SET X-AUTH-TOKEN in WSO2 ESB - http-headers

We need to set the http header property X-Auth-Token in ESB before sending it to endpoint. The endpoint authenticates this token.
When we X-Auth-Token in header property it's not working.
Can you suggest the way to set the X-Auth-Token property in http header in WSO2

You use the following config to do this. Make sure the scope is set to transport.
<property name="X-Auth-Token" scope="transport" value="XXXXX" />

Related

How to pass Authorization Token to my backend service through WSO2 (API Manager) version 4.1.0?

I need to pass Authorization Token from API Manager (WSO2) to my Backend using policies like Header policy but it works for me only using cURL but not with UI.
curl -k -X 'GET'
'https://localhost:8243/test/1.0.0/support/get/55'
-H 'accept: /'
-H 'Authorization: Bearer gatewayToken
-H 'Authorization: Bearer BackendToken'
Screenshot of the result after adding Header policy
By default the authorization header is dropped from the API gateway after validating the request. So you can't send the same header here with multiple values. If you want to send a custom header in the UI, you can do this as follows.
In the API publisher click on the API and go to the API configuration section.
Click on the resource tab and select a HTTP method.
Under parameters, you can add a header. Then from the Swagger UI, you can set this header when trying out the request.
Using API policies in API Manager 4.1.0, you can add AddHeader policy and send any static headers to the backend services.
You should be able to achieve this with a custom Operation Policy and adding that to the inflow of the API.
<sequence xmlns="http://ws.apache.org/ns/synapse" name="TokenExchange">
<property name="Custom" expression="get-property('transport', 'Custom')"/>
<property name="Authorization" expression="get-property('Custom')" scope="transport"/>
<property name="Custom" scope="transport" action="remove"/>
</sequence>
Here, you have to send the backend token with a different header value (Custom) and gateway will automatically forward it to the backend under the Authorization header.
You can refer [1] to get an idea about this flow. Since the mediation sequences are replaced with Operation policies in APIM 4.1.0, you will have to refer the doc [1] and create and apply the Operation policy accordingly.
[1] - https://apim.docs.wso2.com/en/4.0.0/deploy-and-publish/deploy-on-gateway/api-gateway/message-mediation/passing-a-custom-authorization-token-to-the-backend/#passing-a-custom-authorization-token-to-the-backend

Mule HTTPS request with Basic authentication

I am trying to make an HTTPS request in Mule with Basic Authentication. For some reason I only have NTML and None as options in the HTTP connector.
So I tried adding the basic-authentication element to my request-config:
<http:request-config name="Req_My" protocol="HTTPS" host="${my.host}" port="${my.port}" doc:name="HTTP Request Configuration">
<http:basic-authentication username="${my.user}" password="${my.password}" preemptive="true" />
</http:request-config>
But no Authorization header is set in the debug output.
I could always do a set Property (if I find out how to do a Mel Base64 encode) but according to the documentation the Basic authentication is standard functionality

WSO2 ESB 4.8.1 remove charset=UTF-8 from request

In WSO2 ESB 4.8.1, I recived a request at Proxy Service with following header:
Content-Type: text/xml;charset=UTF-8
When ESB sends the request to endpoint charset field has been removed.
How can I avoid that ESB removes that field?
I have to put next statements before send mediador:
<property name="messageType" value="text/xml;charset=UTF-8" scope="axis2"/>

WSO2 Proxy Service URL not working with SOAPUI

We have CXF based SOAP web services and we are hitting these services from SOAP UI with no problem. With one of these services, I setup a ProxyService on barebone WSO2 ESB 4.6.0. The proxy service seems to be working with the "Try It" option from the admin console. When I try to access it from SOAPUI, the WSO2 ESB starts complaining that
"The endpoint reference (EPR) for the Operation not found is /services/HelloWorldProxyService and the WSA Action = . If this EPR was previously reachable, please contact the server administrator."
Now, when I change the endpoint URL in SOAPUI as http:// hostname:8280/services/service-name.port-name/operation-name things start to work.
Does anyone know how to fix this issue? Are there configuration options on the WSO2 ESB which will let us use traditional SOAPUI with WSO2 ESB?
You can point the proxy service url(you can view this, via service dashboard of the particular proxy) in soapui and for the "action", in the insequence of the proxy define a property call;
. header name="Action" value="soap action"
Here is the guide on vailable properties
http://wso2.org/project/esb/java/3.0.0/docs/properties_guide.html
I have the same problem if I put operation1 at the end of WS URI (http://somedomain.com/WebServiceProxyName/operation1), but post a SOAP message body with constructs for another operation(operation2,3,4,5...) it works!!!
Sample
POST http://somedomain.com/..../operation1 HTTP/1.1
....
....
<soap:Envelope ...>
<soap:Header/>
<soap:Body>
<ws:operation2>
</ws:operation2>
</soap:Body>
</soap:Envelope>
Try to change the (original) WSDL and put the soapAction there:
You can define it as an attribute of the http://schemas.xmlsoap.org/wsdl/soap/:operation element in the binding section, e.g.
<wsdl:binding name="healthcheck-1.0.0SOAP" type="tns:HealthCheck100PortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="doHealthCheck">
<soap:operation soapAction="http://www.xyz.ch/healthcheck-1.0.0/doHealthCheck"/>

Access-Control Origin HTTP header on WSO2 ESB Out

How do I set custom HTTP headers on an ESB proxy service Out Sequence? I'm trying to set "Access-Control-Allow-Origin" to allow my javascript/html front-end page to be able to GET the XML that is provided by this service. I also need to add a Cache-Control.
If there is a way to do this directly on my WSO2 Data Services Server (DSS), that would be preferable as it would avoid adding an ESB server to my process. According to this forum post from about a year ago, it's not possible: http://wso2.org/forum/thread/13991
I've tried it several ways, but looking at fiddler, the header is unchanged:
HTTP/1.1 200 OK
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 637
Date: Wed, 28 Mar 2012 20:58:31 GMT
Server: WSO2 Carbon Server
I'm somewhat new with WSO2 servers (more of a front-end dev), so the answer could be right in front of me.
You can do this by adding a Property mediator to the out-sequence. Once you set the property with the transport scope there, it will be added to the transport header of the out going message from the ESB.
This property mediator worked for me:
<property name="Access-Control-Allow-Origin" value="*" scope="transport" type="STRING"></property>
It allows access from any origin.
-Kari