Skip to Content

Changes for page Groovy Script

Last modified by Erik Bakker on 2024/09/05 13:53
From version 11.1
edited by Erik Bakker
on 2022/07/26 13:40
Change comment: There is no comment for this version
To version 7.1
edited by Erik Bakker
on 2022/07/26 09:05
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -API Gateway Security - External IDP
1 +expert-create-your-transformations-xpath-expert
Default language
... ... @@ -1,1 +1,0 @@
1 -en
Content
... ... @@ -1,5 +1,5 @@
1 1  {{container}}{{container layoutStyle="columns"}}(((
2 -In the crash course on the API Gateway we discussed the various options available to [[secure>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course API Gateway.crashcourse-api-gateway-security.WebHome||target="blank"]] your API Gateway properly. In this microlearning, we will expand our knowledge on that topic by looking at a special case of securing your API Gateway. That case is special as you use an external identity provider (IDP) to govern the roles and users that have rights on your API Gateway.
2 +Within the crash course, we already explained XPath conceptually. In that same microlearning, we looked at some more uncomplicated cases of using XPath within your transformation. If you need to brush up on that knowledge, please check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Platform.crashcourse-platform-create-transformation-xpath-basic.WebHome||target="blank"]]. In the intermediate microlearning on this subject, we built upon that knowledge. Please check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.Create your transformations.intermediate-create-your-transformations-xpath-intermediate.WebHome||target="blank"]] if you need a refresher on that. In the [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Advanced Level.Create your transformations.advanced-create-your-transformations-xpath-advanced.WebHome||target="blank"]] that followed, we built upon that knowledge and looked at some concrete, practical examples that could be useful in your project. In this microlearning, we will wrap the concept of XPath by looking at three complex XPath alternatives that are sometimes needed when dealing with messages in eMagiz.
3 3  
4 4  Should you have any questions, please get in touch with [[academy@emagiz.com>>mailto:academy@emagiz.com]].
5 5  
... ... @@ -6,54 +6,82 @@
6 6  == 1. Prerequisites ==
7 7  
8 8  * Expert knowledge of the eMagiz platform
9 +* [[XPath Basic>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Platform.crashcourse-platform-create-transformation-xpath-basic.WebHome||target="blank"]]
10 +* [[XPath Intermediate>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.Create your transformations.intermediate-create-your-transformations-xpath-intermediate.WebHome||target="blank"]]
11 +* [[XPath Advanced>>doc:Main.eMagiz Academy.Microlearnings.Advanced Level.Create your transformations.advanced-create-your-transformations-xpath-advanced.WebHome||target="blank"]]
9 9  
13 +
10 10  == 2. Key concepts ==
11 11  
12 -This microlearning focuses on using an external IDP to validate whether a user is authorized to execute a certain action on your API Gateway and what configuration is needed in eMagiz to make this work.
16 +This microlearning focuses on very complex XPath operations.
13 13  
14 -* The Token and Issuer URL of the external IDP need to be known
15 -* Users and Roles under User Management need to be manually configured and maintained to keep them in sync with the external IDP
18 +With XPath Expert, we mean learning that XPath options are sometimes very complex but could benefit you in specific cases in your daily work.
16 16  
17 -== 3. External IDP ==
20 +Some of the very complex XPath options are:
18 18  
19 -In the crash course on the API Gateway we discussed the various options available to [[secure>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course API Gateway.crashcourse-api-gateway-security.WebHome||target="blank"]] your API Gateway properly. In this microlearning, we will expand our knowledge on that topic by looking at a special case of securing your API Gateway. That case is special as you use an external identity provider (IDP) to govern the roles and users that have rights on your API Gateway.
22 +* matches
23 +* replace
24 +* tokenize
20 20  
21 -When selecting the option OAuth2.0 (or OpenID Connect) you have the option to use the IDP provided by eMagiz which makes the configuration easy or you could use an external IDP which you have control over and want to use for this purposes.
26 +== 3. XPath Expert ==
22 22  
23 -In this microlearning we will highlight what you need to configure in Design and Deploy to make this work within the tooling of eMagiz.
28 +Within the crash course, we already explained XPath conceptually. In that same microlearning, we looked at some more uncomplicated cases of using XPath within your transformation. If you need to brush up on that knowledge, please check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Platform.crashcourse-platform-create-transformation-xpath-basic.WebHome||target="blank"]]. In the intermediate microlearning on this subject, we built upon that knowledge. Please check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.Create your transformations.intermediate-create-your-transformations-xpath-intermediate.WebHome||target="blank"]] if you need a refresher on that. In the [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Advanced Level.Create your transformations.advanced-create-your-transformations-xpath-advanced.WebHome||target="blank"]] that followed, we built upon that knowledge and looked at some concrete, practical examples that could be useful in your project. In this microlearning, we will wrap the concept of XPath by looking at three complex XPath alternatives that are sometimes needed when dealing with messages in eMagiz.
24 24  
25 -=== 3.1 Design ===
30 +Some of the very complex XPath options are:
26 26  
27 -On the security level of the API Gateway in Design you need to select the desired option, for example OAuth2.0. Instead of not filling in the token and issuer URL, indicating that you want to use the eMagiz IDP, you need to fill these in to reference the IDP of your choice. Below you see an example of how this could be configured.
32 +* matches
33 +* replace
34 +* tokenize
28 28  
29 -[[image:Main.Images.Microlearning.WebHome@expert-securing-data-traffic-api-gw-security-external-idp-security-config-design.png]]
36 +=== 3.1 matches ===
30 30  
31 -Note that the environmentID in this example should be replaced with an actual environmentID that references your environment.
38 +Sometimes, you want to determine whether a specific value within your payload matches a pattern. In those cases, you can use the XPath function called matches. The function will return true if the supplied string matches a given regular expression. So, for example, if you want to check whether your OrderID contains exactly seven digits and nothing else, the following XPath expression will work for your use case.
32 32  
33 -=== 3.2 Deploy ===
40 +matches(OrderID,'^\d{7}$')
34 34  
35 -Normally, eMagiz will automatically update the User Management information based on the configuration in Design. However, because the identity check is not done by eMagiz but by an external party you need to manually enter the roles and users and configure the scope correctly on role level.
42 +As a result, you will get a true or false back which you can then use as a filter or within an if-then-else construction.
36 36  
37 -To do so navigate to User Management in Deploy and add the users you want manually by pressing the New button and providing them with a name. Do subsequently the same for the roles. On role level do not forget to correctly enter the scope to make the call work. Note that the help text on the scope level gently reminds you what you need to do to make this work.
44 +=== 3.2 replace ===
38 38  
39 -[[image:Main.Images.Microlearning.WebHome@expert-securing-data-traffic-api-gw-security-external-idp-scope-configuration.png]]
46 +The replace function has many similarities with the matches function. It builds on the premise of the matches function, but instead of returning a true or false, you can state with what you want to replace the matched string. In other words, this function returns a string produced from the input string by replacing any substrings that match a given regular expression with a supplied replacement string.
40 40  
41 -{{warning}}When implementing this you would be the first to do so with this setup. This means there might be some unexpected behavior when configuring this.{{/warning}}
48 +When we apply this to our earlier example, we can state that when the OrderID contains any non-digit, we will replace this value with nothing. This will lead to the following XPath expression.
42 42  
50 +replace(OrderID,'\D','')
51 +
52 +With a given input string of 12C34A567, the returned result will be 1234567.
53 +
54 +=== 3.3 tokenize ===
55 +
56 +The tokenize function can split a string into multiple entries for you. This is particularly useful when you want to match an input string to a list of possible values that are valid for that string. For example, the function returns a sequence of strings constructed by splitting the input wherever a separator is found; the separator is any substring that matches a given regular expression.
57 +
58 +So, for example, when the input string for AddressID is "street,housenumber,housenumberaddition" and you want to tokenize this with the help of the separator, you could use, in this example, the comma between the values as the separator. This will lead to the following XPath expression.
59 +
60 +tokenize(AddressID,',')
61 +
62 +The given input detailed above will result in the following output: street housenumber housenumberaddition.
63 +
43 43  == 4. Assignment ==
44 44  
45 -No assignment
66 +Check out which of the XPaths we have discussed today can be found within your project.
67 +This assignment can be completed within the (Academy) project you created/used in the previous assignment.
46 46  
47 47  == 5. Key takeaways ==
48 48  
49 -* The Token and Issuer URL of the external IDP need to be known
50 -* Users and Roles under User Management need to be manually configured and maintained to keep them in sync with the external IDP
51 -* When implementing this you would be the first to do so with this setup.
71 +Some of the very complex XPath options are:
52 52  
73 +* matches
74 +* replace
75 +* tokenize
76 +
53 53  == 6. Suggested Additional Readings ==
54 54  
55 -If you are interested in this topic and want more information, please read the help text provided by eMagiz.
79 +If you are interested in this topic and want more information on it, please read the help text provided by eMagiz and read more information on the following links:
56 56  
81 +* http://www.xsltfunctions.com/xsl/fn_matches.html
82 +* http://www.xsltfunctions.com/xsl/fn_replace.html
83 +* http://www.xsltfunctions.com/xsl/fn_tokenize.html
84 +
57 57  == 7. Silent demonstration video ==
58 58  
59 59  As this is more of theoretical microlearning, there is no video accompanying the microlearning.)))((({{toc/}}))){{/container}}{{/container}}