I'm using IBM Worklight Studio V6.2.0.0 and I would like to use Worklight SMS Notification messages with Skebby SMS Broker. I configured the SMSConfig.xml file as well for the Broker according to Worklight documentation and Skebby documentation API :
<sms:config xmlns:sms="http://www.worklight.com/sms/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<gateway id="skebby" hostname="gateway.skebby.it" port="80"
programName="api/send/smseasy/advanced/http.php" toParamName="recipients[]" textParamName="text">
<parameter encode="true" name="method" value="send_sms_classic"/>
<parameter encode="true" name="username" value="foo"/>
<parameter encode="true" name="password" value="foo"/>
<parameter encode="true" name="sender_string" value="Foo"/>
</gateway>
</sms:config>
From WebSphere Console output, I don't see any error but analyzing HTTP traffic, I see an error since the request is made by HTTP GET and this method but only POST is allowed.
How can I "force" HTTP POST instead of GET?
Then I tried to use HTTPS using port 443 with no luck getting a ClientProtocolException, is it possible to use HTTPS?
Then I've figured out that the value recipients[] of the toParamName key is urlencoded recipients%5B%5D=, how to avoid also this?
Thanks
Currently, the SMS support in Worklight supports only HTTP and only GET calls.
You can submit a feature request to be evaluated by Worklight product designers for future releases.
See here: http://www.ibm.com/developerworks/rfe/
Related
I'm testing the beta release of wso2 esb 5.0.0 which has an interesting feature for me, websockets.
I declare de inbound endpoint,like the documentation define (https://docs.wso2.com/display/ESB500/WebSocket+Inbound+Protocol) but i am only be capable of receive empty messages from my client (the connection is done) and i can not be capable to send any message to my cliente.
Have any one try this feature?
Thanks.
PD: this is my ws inbound enpoint
<inboundEndpoint name="testws" onError="errorsq" protocol="ws"
sequence="testwssq" suspend="false">
<parameters>
<parameter name="inbound.ws.port">9091</parameter>
<parameter name="ws.outflow.dispatch.sequence">testbesq</parameter>
<parameter name="ws.outflow.dispatch.fault.sequence">errorsq</parameter>
<parameter name="ws.client.side.broadcast.level">1</parameter>
</parameters>
</inboundEndpoint>
and these are my sequences
<sequence name="testbesq">
<log level="full"/>
</sequence>
<sequence name="testwssq">
<log level="full"/>
<log level="custom">
<property name="request" value="message receive"/>
</log>
</sequence>
Unlike HTTP, which is an application-level protocol, in the WebSocket protocol there is no enough information in an incoming message to process these messages, these messages are either text or binary low-level frames. Because of this, we had to define some custom subprotocol over WebSocket. This will allow both client and server parties to know the content type of frames they communicate.
By default every Inbound endpoint support following Synapse subprotocols.
synapse(contentType='application/json')
synapse(contentType='application/xml')
synapse(contentType='text/xml')
I used Netty WebSocket client and below command to test this. And once client connected(handshake), I put message <Test>message</Test> and I could see the backend response on websocket client side.
java -DsubProtocol="synapse(contentType='application/xml')" -DclientPort=9091 -cp netty-example-4.0.30.Final.jar:lib/*:. io.netty.example.http.websocketx.client.WebSocketClient
I have a Mule application which needs to talk an external server over HTTPS using 2 way SSL authentication.
My question is: How to enable Server Certificate verification in Mule ? It seems, by default Mule doesn't verify Server's Cert. I am using Mule v 3.3.0.
For example: '-k' option in curl disables server's cert verification.
In similar way, is there any configuration parameter by which I can enable/disable Server's cert verification ?
Thanks
Jai
For Mule versions before 3.6, the HTTP transport supports configuration of the trust store used by the HTTP outbound endpoint to determine whether the certificate presented by an HTTPS server should be trusted.
To provide a key store that contains the certificates of servers you need to trust, provide the <https:tls-server /> to the <https:connector />, and reference that connector in your <https:outbound-endpoint />:
<https:connector name="myHttpsConnector">
<https:tls-server path="truststore.jks" storePassword="supersecure" />
</https:connector>
<flow name="someFlow">
<https:outbound-endpoint host="remote-host" port="443" path="/api" connector-ref="myHttpsConnector" />
</flow>
The blog post linked in clare's answer explains this a bit, from both the server side and the client side. You can also refer to the HTTPS Transport Reference, although it doesn't explain the use of tls-server vs. tls-client.
You can check out this blogpost. It will show you how you can configure mutual authentication in Mule. HTH.
You can configure the HTTP Request connector in Mule >= 3.6.0 to use a trust store you create that contains the certificate(s) of the server(s) you need to trust using TLS Configuration.
It might look something like this:
<tls:context name="tlsContextForServiceFoo">
<tls:trust-store path="serviceFooServerCertificates.jks" password="supersecure"/>
<tls:key-store path="myClientCertificates.jks" keyPassword="extrasecure" password="ultrasecure"/>
</tls:context>
<http:request-config name="twoWayAuthServiceFooConfig"
protocol="HTTPS"
host="services.pentagon.gov"
port="443"
tlsContext-ref="tlsContextForServiceFoo" />
<flow name="useServiceFoo">
<http:request config-ref="twoWayAuthServiceFooConfig" path="/api/doStuff" method="POST" />
</flow>
We have an HTTP adapter with a couple of secure procedures declared as follows:
<wl:adapter name="PushAdapter" ...
.
.
<procedure name="submitNotification" securityTest="AdapterSecurityTest"/>
<procedure name="submitNotificationMass" securityTest="AdapterSecurityTest"/>
Security test is performed using adapter based authentication as below:
<securityTests>
<mobileSecurityTest name="AdapterSecurityTest">
<testUser realm="MyRealm"/>
<testDeviceId provisioningType="none"/>
</mobileSecurityTest>
</securityTests>
<realms>
<realm name="MyRealm" loginModule="NonValidatingLoginModule">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function">AuthenticationAdapter.onAuthRequired</parameter>
<parameter name="logout-function">AuthenticationAdapter.onLogout</parameter>
</realm>
</realms>
We need to be able to invoke the adapter procedures in HTTP using the adapter invocation service. Using the invocation service, the invocation URL should be as below:
http://<server>:<port>/<Context>/invoke?adapter=PushAdapter&procedure=submitNotification¶meters=[userId, notification text to be sent]
The invocation works as expected when the procedure security test is set to 'wl_unprotected'. But if the security test is used, the invocation returns the below response:
/*-secure-{"WL-Authentication-Failure":{"wl_remoteDisableRealm":{"reason":"Login Failed"}}}*/
The question is, how can we authenticate using the invocation service? We tried setting the authorization HTTP header with now luck.
Thank you
I have followed the procedure's to implement with the help Adapter based Authentication from Worklight 6.2 Samples.
Step 1:
Add the following value's in header, based your environment actuals
x-wl-app-details:{"applicationDetails":{"platformVersion":"6.2.0.00.20140613-0730","nativeVersion":""}}
x-wl-app-version:1.0
Request: http://x.x.x.x:10080/AdapterBasedAuth/apps/services/api/SingleStepAuth/common/init
Response:
/*-secure- {"challenges":{"wl_antiXSRFRealm":{"WL-Instance-Id":"gi1cqaqd3p89763l1amoklsq3u"}}}*/
Step 2:
Add the WL-Instance-Id: gi1cqaqd3p89763l1amoklsq3u in the header which was the part of previous response
Request:
http://xx.xx.xx.xx:10080/AdapterBasedAuth/apps/services/api/SingleStepAuth/common/query?adapter=SingleStepAuthAdapter&procedure=submitAuthentication¶meters=['worklight','worklight']
Response:
/*-secure-
{"isSuccessful":true,"WL-Authentication-Success":{"SingleStepAuthRealm":{"userId":"worklight","isUserAuthenticated":1,"attributes":{"foo":"bar"},"displayName":"worklight"},"wl_antiXSRFRealm":{"userId":"j136h3aus2v1vlbjr860mmossc","attributes":{},"isUserAuthenticated":1,"displayName":"j136h3aus2v1vlbjr860mmossc"},"wl_anonymousUserRealm":{"userId":"747809a4-3574-4958-a55a-f084b2c9f02c","attributes":{},"isUserAuthenticated":1,"displayName":"747809a4-3574-4958-a55a-f084b2c9f02c"}},"authRequired":false}*/
Step 3:
Add Authorization header and the value from previous response
"SingleStepAuthRealm":{"userId":"worklight","isUserAuthenticated":1,"attributes":{"foo":"bar"},"displayName":"worklight"}
Request: http://xx.xx.xx.xx:10080/AdapterBasedAuth/apps/services/api/SingleStepAuth/common/query?adapter=SingleStepAuthAdapter&procedure=getSecretData
Response:
/*-secure-
{"isSuccessful":true,"secretData":"A very very very very secret data"}*/
To know more about this process follow this IBM Community Blog.
I believe this what you are looking for.
Is it possible to enable HTTPS protocol for an API on the WSO2 ESB?
https://localhost:8280/api/mySslApi
You can simply call the HTTPS endpoint of the API and it's enabled by default. Note that HTTPS port is 8243 not 8280.
https://localhost:8243/api/mySslApi
By default it is already enabled that way, if you follow axi2.xml config ,you will find below details,
1.for Http
<transportReceiver name="http" class="org.apache.synapse.transport.passthru.PassThroughHttpListener">
<parameter name="port" locked="false">8280</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<!--parameter name="bind-address" locked="false">hostname or IP address</parameter-->
<!--parameter name="WSDLEPRPrefix" locked="false">https://apachehost:port/somepath</parameter-->
<parameter name="httpGetProcessor" locked="false">org.wso2.carbon.mediation.transport.handlers.PassThroughNHttpGetProcessor</parameter>
<!--<parameter name="priorityConfigFile" locked="false">location of priority configuration file</parameter>-->
</transportReceiver>
2.for Https
<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">
<parameter name="port" locked="false">8243</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<parameter name="HttpsProtocols">TLSv1,TLSv1.1,TLSv1.2</parameter>
Yes, In WSO2 ESB, when we want to secure a REST API, we can simply make it available via HTTPS like bellow.
<resource uri-template="/view/{symbol}" methods="GET" protocol="https">
And let the security handlers validate the credentials.
<handlers>
<handler class="org.wso2.rest.BasicAuthHandler"/>
</handlers>
For detail information : https://docs.wso2.com/display/ESB490/Securing+APIs
We currently support BasicAuth/usernametoken secured endpoints via the publisher..You may need to edit the axis2.xml for "HostnameVerifier" parameter in caseof handshake errors..Check the following link for further details.
http://docs.wso2.org/wiki/display/AM131/Adding+an+API
I deployed exactly the same WS-proxy in 4.5.1 and 4.6. With 4.5.1 it works correctly, but with 4.6 I get:
ERROR - AxisEngine The endpoint reference (EPR) for the Operation not found is /services/registro.registroHttpSoap11Endpoint and the WSA Action = . If this EPR was previously reachable, please contact the server administrator.
The source is the following:
<proxy xmlns="http://ws.apache.org/ns/synapse" name="registro" transports="http" statistics="disable" trace="disable" startOnLoad="true">
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
<address uri="http://localhost:15080/SIGEM_RegistroPresencialWS/services/ServicioRegistroWebService"/>
</endpoint>
</target>
<publishWSDL uri="http://localhost:15080/SIGEM_RegistroPresencialWS/services/ServicioRegistroWebService?wsdl"/>
<description></description>
</proxy>
What do I have to do for 4.6. to make it work?
Thanx.
To enhance ESB performance pass-through transport has been enabled by default starting from ESB 4.6.0 version that is not the case for ESB 4.5.1. It seems your proxy service depends on SOAP body based dispatching but pass-through transport does not support for SOAP body based dispatching. SOAP body based dispatching build the message body and use first element's local name for dispatching which effect to proxy performance badly that is the reason it was not supported in pass-through transport. We are in a process to fix this limitation for future ESB releasees without loosing any advantage of pass-through transport.
BTW for the moment you can use one of the following workarounds.
When sending a messages to the proxy service append operation name to the endpoint URL
e.g - http://serverName/app/serviceName/operationName
Modify client level code to send expected SOAPAction value ( like Try-It case)
I'm not sure your backend service's WSDL defined "" as the value of SOAPAction if that is the case you may modified the backend service to have value other than "" per each operation. AS an example for JAX-WS services you can use #WebMethod annotation for this.
e.g - #WebMethod(action="XXXX")
Note : In case if your backend WSDL defining a value other than "" for SOAPAction while your client send message with SOAPAction="" then it's a violation of service contract by the client and need to be fixed on client level.
I have faced the same problem with wso2 ESB 4.7 and the web service is also developed by me for the company.
What worked for me is adding soapAction attribute to wsdl soap:operation element like below.
<soap:operation soapAction="http://localhost:8080/MyWebApp/services/hello" style="document"/>