Inline file validation with URI

Inline file validation with URI can be customized to filter which files are validated.

Validation requests and returned responses

During the inline validation process, ascp automatically generates a JSON-based request. The call is made with the URL defined in aspera.conf. For example:

POST URL/validation/files HTTP/1.1
Content-type: application/json

The system then generates a JSON accepted or error response (OK or Bad Request). If a file validation fails, it terminates the session with an error message from the URI.

  • Sample JSON accepted response: The "file_encryption" field is only returned if server-side EAR is present.
    HTTP 200 OK
    {
        "id" : "1111-2222-333",
        "file_encryption" : {               
            "passphrase" : "supersecret"
        }
        "aspera_response_object_name" : {
            "startstop" : "start"
            "xfer_id" : "AAAA-BBBB",             
            .  .  .
            "file_csum" : "a1000abf882",
            "file_csum_type" : "sha2-256" 
        }
    }
  • Sample JSON error response:
    HTTP 400 Bad Request
    {  
      "error" : {
        "code" : "1022",
        "message" : "The file fails validation"
      }
    }

Custom code for including and excluding files

Administrators can include or exclude files by enabling allowlisting, or another method of their own design. You can do this by creating custom code in the programming language of your choice, using a web server that runs a REST service. (HSTS users have the option to use the web server associated with that installation).

The following is an example of custom code that creates a file blocklist, using a Java servlet deployed on an Apache web server. Note that this code uses the servlet name SimpleValidator, which was defined in web.xml above.
package aspera.validation;

import com.google.gson.Gson;
import com.google.gson.JsonObject;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.IOException;

@WebServlet(name = "SimpleValidator")
public class SimpleValidator extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        StringBuilder fileRequestJSON = new StringBuilder();
        BufferedReader reader = request.getReader();
        String line = "";
        Gson gson = new Gson();

        System.out.println("Got Validation request...");
        while (line != null) {
            line = reader.readLine();
            if (!(line == null)) {
                fileRequestJSON.append(line).append("\n");
            }
        }

        ValidationInput validationInput = gson.fromJson(fileRequestJSON.toString(), ValidationInput.class);

        System.out.println("FileData JSON: " + fileRequestJSON.toString());

        if (validationInput.file != null && validationInput.file.endsWith(".sh")
           || validationInput.file.endsWith(".exe")) {

            JsonObject innerObject = new JsonObject();
            innerObject.addProperty("message", "Cannot transfer executable file!!");
            innerObject.addProperty("code", 1);

            JsonObject jsonObject = new JsonObject();
            jsonObject.add("error", innerObject);

            response.getOutputStream().println(jsonObject.toString());

            response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        }
        else {

            JsonObject jsonObject = new JsonObject();
            jsonObject.addProperty("success", true);
            jsonObject.addProperty("data", "File is ok to transfer");
            jsonObject.addProperty("code", 1);
            response.getOutputStream().println(jsonObject.toString());

            response.setStatus(HttpServletResponse.SC_OK);
        }
        return;
    }
}