I have URL in the below format, and I want to decode the query string and re-write the URL.
https://api.test.abc.com/parameters?username=%7Busername%7D
How can I decode username using policies and re-write it in the following format:
API Endpoint: /api/affiliated/users/userInfo/?username=abcd.gmail.com
Many thanks in advance.
You can use the System.Net.WebUtility with in the APIM policies
System.Net.WebUtility.UrlDecode(context.Request.Url.Query["username"]
You can decode it manually.
context.Request.Url.Query["username"] | Replace:'%7B','{' | Replace:'%7D','}'
Save that username in one variable and use it in rewrite template.
I too want to know some method to decode url in APIM policy.
We cannot directly decode, as there is no option, we have to do delete the first query parameter and rewrite the URI by changing and decoding the query parameter. I used the below code snippet to execute that. (as the question was also to replace the userName in the URL with visibleToUserId along with decoding the value.)
#((Convert.ToBase64String(Encoding.UTF8.GetBytes((string)context.Request.MatchedParameters[\"visibleToUserId\"]))).Replace('=', '~').Replace('+', '-').Replace('/', '_'))
Related
I try create simple OAuthHandler.
After my request (using the implicit flow), server send request to my page, with an authorization code. But in query string from server, all parameters starts with hash (#) instead?
In method HandleRemoteAuthenticateAsync, I'm trying to parse query string, but none of the properties contain authorization code or anything like that.
How can I handle hash in query string?
As Joppe and David mentioned in the comments, anything after the hash (#) is part of the fragment, and is not sent to the server by the browser. That's why your server code can't see it.
The implicit flow is for JavaScript clients, not web servers. You want the authorization code flow instead. The redirect will look like:
REDIRECT_URI?code=7a6fa...
Since the code is transmitted in the query string, instead of the fragment, your server-side code will be able to see it.
When sending a request via Zuul to a client, Zuul seems to change the query String. More specifically, if the client should receive an url-encoded query String, Zuul decodes the query String once. Here is a concrete example:
If "http://localhost:8080/demo/demo?a=http%3A%2F%2Fsomething/" is sent to the client, the client receives as a query String "a=http://something/".
Looking into Zuul`s code, the function "buildZuulRequestQueryParams" uses "HTTPRequestUtils.getInstance().getQueryParams();" which decodes the query String.
Is this a desired feature or a bug?
Zuul actually offers a flag to disable this behavior.
8.9 Query String Encoding
When processing the incoming request, query params are decoded so that they can be available for possible modifications in Zuul filters. They are then re-encoded the backend request is rebuilt in the route filters. The result can be different than the original input if (for example) it was encoded with Javascript’s encodeURIComponent() method. While this causes no issues in most cases, some web servers can be picky with the encoding of complex query string.
To force the original encoding of the query string, it is possible to pass a special flag to ZuulProperties so that the query string is taken as is with the HttpServletRequest::getQueryString method, as shown in the following example:
application.yml.
zuul:
forceOriginalQueryStringEncoding: true
[Note] This special flag works only with SimpleHostRoutingFilter.
Also, you loose the ability to easily override query parameters with
RequestContext.getCurrentContext().setRequestQueryParams(someOverriddenParameters),
because the query string is now fetched directly on the original
HttpServletRequest.
8. Router and Filter: Zuul
I was facing the same issue yesterday. I think it's related to this pull request. A faster way to solve this issue (without wait for PR get merged) is rewrite the classes in your own project using the same package and class name to override the framework class.
I ran into the same issue recently. Submitted a PR to Netflix/Zuul. Basically adding the same ability that's currently available on spring cloud gateway to Netflix. Hoping it'll get addressed soon.
If accepted, you could pretty much add a config to keep the original uri encoding
zuul.keepOriginalQueryStringEncoding=true
Hi everyone currently i am passing query string in my url like
ip:port/contextroot/page.jsf?id=22&tsid=1234
the query string is a user id and tsid. the doesnt specifically need to type in the query string values. my requirement is to hide the query string in the url and still be able to use the query string values in my app. i was thinking if there is a way to strip off the query string using jboss redirection.
To Summarize:
i wanna access my page.jsf like
ip:port/contextroot/page.jsf
and still get id and tsid from the query string.
any help is geartly appreciated.
thanks in advance :)
On your .NET application, encrypt all sensible data using a symmetric cipher (e.g. AES), then POST it to a JBOSS servlet. In that servlet, decrypt the transmitted data and store it in a session scoped bean. This way, you can subsequently access the data from your beans without needing to carry it aound in GET params.
I think you're looking for Pretty Faces ( http://ocpsoft.org/prettyfaces/ )
I'm encoding a query parameter using GWT's com.google.gwt.http.client.URL.encode() method, but have found I can't use URL.decode() on the server to decode it because the implementation isn't available (I suspect it uses the javascript client side implementation). I get...
java.lang.UnsatisfiedLinkError: com.google.gwt.http.client.URL.decodeImpl(Ljava/lang/String;)Ljava/lang/String;
Can someone suggest what I'm supposed to use server side to decode the encoded string?
I solved my problem this way: on the client side, I encode the parameters using com.google.gwt.http.client.URL.encodeQueryString(), like:
URL.encodeQueryString(param)
On the server side, I get the parameters using the ServletRequest methods, like:
String myParam = req.getParameter("myparam");
PS I initially +1'd Riley Lark's answer, but then I got some problems with some characters too... Letting the ServletRequest do the job will handle all character's encoding for you.
See Decoding international chars in AppEngine
java.net.URLDecoder is implemented on AppEngine and works perfectly with com.google.gwt.http.client.URL.encode().
If you're not willing to use gwt-rpc you can encode/decode with Base64. Check this link for a gwt implementation of the Base64 encoder/decoder. Then all you have to do is Base64.encode(yourParameterValue) before sending the request to the server and Base64.decode(request.getParameter(yourParameterName)) on the backend right after receiving the request.
cheers!
This is the request Facebook calls back:
/facebook/promo/#access_token=162592277090170%7C2.yCch3otjrdit_rgBFS6F0A__.3600.1285369200-727781553%7CtugQmoO0bRiadumHVQrrSiPRD9Y&expires_in=7174
How can I parse the access_token from the URL? I could not find any way to get the access_token value.
Please be aware that it is not a reqular parameter.
You could use a Regex to match it out of the url. Or simply take everything as a sub-string between access_token= and the next &-character or the end of the url, which ever comes first.
I believe that it's not possible - the part after # is simply ignored. See this answer: Rails: Extracting the raw url from the request
If you're only after the access_token=... section, just use some simple string matching:
url = '/facebook/promo/#access_token=162592277090170%7C2.yCch3otjrdit_rgBFS6F0A__.3600.1285369200-727781553%7CtugQmoO0bRiadumHVQrrSiPRD9Y&expires_in=7174'
url[/#access_token=(.+)&/, 1]
=> "162592277090170%7C2.yCch3otjrdit_rgBFS6F0A__.3600.1285369200-727781553%7CtugQmoO0bRiadumHVQrrSiPRD9Y"
That looks for #access_token= and grabs everything up to &.