Skip to Content

Changes for page Data Exchange

Last modified by Erik Bakker on 2024/09/05 14:00
From version 16.1
edited by Carlijn Kokkeler
on 2024/09/03 12:28
Change comment: There is no comment for this version
To version 5.1
edited by Erik Bakker
on 2022/06/13 09:39
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -Data Exchange
1 + XPath Advanced
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.CarlijnKokkeler
1 +XWiki.ebakker
Default language
... ... @@ -1,1 +1,0 @@
1 -en
Content
... ... @@ -1,89 +1,93 @@
1 1  {{container}}{{container layoutStyle="columns"}}(((
2 -In this section, well examine how eMagiz manages data exchange between applications and integrations, focusing on security considerations for each method. eMagiz supports three main integration patterns: Messaging, API Gateway, and Event Streaming. We'll explore the security measures associated with each pattern, including options like OpenID Connect, OAuth2.0, and access control lists. By understanding these patterns and their specific security configurations, you'll be better equipped to protect data and ensure secure interactions across your integrations.
2 +Within the crash course, we already explained XPath conceptually. In that same microlearning, we also looked at some more uncomplicated cases of using XPath within your transformation. If you need to brush up on that knowledge, please check out this [microlearning](crashcourse-platform-create-transformation-xpath-basic.md). In the intermediate microlearning on this subject, we built upon that knowledge. Please check out this [microlearning](intermediate-create-your-transformations-xpath-intermediate.md) if you need a refresher on that. In this microlearning, we will build upon that knowledge and look at some concrete, practical examples that could be useful in your project.
3 3  
4 4  Should you have any questions, please get in touch with [[academy@emagiz.com>>mailto:academy@emagiz.com]].
5 5  
6 +* Last update: October 25th, 2021
7 +* Required reading time: 6 minutes
8 +
6 6  == 1. Prerequisites ==
7 7  
8 -* Expert knowledge of the eMagiz platform
11 +* Advanced knowledge of the eMagiz platform
12 +* [[XPath Basic>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Platform.crashcourse-platform-create-transformation-xpath-basic.WebHome||target="blank"]]
13 +* [[XPath Intermediate>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.Create your transformations.intermediate-create-your-transformations-xpath-intermediate.WebHome||target="blank"]]
9 9  
15 +
10 10  == 2. Key concepts ==
11 11  
12 -This microlearning focuses on security considerations when exchanging data via the platform.
18 +This microlearning focuses on more complex XPath operations.
13 13  
14 -* Each pattern comes with generic and specific checks and balances to ensure security is taken care of when exchanging data.
20 +With XPath Advanced, we mean learning that XPath options are complex but could benefit you in your daily work.
15 15  
16 -== 3. Data Exchange ==
22 +Some of the more complex XPath options are:
17 17  
18 -Because eMagiz provides the integration between two or more applications via the eMagiz platform, the point at which the data is interchanged between application and integration is a critical part of the integration in terms of security.
19 -Within eMagiz, there are three main integration patterns a user can configure to support their business case most optimally. First, this section will look at all three integration types and specify the security measures.
24 +* dateTime calculation
25 +* Filter list
26 +* XPath on JSON
27 +* SpEL notation for XPath
20 20  
21 -=== 3.1 Messaging ===
22 22  
23 -Messaging is the most flexible option of the three; therefore, a wide range of options is available within eMagiz to secure the connections.
24 -eMagiz offers users the tools to set up integrations and end-points securely. eMagiz supports well-known market standards, including:
25 25  
26 -* OpenID Connect
27 -* WS-Security
28 -* API Keys in combination with HTTPS/SSL
29 -* SOAP Authentication
30 -* OAuth2.0
31 -* Basic Authentication
31 +== 3. XPath Advanced ==
32 32  
33 -This way, each connection between the application and the integration (end-point) can be adequately secured and gives the flexibility to confer with the external application which method best suits their needs.
33 +Within the crash course, we already explained XPath conceptually. In that same microlearning, we also looked at some more uncomplicated cases of using XPath within your transformation. If you need to brush up on that knowledge, please check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Platform.crashcourse-platform-create-transformation-xpath-basic.WebHome||target="blank"]]. In the intermediate microlearning on this subject, we built upon that knowledge. Please check out this [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.Create your transformations.intermediate-create-your-transformations-xpath-intermediate.WebHome||target="blank"]] if you need a refresher on that. In this microlearning, we will build upon that knowledge and look at some concrete, practical examples that could be useful in your project.
34 34  
35 -=== 3.2 API Gateway ===
35 +Some of the more complex XPath options are:
36 36  
37 -A structure with roles and rights per role can be specified within the portal or via an external IDP to secure the front end of the API Gateway in eMagiz. Note that for the backend of the API Gateway, the same logic applies as stated above for messaging, which means that eMagiz supports the industry standard. Therefore, you as a user should confer with the external party about the correct method.
37 +* dateTime calculation
38 +* Filter list
39 +* XPath on JSON
40 +* SpEL notation for XPath
38 38  
39 -==== 3.2.1 Portal ====
42 +=== 3.1 dateTime calculation ===
40 40  
41 -As shown in the picture below, the roles are defined so that the Read role can only access two integrations available for this specific API Gateway. If a client has insufficient rights, they will receive a 401 Unauthorized
44 +Sometimes we see that a dateTime calculation is needed within a transformation to determine a specific action. As these calculations are not natively supported within the eMagiz platform, you need to use XPath's functionality to calculate the new valid date (or dateTime).
42 42  
43 -[[image:Main.Images.Fundamental.WebHome@fundamental-emagiz-security-guide--api-gateway-portal-feedback.png]]
46 +The XPath standard offers several functions to calculate with dateTime values. The two most used options are dayTimeDuration and yearMonthDuration. With the help of the dayTimeDuration, you can add, subtract, multiple, or divide seconds, minutes, hours, and days regarding the original value. The yearMonthDuration works similarly but then for months and years. An example of such an XPath is: <xsl:value-of xmlns:xs="http://www.w3.org/2001/XMLSchema" select="CDM:StartDate + xs:dayTimeDuration('P1D') * xs:yearMonthDuration('P1M')"/>. In this example, XPath adds one day and subtracts one month from the input date. Note that making this work requires the additional namespace to be defined. Therefore you need a custom snippet within your transformation or a custom transformation to make this work. Furthermore, note that the P1D and P1M could also be filled with the help of parameters to make them dynamic in nature.
44 44  
45 -==== 3.2.2 (External) IDP ====
48 +Some examples that we saw during the years:
46 46  
47 -Apart from configuring the roles, users, and rights within the portal itself, it is also possible to hook the API Gateway up to an (external) IDP.
48 -By communicating with this IDP via the OAuth2.0 protocol, a check is done every time a client calls a specific operation to see whether that client has sufficient rights to access the operation.
50 +* https://my.emagiz.com/p/question/172825635700358186
51 +* https://my.emagiz.com/p/question/172825635700352588
49 49  
50 -If the client has sufficient rights, the process continues. For example, if the client has insufficient rights, the client receives a 401 Unauthorized.
53 +=== 3.2 Filter list ===
51 51  
52 -==== 3.2.3 Error Handling ====
55 +Sometimes you have a large message which contains a certain list within it. However, logic dictates that you can only send the message if at least one entry in the list for which attribute A is filled and attribute B equals type C. To make that happen in XPath, we first need to navigate to the list within the message. As we previously learned, there are two options to do so. One is to use // to navigate to the entity somewhere in the tree directly. The other is to start at the root and walk the tree from there. In this example, we use the latter. That results in the following XPath example: /root/list[attributeB = 'type C']/attributeA !=''. With this XPath, you filter the list on the specified check and subsequently check whether one of those entries that remains has an attributeA which is filled in.
53 53  
54 -To prevent the error message if it occurs is sent straight back to the client, you can configure the front end of the API Gateway so that correct HTTP Status codes are given back to the client, including a descriptive message.
57 +=== 3.3 XPath on JSON ===
55 55  
56 -For more information on how this precisely can be configured via the eMagiz platform, please check the following [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course API Gateway.crashcourse-api-gateway-configure-roles-and-users||target="blank"]].
59 +With the release of build number .50, we expanded our offering on JSON messages to resemble much of the functionality we previously offered for XML messages. As a result, you can use XPath expressions on JSON messages within the following components (related to XPath):
57 57  
58 -=== 3.3 Event Streaming ===
61 +* XPath header enricher
62 +* XPath transformer
63 +* XPath router
59 59  
60 -Within the Event Streaming solution, eMagiz provides Event Streaming users, and topics can be created.
61 -Access to a topic within a cluster is governed by an Access Control List (ACL). This ACL links users to a topic and defines what the user can do on a topic (consume, produce, both).
65 +To activate the functionality, simply link the JSON source factory support object to one of these components to achieve the desired result. For more information, check out: https://emagiz.github.io/docs/release-notes/build50.
62 62  
63 -Only users with sufficient rights in the Deploy phase of eMagiz can add users, and topics and change the ACL entries specific to the Event Streaming cluster.
67 +=== 3.4 SpEL notation for XPath ===
64 64  
65 -Apart from producing or consuming data on specific topics based on the ACL, users also need a valid Keystore (containing the key and cert generated automatically) and a valid truststore (containing the CA certificate of the event streaming cluster) to produce or consume data.
69 +Sometimes you want to perform an XPath operation but store the header via a standard message header enricher component. As a result, you need a valid SpEL expression to help you in this cause. To do so, you need to know the correct notation for an XPath expression when using the SpEL language. An example of the correct notation is: #xpath(payload,'/root/entity/attribute')
66 66  
67 -These are all security measures to prevent third parties from unauthorized access to the data stored on the topics.
71 +== 4. Assignment ==
68 68  
69 -For more information on how this precisely can be configured via the eMagiz platform, please check the following [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Event Streaming.crashcourse-eventstreaming-user-management||target="blank"]].
73 +Check out which of the XPaths we have discussed today can be found within your project.
74 +This assignment can be completed within the (Academy) project you created/used in the previous assignment.
70 70  
71 -=== 3.4 General ===
76 +== 5. Key takeaways ==
72 72  
73 -Regardless of the selected pattern for your solution, it would be best if you always considered that you only exchange relevant information with the external party. This means you should consider both headers as the payload you need to exchange with the external party. This is particularly interesting for any communication via HTTP gateways as they hold functionality to send all message headers as HTTP headers and vice versa.
78 +Some of the more complex XPath options are:
74 74  
75 -== 4. Key takeaways ==
80 +* dateTime calculation
81 +* Filter list
82 +* XPath on JSON
83 +* SpEL notation for XPath
76 76  
77 -* Each pattern comes with generic and specific checks and balances to ensure security is taken care of when exchanging data.
78 -* When you are not careful, you might share too much information with external parties.
85 +== 6. Suggested Additional Readings ==
79 79  
80 -== 5. Suggested Additional Readings ==
87 +If you are interested in this topic and want more information on it, please read the help text provided by eMagiz and read more information on the following link:
81 81  
82 -If you are interested in this topic and want more information, please read the help text provided by eMagiz and read the following link:
83 -* [[Crash Course (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.WebHome||target="blank"]]
84 -** [[Crash Course API Gateway (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course API Gateway.WebHome||target="blank"]]
85 -*** [[Configure Roles and Users (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course API Gateway.crashcourse-api-gateway-configure-roles-and-users||target="blank"]]
86 -** [[Crash Course Event Streaming (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Event Streaming.WebHome||target="blank"]]
87 -*** [[User Management - Event Streaming (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Event Streaming.crashcourse-eventstreaming-user-management||target="blank"]]
88 -* [[Data exchange (Search Result)>>url:https://docs.emagiz.com/bin/view/Main/Search?sort=score&sortOrder=desc&highlight=true&facet=true&r=1&f_space_facet=0%2FMain.&f_type=DOCUMENT&f_locale=en&f_locale=&f_locale=en&text=data+exchange||target="blank"]]
89 -)))((({{toc/}}))){{/container}}{{/container}}
89 +* https://www.w3schools.com/xml/xpath_intro.asp
90 +
91 +== 7. Silent demonstration video ==
92 +
93 +As this is more of theoretical microlearning, there is no video accompanying the microlearning.)))((({{toc/}}))){{/container}}{{/container}}