We Keep Coding

WSO2 Sequence: capture headers of incoming request

I am writing a mediation sequence for APIM v 2.6. The point is to extract Authorization headers for further processing. Based on this documentation, I thought of the following:
<?xml version="1.0" encoding="UTF-8"?>
<sequence name="ExtractAuthorization2EndPoint" trace="disable" xmlns="http://ws.apache.org/ns/synapse">
<property expression="get-property('axis2', 'TRANSPORT_HEADERS')" name="basic_auth" scope="axis2"/>
<log level="full">
<property expression="get-property('basic_auth')" name="captured_headers"/>
</log>
</sequence>
Problem
Reading the logs, I get captured_headers = null
TID: [-1234] [] [2020-01-09 13:46:44,178] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /somewhere, MessageID: urn:uuid:e9fc50db-5a7b-41d1-9613-80b215633bcd, Direction: request, captured_headers = null, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"><soapenv:Body/></soapenv:Envelope> {org.apache.synapse.mediators.builtin.LogMediator}
How can I capture the headers (more specifically, the Authorization) of the incoming request?
Various other attempts
get-property('transport','Authorization')
$trp:Authorization

Authorization Header is used in API Manager for internal authorization purposes only, and that header is normally removed from the outgoing request(from APIM gw to backend) before it is sent to backend. This happens at APIAuthenticationHandler level. And the custom in sequence you attached to API will be executed after the APIAuthenticationHandler. You may refer the message flow diagram in [1] for a better understanding.
Now let's see how this APIAuthenticationHandler is applied by default on the API's synapse file. (You may find this at /repository/deployments/server/synapse-configs/api folder)
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler">
<property name="RemoveOAuthHeadersFromOutMessage" value="true"/>
<property name="APILevelPolicy" value=""/>
<property name="APISecurity" value="oauth2"/>
</handler>
You can modify the above handler as below and enforce to keep the Oauth header in the outgoing message.
<property name="RemoveOAuthHeadersFromOutMessage" value="false"/>
After modifying the API's synapse you may see a log like below in the console.
INFO - APIDeployer API: admin--PizzaShackAPI:v1.0.0 has been updated from the file: /wso2am-2.6.0/repository/deployment/server/synapse-configs/default/api/admin--PizzaShackAPI_v1.0.0.xml
Now, try invoking the API. You should be able to log the Authorization header.
[1]. https://docs.wso2.com/display/AM210/Message+Flow+in+the+API+Manager+Gateway

About messageType and JIRA connector

I have two proxy services for testing purpose that connects with JIRA using JIRA Connector. First one, accepting "application/json" payload:
<proxy name="PruebaJIRA_01" startOnLoad="true" trace="disable" transports="https http">
<description/>
<target>
<inSequence>
<log level="full"/>
<jira.init>
<username>xxxxxx</username>
<password>xxxxxx</password>
<uri>http://gea-jira.its.ute.com/jiragea</uri>
</jira.init>
<property expression="json-eval($.consulta)" name="query"/>
<jira.searchJira>
<query>{$ctx:query}</query>
</jira.searchJira>
<log level="full"/>
<respond/>
</inSequence>
</target>
</proxy>
The second one, accepting "text/xml" payload:
<proxy name="PruebaJIRA_02" startOnLoad="true" trace="disable" transports="https http">
<description/>
<target>
<inSequence>
<property name="messageType" scope="axis2" value="application/json"/>
<log level="full"/>
<jira.init>
<username>xxxxxx</username>
<password>xxxxxx</password>
<uri>http://gea-jira.its.ute.com/jiragea</uri>
</jira.init>
<property expression="//root/consulta" name="query"/>
<jira.searchJira>
<query>{$ctx:query}</query>
</jira.searchJira>
<log level="full"/>
<respond/>
</inSequence>
</target>
</proxy>
It seems that JIRA connector only accept JSON incoming data, so in the second one I have a "messageType" conversion at the top of the sequence.
Both services run OK, but the question is: Why is the second proxy working if I am using an xpath expression?
I am using wso2 ESB 4.9.0.
Thanks in advance.

ESB receives disparate message formats from different clients and systems, because of this ESB required a canonical message format inside the ESB to do all the message mediation tasks. Because of this the message builder used to convert the incoming messages into a canonical format. The canonical format using inside the ESB is SOAP. So surely your XPATH expression works with the soap message.
MessageType property used to select correct message formatter and the message formatter is used to build the outgoing stream from the proxy.
More Info - demystifying-wso2-esb-pass-through-transport /
Working with Message Builders and Formatters

How to call a secure proxy service via simple proxy service in WSO2 ESB

I have made a secure proxy service in WSO2 ESB. I followed this tutorial.
Now i want to call this service by using another proxy service. But when i send request from SoapUI to simple proxy service, i encountered an error. What i am unable to figure out is that how to pass security configurations to the proxy service.
Note: I am using WSO2 ESB 4.8.1.
Secure Proxy Service Code:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="EchoProxy2"
transports="https,http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<log level="full" separator="InSequence Log"/>
</inSequence>
<outSequence>
<log level="full" separator="Out Sequence Called"/>
<send/>
</outSequence>
<endpoint>
<address uri="http://wi1-Inspiron-3521:8280/services/echo"/>
</endpoint>
</target>
<parameter name="disableREST">true</parameter>
<parameter name="ScenarioID">scenario2</parameter>
<enableSec/>
<policy key="conf:/repository/axis2/service-groups/EchoProxy2/services/EchoProxy2/policies/SigOnly"/>
<description/>
</proxy>
Simple Proxy Service Code:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="CallEchoProxy"
transports="https,http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<log level="full" separator="*Calling Proxy In Sequence"/>
</inSequence>
<outSequence>
<log level="full"
separator="Calling Proxy Out Sequence"/>
</outSequence>
<endpoint>
<address uri="http://wi1-Inspiron-3521:8280/services/EchoProxy2"/>
</endpoint>
</target>
<description/>
</proxy>
Error in Logs:
[2015-02-19 11:22:48,718] ERROR - ServerWorker Error processing POST request for : /services/EchoProxy2
org.apache.axis2.AxisFault: Missing wsse:Security header in request
at org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:180)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:411)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:183)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: org.apache.rampart.RampartException: Missing wsse:Security header in request
at org.apache.rampart.RampartEngine.process(RampartEngine.java:146)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
... 10 more
Problem:
I am unable to understand that how to pass security configurations to my simple proxy Service.So that it can communicate with the Secure Service and get back the response.

You have a secured proxy and also you have un-secured proxy. When you sent message to un-secured proxy, it must call the secured proxy. So, your un-secured proxy must call the secured end point. Here, secured end point is your secured-proxy. To call a secured end point, you must attached a WS-Security policy in to the end point configuration. You refer this blog which explains how to call an secured end point. If you follow the steps correctly, i guess you can resolve this issue.

WSO2 ESB - Proxies do not work when Soap Tracing is turned off

I have downloaded and I am trying out the WSO2 ESB and setting up proxies for WCF services with wsHttpBindings. When I have Soap Tracing enabled everything works fine - when I turn it off I get a 500 internal server error every time. I am completely stuck with this and can't understand why this would be.
I have tried setting up both pass through proxies and WCF based proxies and I always have the exact same issue - with Soap Tracing enabled everything looks great and works perfectly. If I turn it off and otherwise don't touch anything I get a 500 error:
System.ServiceModel.ProtocolException: An HTTP Content-Type header is required for SOAP messaging and none was found. ---> System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
I have tried it with a basicHttpBinding and it seems to work fine with Soap Tracing on or off. The problem seems to just be with wsHttpBindings.
Here is the full source for the proxy:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="ContactService"
transports="http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
<wsdl service="ContactService"
port="ContactService_WsHttp"
uri="http://localhost/Actions/ContactService.svc?singleWsdl"/>
</endpoint>
</target>
<publishWSDL uri="http://localhost/Actions/ContactService.svc?singleWsdl"/>
<description/>
</proxy>

can you please try with in the inSequence of the proxy that your are using?
thank you,
1G

I am having the same issue, here is the proxy that is having issues:
<proxy name="cx.partner.usps.RateV4"
transports="https http"
startOnLoad="true"
trace="disable">
<description/>
<target>
<inSequence>
<property name="CONTENT_TYPE"
value="application/xml"
scope="axis2-client"
type="STRING"/>
<property name="FORCE_HTTP_1.0" value="true" scope="axis2"/>
<log level="full"/>
<send>
<endpoint key="partner.usps.prd.endpoint"/>
</send>
</inSequence>
<outSequence>
<class name="cx.wso2.mediators.addNamespace">
<property name="soapPartName" value=""/>
<property name="nsToAdd" value="http://xmlns.usps.com"/>
</class>
<send/>
</outSequence>
</target>
<publishWSDL key="conf:/esb-resources/wsdl/usps/RateV4.wsdl">
<resource location="RateV4.xsd" key="conf:/esb-resources/schema/usps/RateV4.xsd"/>
</publishWSDL>
This was working without tracing on 3.x, but after migrating to 4.7 I have to enable the SOAP tracer.

Try this, it worked for us:
<parameter name="enforceWSAddressing">true</parameter>

Why do I get transport error in WSO2 ESB if I remove the filter?

I have the following proxy:
<proxy name="expedientes" transports="https http" startOnLoad="true" trace="enable" statistics="enable">
<target inSequence="main" outSequence="main" faultSequence="main">
<endpoint>
<address uri="https://someweb/somepath/"/>
<property name="Authorization" expression="fn:concat('Basic ', base64Encode('user:password'))" scope="transport"/>
</endpoint>
</target>
</proxy>
with the this default main sequence:
<sequence name="main">
<in>
<log level="full"/>
<filter source="get-property('To')" regex="http://localhost:9000.*">
<send/>
</filter>
</in>
<out>
<send/>
</out>
</sequence>
When I remove the filter and leave it as:
<sequence name="main">
<in>
<log level="full"/>
<send/>
</in>
<out>
<send/>
</out>
</sequence>
I get the following error "Unexpected error during sending message out: org.apache.axis2.AxisFault: The system cannot infer the transport information from the /services/expedientes/indice.xml":
TID: [] [WSO2 ESB] [2013-02-15 12:42:05,531] ERROR
{org.apache.synapse.core.axis2.Axis2Sender} - Unexpected error during sending message out
{org.apache.synapse.core.axis2.Axis2Sender}org.apache.axis2.AxisFault: The system cannot infer the transport information from the /services/expedientes/indice.xml URL. at
...
The out message should (obviously) use the same transport to answer the request (HTTP GET). But what has this to do with "filter"?

Basically in the segment of configuration above (the one with filter mediator) it checks the "TO" header property of your message weather it is equals to "http://localhost:9000.*" or not.
If that condition fired, it simply send your message to the destination. Else the message send inside the "out" mediator.
When you remove the expression what happened is, it trying to send the all messages which are coming inside "in" mediator without knowing weather there is a "To" property or not.
In your case the incoming messages aren't containing a valid "To" property.
The default mediator inside main sequence to send message out is the "out" mediator. The "in" mediator doesn't know the message is expected to send as a response otherwise you did not say it is a resonance message explicitly.You can do it by using configuration like this
<header action="remove" name="To"/>
<property action="set" name="RESPONSE" scope="default" type="STRING" value="true"/>
But It strongly depend on your usecase though
I suggest you to go through some references regarding message mediation with WSO2 ESB.
Following are good references which I found hope you can find more
Configuring the ESB to Perform Message Mediation
Message Mediation
Thanks,