Skip to Content

Changes for page Endpoint Check

Last modified by Erik Bakker on 2024/02/21 21:35
From version 31.1
edited by Erik Bakker
on 2022/06/10 13:29
Change comment: There is no comment for this version
To version 38.1
edited by Erik Bakker
on 2022/06/12 09:38
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -Character set
1 +Securing your SOAP Webservice
Content
... ... @@ -1,67 +1,111 @@
1 1  {{container}}{{container layoutStyle="columns"}}(((
2 -n some cases, the input you receive or the output that you need to send to an external party cannot handle all characters or the input or output is written with the help of a character set. In this microlearning, we will learn how you can define the character set for file-based connectivity to ensure that you can process and deliver files according to the specifications.
2 +When setting up a point at which your customers can talk to you eMagiz offers various methods of creating such a point. One of those options is by hosting a SOAP Webservice in eMagiz that handles XML messages asynchronously or synchronously. In this microlearning, we will zoom in on the part that security plays on a client level when hosting a SOAP web service.
3 3  
4 -Should you have any questions, please contact [[academy@emagiz.com>>mailto:academy@emagiz.com]].
4 +Should you have any questions, please contact academy@emagiz.com.
5 5  
6 -* Last update: May 31th, 2021
6 +* Last update: June 10th, 2021
7 7  * Required reading time: 7 minutes
8 8  
9 9  == 1. Prerequisites ==
10 -
11 11  * Basic knowledge of the eMagiz platform
12 12  
13 13  == 2. Key concepts ==
13 +This microlearning centers around configuring your SOAP web service.
14 14  
15 -This microlearning centers around learning how to define the character set to ensure that eMagiz processes the information correctly.
15 +By configuring, we mean: Designing and determining the characteristics of the SOAP web service
16 16  
17 -By character set, we mean: The composite number of different characters that are being used and supported by computer software and hardware. It consists of codes, bit patterns, or natural numbers used in defining some particular character.
17 +Crucial parts in the configuration are:
18 +* Operation Name
19 +* SOAP Webservice Namespace
20 +* Validation
21 +* Authentication
18 18  
19 -* Some external system talk in a different character set
20 -* eMagiz talks in default UTF-8 as a character set and assumes everyone else also does this
21 -* In cases of mismatch correct is at the point where you talk with the other system (i.e. entry or exit)
23 +Of these four points, we will zoom in on the authentication part of our SOAP Webservice in this microlearning.
24 +
25 +== 3. Securing your SOAP Webservice ==
22 22  
23 -== 3. Character set ==
27 +When setting up a point at which your customers can talk to you eMagiz offers various methods of creating such a point. One of those options is by hosting a SOAP Webservice in eMagiz that handles XML messages asynchronously or synchronously. In this microlearning, we will zoom in on the part that security plays on a client level when hosting a SOAP web service.
24 24  
25 -In some cases, the input you receive or the output that you need to send to an external party cannot handle all characters or the input or output is written with the help of a character set. In this microlearning, we will learn how you can define the character set for file-based connectivity to ensure that you can process and deliver files according to the specifications.
29 +Crucial parts in the configuration are:
30 +* Operation Name
31 +* SOAP Webservice Namespace
32 +* Validation
33 +* Authentication
26 26  
27 -Sometimes external systems only talk in a specific character set. To ensure that all the data is properly communicated between eMagiz and the other system we need to make sure that we define which character set that is so we can tell it to eMagiz via a component. That way eMagiz will deviate from its default (i.e. UTF-8) and will process the file according to that different character set. In practice, we mainly see windows-1252 as an alternative that pops up once in a while. In various components that deal with file handling, you can define the character set on which eMagiz should act. Examples of such components are:
35 +Of these four points, we will zoom in on the authentication part of our SOAP Webservice in this microlearning. When hosting your SOAP web service in the eMagiz Cloud the endpoint will be HTTPS secured on default. If you want to mimic the same result for an on-premise environment you should define the valid SSL settings (https://my.emagiz.com/p/question/172825635700357186).
28 28  
29 -- File to string transformer
30 -- Flat file to XML transformer
31 -- File outbound channel adapter
37 +Apart from that aspect of security, we should also consider how clients that call the SOAP Web service will authenticate themselves upon entry. Within eMagiz, we advise a two-step approach. Each client that wants to call your SOAP Webservice should:
32 32  
33 -In all these components you have the option to define the character set within the Advanced tab of the component. In this microlearning, we will use the File to string transformer to illustrate how that will look.
39 +* Send along a client certificate
40 +* Send along an API key in a SOAP Header that references to the word apiKey (i.e. apiKey)
34 34  
35 -[[image:Main.Images.Microlearning.WebHome@novice-file-based-connectivity-characterset--characterset-configuration.png]]
42 +To verify both parts some configuration is needed. The first aspect, checking for a valid client certificate is done on cloud level. For more information on how to exactly configure this please take a look at the microlearning [Securing a hosted web service with certificates in the eMagiz Cloud](intermediate-securing-your-data-traffic-securing-a-hosted-webservice-with-certificates-in-the-emagiz-cloud.md).
36 36  
37 -In this field, you can define the character set of your choice. To make this work in eMagiz you need to navigate to the Create phase of eMagiz and open the entry flow in which you want to retrieve the file to a certain location. Within the context of this flow, we need to add functionality that will ensure that the correct character set is used. To do so first enter "Start Editing" mode on flow level. After that open, the File to string transformer, navigate to the Advanced tab, and fill in the correct character set. After you have defined the correct character set the only thing left to do is to Save the component. See the suggested additional readings section on the complete list of character sets that are supported by Java 8.
44 +In this microlearning, we will focus on the second part of the configuration.
38 38  
39 -Congratulations you have successfully learned how to specify the character set.
46 +=== 3.1 API Key verification ===
40 40  
48 +To verify whether the client has sent a valid API Key we need to change the configuration within the entry flow in the Create phase of eMagiz. The configuration consists of three steps:
49 +
50 +* Get value from SOAP Header
51 +* Check value against a list
52 +* Respond based on results
53 +
54 +==== 3.1.1 Get value from SOAP Header ====
55 +
56 +Let us move to the entry flow by going to the Create phase of eMagiz, opening the correct flow, and entering "Start Editing" mode. After you have done so we need to add a support object to the flow. The support we need is called 'Complex SOAP header mapper'. In this component, we need the bottom section.
57 +
58 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--complex-soap-header-mapper.png]]
59 +
60 +Here we define a new header by entering a name and a valid XPath expression.
61 +
62 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--complex-soap-header-mapper-config.png]]
63 +
64 +When you are satisfied you can press Save twice to store the support object. After we have configured the support object we need to link it to our web service inbound gateway. To do so open the component, navigate to the advanced tab and select the Header mapper you have just created.
65 +
66 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--link-complex-soap-header-mapper.png]]
67 +
68 +==== 3.1.2 Check value against list ====
69 +
70 +Now that we placed the value the client has entered in the apiKey SOAP header on our message we can check whether the value exists in a list of predefined valid values. To do add two headers to the standard header enricher component in your flow. The first one ensures that the apiKey is removed from the header (to prevent the API key from being publicly seen by others). The second one searches for the client name that corresponds with the apiKey and returns the name of the client in the header. This search action is done with the help of a SpEL expression, more on that later on. In this case the SpEL expression we use is set up as follows: headers['spwbsrv_apiKey'] != null and {${authentication.api-keys}}.contains(headers.spwbsrv_apiKey) ? {${authentication.tenant-ids}}[{${authentication.api-keys}}.indexOf(headers.spwbsrv_apiKey)] : null
71 +
72 +With this SpEL expression, we check whether there is an API key and whether that apiKey can be found in a predefined list. If so we search for the corresponding name based on the index of where a certain apiKey is within the list. If not the header is not created. Combining this logic in one component should look similar to the following.
73 +
74 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--check-headers.png]]
75 +
76 +==== 3.1.3 Respond based on results ====
77 +
78 +After we have searched for the API key in the list and we have defined the client that is sending the information (or not) we can respond to the client whether or not the client is authorized to call our SOAP web service. To execute this check we first need a standard filter component. In this component, we will check whether the spwbsrv_client header we have just created is not null.
79 +
80 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--standard-filter.png]]
81 +
82 +If it is indeed not null we can pass the empty message back to the client telling the client that the message was delivered successfully. If the header is null we need to tell the client that he/she is unauthorized to call the operation. To do so we need to add a component called 'custom error message activator'. In this component, we define the message we want to give back to the client in case of an error. In this case, we simply give back 'Unauthorized'.
83 +
84 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--custom-error-message.png]]
85 +
86 +With all this done we have successfully secured our SOAP web service according to the best practices.
87 +
41 41  == 4. Assignment ==
42 42  
43 -Configure an entry in which you define the component and configuration needed to process a file on a per-line basis.
90 +Secure a SOAP web service to confirm the outlined approach above. Focus on the apiKey part.
44 44  This assignment can be completed with the help of the (Academy) project that you have created/used in the previous assignment.
45 45  
46 46  == 5. Key takeaways ==
47 47  
48 -* Some external system talk in a different character set
49 -* eMagiz talks in default UTF-8 as a character set and assumes everyone else also does this
50 -* In cases of mismatch correct is at the point where you talk with the other system (i.e. entry or exit)
51 -* eMagiz provides several components within which you can define the character set
95 +* Crucial parts in the configuration are:
96 + ** Operation Name
97 + ** SOAP Webservice Namespace
98 + ** Validation
99 + ** Authentication
100 +* Hosting your SOAP web service in the eMagiz cloud results in standard HTTPS
101 +* Use a combination of client certificate + API key for authentication
52 52  
53 53  == 6. Suggested Additional Readings ==
54 54  
55 -If you are interested in this topic and want more information on it please read the help text provided by eMagiz and read the following links:
105 +If you are interested in this topic and want more information on it please read the help text provided by eMagiz.
56 56  
57 -* https://docs.oracle.com/javase/8/docs/technotes/guides/intl/encoding.doc.html
58 -* https://www.techopedia.com/definition/941/character-set
59 -* https://www.smashingmagazine.com/2012/06/all-about-unicode-utf8-character-sets/
60 -
61 61  == 7. Silent demonstration video ==
62 62  
63 -This video demonstrates how you could have handled the assignment and gives you some context on what you have just learned.
109 +{{video attachment="novice-soap-webservice-connectivity-securing-your-soap-webservice.mp4" reference="Main.Videos.Microlearning.WebHome"/}}
64 64  
65 -{{video attachment="/novice-file-based-connectivity-characterset.mp4" reference="Main.Videos.Microlearning.WebHome"/}}
66 -
67 67  )))((({{toc/}}))){{/container}}{{/container}}