I want to validate that the request url match exactly the addressing header To.
is it possible to do that in a class Mediator?
how can I get the endpoint url of the proxy service?
I am not sure whether you can do it with class mediator. But you can match the url with in the proxy service[1].
Also you can get the 'TO' value using message context property[2].
1.https://docs.wso2.com/display/ESB451/Sample+157%3A+Conditional+Router+for+Routing+Messages+based+on+HTTP+URL,+HTTP+Headers+and+Query+Parameters
2.https://docs.wso2.com/display/ESB460/Synapse+Message+Context+Properties#SynapseMessageContextProperties-Property:MESSAGE_FORMAT
Related
So I really don't know what the problem is here, I've tried many things, but I can't get the Twilio request hashes to match up. Let me explain.
I decided to implement an instance of Twilio's RequestValidator to ensure the requests were coming from Twilio. But after following the tutorial here: https://www.twilio.com/docs/usage/security?code-sample=code-validate-signature-of-request-1&code-language=PHP&code-sdk-version=5.x
The validator is only returning false. Here is the code that I used:
$url = 'https://example.com/api/endpoint/to/endpoint/';
$request_params = $_REQUEST;
$twilio_validator = new RequestValidator('myauthtoken');
if (!$twilio_validator->validate($_SERVER['HTTP_X_TWILIO_SIGNATURE'], $url, $request_params)) {
throw new CallException('Not from Twilio');
}
Even though the URL is an example, that is exactly how I have the actual URL formatted...no port, basic auth, or fragment. Just the protocol, domain, and path with a trailing "/". In addition, the URL is the exact VoiceURL I set when I set up this Twilio App (this is calling the VoiceURL to one of my Twilio Apps).
My auth token is the auth token for my whole account
The request params is where I'm sure I'm messing something up. Twilio is making a GET request to this endpoint, and I tried using the $_GET superglobal as well, to no avail. I'm using $_REQUEST here because of this issue: https://github.com/twilio/twilio-php/issues/510 and because I thought it would be the best choice. I have also tried using file_get_contents('php://input') to the exact same problem (the hashes not matching, ultimately).
I even forked and opened a PR on the PHP SDK to update the class a little bit, just to see if I could learn any more...so I know the class and it's methods pretty well...I just don't see my issue.
What am I doing wrong here to make it so that the RequestValidator isn't validating that the requests from Twilio are coming from Twilio?
So after a lot of research and working with Twilio help, I figured out the answer to my question.
When Twilio is making a GET request to my server, you aren't supposed to pass the GET parameters as the third parameter to the validate method on the RequestValidator class. When Twilio is making a GET request to your server, validating actually needs to look like this:
// this is the interesting part...you don't even set the pathname on the domain...
// EVEN IF YOU THE PATHNAME IS SET IN YOUR VOICE URL.
// This is because of the different way the RequestValidator handles GET and POST params
$domain = 'https://example.com'; // make sure to add no trailing '/'
// setting up the RequestValidator
$twilio_validator = new RequestValidator('myauthtoken');
// figuring out if the request is from twilio
$is_from_twilio = $twilio_validator->validate(
// the signature header that Twilio sends
$_SERVER['HTTP_X_TWILIO_SIGNATURE'],
// The domain name CONCATENATED to the Request URI. $_SERVER['REQUEST_URI'] holds everything that comes after the domain name in a URL (pathname, query parameters, and fragment)
$domain.$_SERVER['REQUEST_URI']
// if the request is a get request, as mine are, there is no need for the third parameter
);
// resolving the response
if (!$is_from_twilio) {
echo 'Not from Twilio';
exit;
}
Refer to the comments in the code for a more in depth discussion on the code at work here..
Does anyone know how to pass parameters to a RESTFUL webservice using the Orbeon HTTP Service?
I have a RESTFUL API at http://localhost/RESTFUL/GETADDRESS/$parameter$.
Sample of the URL is http://localhost/RESTFUL/GETADDRESS/1234
Orbeon HTTP service is unable to pass the parameter to the web service.
The Request Body is configured as <parameter/> and serialization is set to XML.
Could not use HTML Form as it adds a ? to the URL which is not correct.
Anyone has any ideas to get this working?
There is no perfect solution. But try writing the service URL as:
http://localhost/RESTFUL/GETADDRESS/{...expression here...}
where "...expression here..." should be replaced by an XPath expression pointing to the value you would like to pass. For example, if pointing to a control called foo in a section called bar, try:
http://localhost/RESTFUL/GETADDRESS/{/*/bar/foo}
I also added this RFE.
I have a route defined like this:
from("direct:performEbayHttpCall")
.setHeader("HTTP_METHOD", constant("GET"))
.setBody(constant(null))
.log("${headers.EBAY_URL}")
.recipientList(simple("http://${headers.EBAY_URL}"))
.unmarshal().json(JsonLibrary.Gson);
When the log endpoint gets called the EBAY_URL is correct, I can copy and paste it into a browser and it works.
However when the http request is made, the url parameters are in completely the wrong order and thus causing a 500 response to be returned from the server.
Is there a way to tell camel to not mess about with the ordering of the url?
No the query parameter ordering should NOT matter. Any HTTP server should accept query parameters in whatever order they are, eg a=1&b=2 is the same as b=2&a=1
Camel validates and normalizes the URI and the query parameters is listed in A..Z order. (nor random).
I am receiving HTTP/SOAP request with some query parameters. Those query parameters are in repeated format as key=value as /q=key1=value1&key2=value2 etc...
I would like to retrieve all the keys from above URL and check if they are valid or not.
1. Is there any way to define global array which can hold these keys
2. How to validate if keys are present or not. Does ESB supports java "contains" API ?
I believe you are doing a GET request..
You can retrieve all the query parameters in a sequence.
eg:
For a request url; http:// localhost:8280/getSimpleQuote?symbol=IBM
<property name="symbol" expression="$url:symbol"/> will return the symbol 'IBM'.
After getting all keys, you can validate them
you can get the query parameters with the xpath expression get-property{'uri.var.xxx'} with xxx is the name of the query parameter you need to get.
When a resource is defined with a URL mapping, only those requests that match the given URL mapping will be processed by the resource. Alternatively one could configure a resource with a URI template. A URI template represents a class of URIs using patterns and variables. Some examples of valid URI templates are given below.
/order/{orderId}
/dictionary/{char}/{word}
All the identifiers within curly braces are considered variables. A URL that matches the template “/order/{orderId}” is given below.
/order/A0001
In the above URL instance, the variable orderId has been assigned the value “A0001”. Similarly following URL adheres to the template “/dictionary/{char}/{word}”.
/dictionary/c/cat
In this case the variable “char” has the value “c” and the variable “word” is given the value “cat”. When a resource is associated with a URI template, all requests that match the template will be processed by the resource. At the same time ESB will provide access to the exact values of the template variables through message context properties. For an example assume a resource configured with the URI template “/dictionary/{char}/{word}”. If the request “/dictionary/c/cat” is sent to the ESB, it will be dispatched to the above resource and we will be able to retrieve the exact values of the two variables using the get-property XPath extension of WSO2 ESB:
Background:
Foobar.htm form uses this:
<form action="http://rawurl-here.gotdns.org" method="POST">
[...]
</form>
rawurl-here.gotdns.org is a Dynamic DNS url that redirects the user to:
http://currentsite001.mysite.org
Question:
Is there a way to ensure that the POST parameters sent by Foobar.htm always reach the final target, regardless of the passthru from rawurl-here.gotdns.org?
No, POST requests cannot be redirected. The HTTP spec says that any attempt to redirect a non-GET/HEAD request must be confirmed by the user. However, as noted in the text for the 302 redirect, most browsers ignore this and simply change the POST to a GET instead at which point your parameters are gone.
rawurl-here.gotdns.org is a Dynamic DNS url that redirects
You need a dynamic DNS service that doesn't redirect, but just points the DNS A record directly to your IP address. Set your box up to respond to requests for rawurl-here.gotdns.org and now you don't need a redirect.
DNS redirect and framing services suck anyhow.
I normally use DynDNS and haven't problems with POST data.
Do you have problems? Or just want ensure if the data are sent for your target?
[]'s,
And Past