the response code response header in a response rule transformation.  In the error processing, you need to set the service variables, so if you have "Process Backend Errors" disabled, that would be your approach.

    Regards,

    Steve

    Hello Stephen,

     

    Below is the structure of my request rule in an MPGW service.

    Match rule --> transform --> On error A (Which calls 'error-security' error rule) --> AAA --> On error B (which calls 'backend-falure' error rule) --> results

    My requirement:

    Whenever  there is a Aunthentication/Authorization failure in AAA policy. On error A action  should get called, which will invoke 'error-security'error rule.

    Whenever there is an issue with backend connection, On error B action should get called which would invoke ' 'backend-falure' error rule.


    But in my case, in both the cases 'backend-falure' error rule is getting invoked.

    I have placed both the error rule in below order:

    -backend-falure error rule.
    - error-security error rule.

    Could you please let me know, in what way I should implement the error rule such that my requiement will get satisfied.

  • swlinn
    swlinn
    1347 Posts

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-11T22:52:17Z  

    Hello Stephen,

     

    Below is the structure of my request rule in an MPGW service.

    Match rule --> transform --> On error A (Which calls 'error-security' error rule) --> AAA --> On error B (which calls 'backend-falure' error rule) --> results

    My requirement:

    Whenever  there is a Aunthentication/Authorization failure in AAA policy. On error A action  should get called, which will invoke 'error-security'error rule.

    Whenever there is an issue with backend connection, On error B action should get called which would invoke ' 'backend-falure' error rule.


    But in my case, in both the cases 'backend-falure' error rule is getting invoked.

    I have placed both the error rule in below order:

    -backend-falure error rule.
    - error-security error rule.

    Could you please let me know, in what way I should implement the error rule such that my requiement will get satisfied.

    So I'm not sure why you would have the on-error prior to the AAA.  If it fail, have your error-security rule defined as an error rule and have the match for that rule be the error code for the AAA failure (0x01d30002).  As for your backside errors, if you have the service config with "Process Backside Errors" disabled, then you'll also drive error processing for backside failures, and your second error rule for "backend-failure" would be an error rule with a match * url which would be processed in that case.  If you took this approach, have the security rule prior to the backside url as the most liberal match, in this case, match * url, should be last.

    Regards,

    Steve

  • smashyrahul
    smashyrahul
    385 Posts

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-12T13:26:40Z  
    • swlinn
    • ‏2013-06-11T22:52:17Z

    So I'm not sure why you would have the on-error prior to the AAA.  If it fail, have your error-security rule defined as an error rule and have the match for that rule be the error code for the AAA failure (0x01d30002).  As for your backside errors, if you have the service config with "Process Backside Errors" disabled, then you'll also drive error processing for backside failures, and your second error rule for "backend-failure" would be an error rule with a match * url which would be processed in that case.  If you took this approach, have the security rule prior to the backside url as the most liberal match, in this case, match * url, should be last.

    Regards,

    Steve

    Hello Steve,

    If I understood correctly, I can use the value of  'var://service/error-subcode' ( (0x01d30002) in a match action in 'error-security'  error rule, so that whenever there is a failure in AAA only the 'error-security' error rule will get called.

    Can I create the similar error rule for backside connection failure as well? Currently in my case 'Process Backside Error' is enabled.

    So that I will be having two error rules one is configured to match AAA errors (0x01d30002) and other would be configured for backend errors.

     

    Thanks,

    Rahul

     

  • smashyrahul
    smashyrahul
    385 Posts

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-12T13:37:03Z  

    Hello Steve,

    If I understood correctly, I can use the value of  'var://service/error-subcode' ( (0x01d30002) in a match action in 'error-security'  error rule, so that whenever there is a failure in AAA only the 'error-security' error rule will get called.

    Can I create the similar error rule for backside connection failure as well? Currently in my case 'Process Backside Error' is enabled.

    So that I will be having two error rules one is configured to match AAA errors (0x01d30002) and other would be configured for backend errors.

     

    Thanks,

    Rahul

     

    Correction, I should be using value of 'var://service/error-code'  variable i.e. 0x00d30003 for configuring match action for security_error rule.

    Rahul

  • smashyrahul
    smashyrahul
    385 Posts

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-12T17:07:18Z  
    • swlinn
    • ‏2013-06-11T22:52:17Z

    So I'm not sure why you would have the on-error prior to the AAA.  If it fail, have your error-security rule defined as an error rule and have the match for that rule be the error code for the AAA failure (0x01d30002).  As for your backside errors, if you have the service config with "Process Backside Errors" disabled, then you'll also drive error processing for backside failures, and your second error rule for "backend-failure" would be an error rule with a match * url which would be processed in that case.  If you took this approach, have the security rule prior to the backside url as the most liberal match, in this case, match * url, should be last.

    Regards,

    Steve

    Hi Steve,

    I have implemented the requirement successfully.

    I have simply configured two error rules one each for AAA failure and backend failure.I have removed both the on error actions that I had configured previously.

    Error rules.

    1) For AAA failure I have configured 'error-security' Error rule with having the match for 0x00d30003.

    2) For backend connectivity issue I have configured 'backend-error' error rule having the match for error code 0x01130006.

    So far it is working fine. Do you find any kind of issues in configuring the error rules in such a way?

    Please let me  know your views.

    Thanks,

    Rahul

     

  • swlinn
    swlinn
    1347 Posts

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-14T16:37:02Z  

    Hi Steve,

    I have implemented the requirement successfully.

    I have simply configured two error rules one each for AAA failure and backend failure.I have removed both the on error actions that I had configured previously.

    Error rules.

    1) For AAA failure I have configured 'error-security' Error rule with having the match for 0x00d30003.

    2) For backend connectivity issue I have configured 'backend-error' error rule having the match for error code 0x01130006.

    So far it is working fine. Do you find any kind of issues in configuring the error rules in such a way?

    Please let me  know your views.

    Thanks,

    Rahul

     

    Your config works fine, and since your backend connectivity is configured after the error-security rule, then you could have easily specified a match of url * if you have no other error rule provided.  Otherwise its always a good practice to have a match all rule to catch any error that you've not caught in the above rules.  It will allow you to have some custom error (soap fault, etc) for otherwise uncaught errors.

    Regards,

    Steve

  • smashyrahul
    smashyrahul
    385 Posts

    Re: DataPower response shouldn't contain xml payload in case of http response other than 200

    ‏2013-06-14T21:56:34Z  
    • swlinn
    • ‏2013-06-14T16:37:02Z

    Your config works fine, and since your backend connectivity is configured after the error-security rule, then you could have easily specified a match of url * if you have no other error rule provided.  Otherwise its always a good practice to have a match all rule to catch any error that you've not caught in the above rules.  It will allow you to have some custom error (soap fault, etc) for otherwise uncaught errors.

    Regards,

    Steve

    Hi Steve,

    I agree. Thank you very much for your help on this. It really helped me in implementing the mpgw the way I wanted it to be.

    It is really very encouraging for new starters like me who wish to build career on datapower.

    Thanks Again,

    Rahul