Is it possible to enable HTTPS protocol for an API on the WSO2 ESB?
https://localhost:8280/api/mySslApi
You can simply call the HTTPS endpoint of the API and it's enabled by default. Note that HTTPS port is 8243 not 8280.
https://localhost:8243/api/mySslApi
By default it is already enabled that way, if you follow axi2.xml config ,you will find below details,
1.for Http
<transportReceiver name="http" class="org.apache.synapse.transport.passthru.PassThroughHttpListener">
<parameter name="port" locked="false">8280</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<!--parameter name="bind-address" locked="false">hostname or IP address</parameter-->
<!--parameter name="WSDLEPRPrefix" locked="false">https://apachehost:port/somepath</parameter-->
<parameter name="httpGetProcessor" locked="false">org.wso2.carbon.mediation.transport.handlers.PassThroughNHttpGetProcessor</parameter>
<!--<parameter name="priorityConfigFile" locked="false">location of priority configuration file</parameter>-->
</transportReceiver>
2.for Https
<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">
<parameter name="port" locked="false">8243</parameter>
<parameter name="non-blocking" locked="false">true</parameter>
<parameter name="HttpsProtocols">TLSv1,TLSv1.1,TLSv1.2</parameter>
Yes, In WSO2 ESB, when we want to secure a REST API, we can simply make it available via HTTPS like bellow.
<resource uri-template="/view/{symbol}" methods="GET" protocol="https">
And let the security handlers validate the credentials.
<handlers>
<handler class="org.wso2.rest.BasicAuthHandler"/>
</handlers>
For detail information : https://docs.wso2.com/display/ESB490/Securing+APIs
We currently support BasicAuth/usernametoken secured endpoints via the publisher..You may need to edit the axis2.xml for "HostnameVerifier" parameter in caseof handshake errors..Check the following link for further details.
http://docs.wso2.org/wiki/display/AM131/Adding+an+API
Related
In VFS proxy, How I can handle errors? For example in below cases:
If VFS is not able to connect to SFTP server due to different reasons(like wrong password, directory not exist etc). I am able to see Warning in console log but I want to send a mail or want to do some other stuff if connection is not possible.
If the folder does not exist where we have to move file after reading.
I am able to handle error during processing in FaultSequence but that thing does not work for proxy. I tried to set onError attribute as well but seems proxy does not support that attribute.
Please let me know if someone handle such errors or I am missing something.
<proxy name="FileProxy" startOnLoad="false" statistics="enable" trace="enable" transports="vfs" xmlns="http://ws.apache.org/ns/synapse">
<target faultSequence="Global_Error_Handler">
<inSequence>
<log level="custom">
<property name="status=" value="File received."/>
</log>
</inSequence>
<outSequence/>
</target>
<parameter name="transport.vfs.Streaming">true</parameter>
<parameter name="transport.PollInterval">10</parameter>
<parameter name="transport.vfs.FileURI">vfs:sftp://abc:***#127.0.0.1:22/test/ftp_in?transport.vfs.AvoidPermissionCheck=true</parameter>
<parameter name="transport.vfs.ContentType">text/plain</parameter>
<parameter name="transport.vfs.ActionAfterProcess">MOVE</parameter>
<parameter name="transport.vfs.MoveAfterFailure">vfs:sftp://abc:***#127.0.0.1:22/test/ftp_failure</parameter>
<parameter name="transport.vfs.ActionAfterFailure">MOVE</parameter>
<parameter name="transport.vfs.ReplyFileName">ReplyFileName.csv</parameter>
<parameter name="transport.vfs.FileNamePattern">.*.dat</parameter>
<parameter name="transport.vfs.MoveAfterProcess">file:///home/test/ftp_process</parameter>
</proxy>
Need to handle any error that occurs outside the <target> functionality of proxy for VFS.
I am using the following code in my proxy to connect ftp server to read file from.
<proxy name="SFTPVFSProxy" transports="vfs" startOnLoad="true" xmlns="http://ws.apache.org/ns/synapse">
<target>
<inSequence>
<send/>
</inSequence>
</target>
<parameter name="transport.vfs.ActionAfterProcess">MOVE</parameter>
<parameter name="transport.PollInterval">15</parameter>
<parameter name="transport.vfs.MoveAfterProcess">vfs:sftp://username:password#ftpserver-host/outbox</parameter>
<parameter name="transport.vfs.FileURI">vfs:sftp://username:password#ftpserver-host/inbox</parameter>
<parameter name="transport.vfs.MoveAfterFailure">vfs:sftp://username:password#ftpserver-host/sent</parameter>
<parameter name="transport.vfs.FileNamePattern">.*.txt</parameter>
<parameter name="transport.vfs.ContentType">application/xml</parameter>
<parameter name="transport.vfs.ActionAfterFailure">MOVE</parameter>
</proxy>
But I am getting below error when I ran the above. VFS transport is eanbled in axis2.xml and I can see vfs transport in wso2 esb 4.9.0 admin console.
The system cannot infer the transport information from the vfs:sftp://user:password#sftpserverhost/in URL
SFTP uses SSH protocol to communicate with the server, so it always logs into the user's home directory and then it takes the path relative to the user's home directory.
You can add "sftpPathFromRoot" to WSO2 VFS transport URI as to get absolute path access as below.
<parameter name="transport.vfs.FileURI">sftp://[ username[: password]#] hostname[: port][ absolute-path]?sftpPathFromRoot=true</parameter>
Alternatively you can use symbolic link.You can find more details here.
I'm testing the beta release of wso2 esb 5.0.0 which has an interesting feature for me, websockets.
I declare de inbound endpoint,like the documentation define (https://docs.wso2.com/display/ESB500/WebSocket+Inbound+Protocol) but i am only be capable of receive empty messages from my client (the connection is done) and i can not be capable to send any message to my cliente.
Have any one try this feature?
Thanks.
PD: this is my ws inbound enpoint
<inboundEndpoint name="testws" onError="errorsq" protocol="ws"
sequence="testwssq" suspend="false">
<parameters>
<parameter name="inbound.ws.port">9091</parameter>
<parameter name="ws.outflow.dispatch.sequence">testbesq</parameter>
<parameter name="ws.outflow.dispatch.fault.sequence">errorsq</parameter>
<parameter name="ws.client.side.broadcast.level">1</parameter>
</parameters>
</inboundEndpoint>
and these are my sequences
<sequence name="testbesq">
<log level="full"/>
</sequence>
<sequence name="testwssq">
<log level="full"/>
<log level="custom">
<property name="request" value="message receive"/>
</log>
</sequence>
Unlike HTTP, which is an application-level protocol, in the WebSocket protocol there is no enough information in an incoming message to process these messages, these messages are either text or binary low-level frames. Because of this, we had to define some custom subprotocol over WebSocket. This will allow both client and server parties to know the content type of frames they communicate.
By default every Inbound endpoint support following Synapse subprotocols.
synapse(contentType='application/json')
synapse(contentType='application/xml')
synapse(contentType='text/xml')
I used Netty WebSocket client and below command to test this. And once client connected(handshake), I put message <Test>message</Test> and I could see the backend response on websocket client side.
java -DsubProtocol="synapse(contentType='application/xml')" -DclientPort=9091 -cp netty-example-4.0.30.Final.jar:lib/*:. io.netty.example.http.websocketx.client.WebSocketClient
I have this simple example of my rest api, and now I want to add https capabilities to this resource.
<api name="API_FEETIT_VERSION" context="/api_feetit_version">
<resource methods="GET" protocol="https">
<inSequence>
<send>
<endpoint>
<address uri="http://myserver.net/version"/>
</endpoint>
</send>
</inSequence>
</resource>
To do this I just added attribute protocol="https" on resource, but now I cant access the service. Already try on port 8243 but still nothing.
Do I need to do anything else? Or even my endpoint service needs to use https too?
Yes , your backend service will need to be https as well as your endpoint address.
<address uri="https://myserver.net/version"/>
Log in to the ESB Management console.
Under "Service Bus" section/tab , click the last option "Source View".
Search(ctrl-f) for you API , then its resource , and check if protocol="https". This is one of mine:
< resource methods="POST"
protocol="https"
inSequence="ackServiceSeq"
outSequence="hcfRequest"/ >
Weird how the "invokation url" stays the same
I'm using IBM Worklight Studio V6.2.0.0 and I would like to use Worklight SMS Notification messages with Skebby SMS Broker. I configured the SMSConfig.xml file as well for the Broker according to Worklight documentation and Skebby documentation API :
<sms:config xmlns:sms="http://www.worklight.com/sms/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<gateway id="skebby" hostname="gateway.skebby.it" port="80"
programName="api/send/smseasy/advanced/http.php" toParamName="recipients[]" textParamName="text">
<parameter encode="true" name="method" value="send_sms_classic"/>
<parameter encode="true" name="username" value="foo"/>
<parameter encode="true" name="password" value="foo"/>
<parameter encode="true" name="sender_string" value="Foo"/>
</gateway>
</sms:config>
From WebSphere Console output, I don't see any error but analyzing HTTP traffic, I see an error since the request is made by HTTP GET and this method but only POST is allowed.
How can I "force" HTTP POST instead of GET?
Then I tried to use HTTPS using port 443 with no luck getting a ClientProtocolException, is it possible to use HTTPS?
Then I've figured out that the value recipients[] of the toParamName key is urlencoded recipients%5B%5D=, how to avoid also this?
Thanks
Currently, the SMS support in Worklight supports only HTTP and only GET calls.
You can submit a feature request to be evaluated by Worklight product designers for future releases.
See here: http://www.ibm.com/developerworks/rfe/