Skip to Content

Changes for page Multipart form-data

Last modified by Erik Bakker on 2024/06/17 11:39
From version 23.2
edited by Erik Bakker
on 2024/06/17 11:39
Change comment: Update document after refactoring.
To version 11.2
edited by Erik Bakker
on 2022/07/28 08:47
Change comment: Update document after refactoring.

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -Multipart form-data
1 +expert-data-handling-groovy-script
Parent
... ... @@ -1,1 +1,1 @@
1 -Main.eMagiz Academy.Microlearnings.Legacy Functionality.WebHome
1 +WebHome
Default language
... ... @@ -1,0 +1,1 @@
1 +en
Content
... ... @@ -1,5 +1,5 @@
1 1  {{container}}{{container layoutStyle="columns"}}(((
2 -Sometimes when you call an external REST endpoint, they require you to send meta information and one or more "attachments" in one call to the REST endpoint. To make this possible, you need to send the information with the contentType called multipart/form-data. In this microlearning, we will discuss how you can configure a valid message within the eMagiz platform that allows you to send out messages with this contentType and have them accepted by the endpoint in question.
2 +In the crash course on the API Gateway we discussed the various options available to [[secure>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course API Gateway.crashcourse-api-gateway-security.WebHome||target="blank"]] your API Gateway properly. In this microlearning, we will expand our knowledge on that topic by looking at a special case of securing your API Gateway. That case is special as you use an external identity provider (IDP) to govern the roles and users that have rights on your API Gateway.
3 3  
4 4  Should you have any questions, please get in touch with [[academy@emagiz.com>>mailto:academy@emagiz.com]].
5 5  
... ... @@ -9,73 +9,51 @@
9 9  
10 10  == 2. Key concepts ==
11 11  
12 -This microlearning focuses on configuring a multipart/form-data message within eMagiz to ensure it is sent correctly to an endpoint.
12 +This microlearning focuses on using an external IDP to validate whether a user is authorized to execute a certain action on your API Gateway and what configuration is needed in eMagiz to make this work.
13 13  
14 -Key aspects are:
14 +* The Token and Issuer URL of the external IDP need to be known
15 +* Users and Roles under User Management need to be manually configured and maintained to keep them in sync with the external IDP
15 15  
16 -* Defining the boundary that separates the parts of the message
17 -* Defining the content types of each part of the message
18 -* Construction of the complete message according to the specification
17 +== 3. External IDP ==
19 19  
20 -== 3. Multipart form-data ==
19 +In the crash course on the API Gateway we discussed the various options available to [[secure>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course API Gateway.crashcourse-api-gateway-security.WebHome||target="blank"]] your API Gateway properly. In this microlearning, we will expand our knowledge on that topic by looking at a special case of securing your API Gateway. That case is special as you use an external identity provider (IDP) to govern the roles and users that have rights on your API Gateway.
21 21  
22 -Sometimes when you call an external REST endpoint, they require you to send meta information and one or more "attachments" in one call to the REST endpoint. To make this possible, you need to send the information with the contentType called multipart/form-data. In this microlearning, we will discuss how you can configure a valid message within the eMagiz platform that allows you to send out messages with this contentType and have them accepted by the endpoint in question.
21 +When selecting the option OAuth2.0 (or OpenID Connect) you have the option to use the IDP provided by eMagiz which makes the configuration easy or you could use an external IDP which you have control over and want to use for this purposes.
23 23  
24 -Key aspects are:
23 +In this microlearning we will highlight what you need to configure in Design and Deploy to make this work within the tooling of eMagiz.
25 25  
26 -* Defining the boundary that separates the parts of the message
27 -* Defining the content types of each part of the message
28 -* Construction of the complete message according to the specification
25 +=== 3.1 Design ===
29 29  
30 -{{info}}
31 -The following criteria apply when utilizing the boundary functionality within the multipart/form-data construction:
32 -* The value of the Boundary must begin with a double horizontal bar –, this is called a leading hyphen
33 -* The value of the Boundary must not contain more than 70 characters in addition to the leading hyphen.
34 -* The value of the Boundary must not contain characters that are disabled by the HTTP protocol or the URL, such as the colon: etc.
35 -* A boundary within the request body must always be preceeded by a CRLF line. This means that when the request body **ends** with a CRLF line an **additional** CRLF line is needed **before** the boundary doubling the CRLF lines in that part of the request body.{{/info}}
27 +On the security level of the API Gateway in Design you need to select the desired option, for example OAuth2.0. Instead of not filling in the token and issuer URL, indicating that you want to use the eMagiz IDP, you need to fill these in to reference the IDP of your choice. Below you see an example of how this could be configured.
36 36  
37 -=== 3.1 Prepare the message ===
29 +[[image:Main.Images.Microlearning.WebHome@expert-securing-data-traffic-api-gw-security-external-idp-security-config-design.png]]
38 38  
39 -To construct the message, several steps are needed to make it work. Luckily, most of the steps necessary have to do with concepts we have already discussed in previous microlearnings. As you can imagine, based on what multipart/form-data entails, we need a way to both store the meta information and the file(s) we want to send to the external party. For example, put the metadata in one (or multiple) header(s) and use the file content as a payload. This you can achieve with a header enricher and standard transformer.
31 +Note that the environmentID in this example should be replaced with an actual environmentID that references your environment.
40 40  
41 -Once the file content is your payload, you must ensure that the data is "raw." So when you have a base64 encoded string, you should decode it before sending it to the endpoint.
33 +=== 3.2 Deploy ===
42 42  
43 -On top of that, we need to define the contentType header.
35 +Normally, eMagiz will automatically update the User Management information based on the configuration in Design. However, because the identity check is not done by eMagiz but by an external party you need to manually enter the roles and users and configure the scope correctly on role level.
44 44  
45 -[[image:Main.Images.Microlearning.WebHome@expert-data-handling-multipart-form-data--content-type-header-config.png]]
37 +To do so navigate to User Management in Deploy and add the users you want manually by pressing the New button and providing them with a name. Do subsequently the same for the roles. On role level do not forget to correctly enter the scope to make the call work. Note that the help text on the scope level gently reminds you what you need to do to make this work.
46 46  
47 -=== 3.2 Construct the message ===
39 +[[image:Main.Images.Microlearning.WebHome@expert-securing-data-traffic-api-gw-security-external-idp-scope-configuration.png]]
48 48  
49 -After you have set the stage, you can use a standard transformer component to build your message correctly. To create it correctly, you need to take the following into account:
41 +{{warning}}When implementing this you would be the first to do so with this setup. This means there might be some unexpected behavior when configuring this.{{/warning}}
50 50  
51 -* Each part of the message needs to be separated by a boundary
52 -* The message needs to start with a boundary and finish with a boundary
53 -* Line breaks are needed to differentiate between the boundary and the text content
54 -* No line break is needed when the content is not text-based
43 +== 4. Assignment ==
55 55  
56 -Given all this, you can write the following SpEL expression that will yield a desirable output:
45 +No assignment
57 57  
58 -{{code}}'${multi-part-form-data.data-handling.boundary}' + headers.metaInfo + T(com.emagiz.util.Newline).CRLF.characters + '${multi-part-form-data.data-handling.boundary}' + T(com.emagiz.util.Newline).CRLF.characters + 'Content-Disposition: form-data; name="file"; filename="' + headers.filename + '"' + T(com.emagiz.util.Newline).CRLF.characters + 'Content-Type: application/pdf' + T(com.emagiz.util.Newline).CRLF.characters + T(com.emagiz.util.Newline).CRLF.characters + payload + '${multi-part-form-data.data-handling.boundary}'{{/code}}
47 +== 5. Key takeaways ==
59 59  
60 -Putting this in a standard transformation gives you the following solution in the flow.
49 +* The Token and Issuer URL of the external IDP need to be known
50 +* Users and Roles under User Management need to be manually configured and maintained to keep them in sync with the external IDP
51 +* When implementing this you would be the first to do so with this setup.
61 61  
62 -[[image:Main.Images.Microlearning.WebHome@expert-data-handling-multipart-form-data--standard-transformer-config.png]]
53 +== 6. Suggested Additional Readings ==
63 63  
64 -=== 3.3 Calling the endpoint ===
55 +If you are interested in this topic and want more information, please read the help text provided by eMagiz.
65 65  
66 -Now that we have constructed our message correctly, the last thing to do is call the endpoint in question. Since we have prepared our message and accurately defined our contentType calling the endpoint does not require any additional configurations compared to what you are already used to when dealing with REST endpoints.
57 +== 7. Silent demonstration video ==
67 67  
68 -== 4. Key takeaways ==
69 -
70 -* Make sure to define the boundary that separates the parts of the message
71 -* Make sure to define the content types of each part of the message
72 -* Make sure to define the content type that matches the specification for multipart/form-data
73 -* Construct the complete message according to the specification
74 -
75 -== 5. Suggested Additional Readings ==
76 -
77 -If you are interested in this topic, please read the help texts on the platform and read the following link:
78 -
79 -* [[Multipart form-data explained>>https://www.sobyte.net/post/2021-12/learn-about-http-multipart-form-data/||target="blank"]]
80 -
81 -)))((({{toc/}}))){{/container}}{{/container}}
59 +As this is more of theoretical microlearning, there is no video accompanying the microlearning.)))((({{toc/}}))){{/container}}{{/container}}