Skip to Content

Changes for page Endpoint Check

Last modified by Danniar Firdausy on 2024/09/04 10:26
From version 35.2
edited by Erik Bakker
on 2022/06/12 09:35
Change comment: Update document after refactoring.
To version 38.1
edited by Erik Bakker
on 2022/06/12 09:38
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -novice-soap-webservice-connectivity-validate-incoming-messages
1 +Securing your SOAP Webservice
Content
... ... @@ -1,100 +1,104 @@
1 -{{container}}{{container layoutStyle="columns"}}(((
2 -When talking to external parties via a SOAP web service you need to define in eMagiz that you want to call a SOAP web service so eMagiz will form a correct SOAP message. On top of the call there is a support object in eMagiz that will help you with the analysis of your problems when calling the SOAP web service. In this microlearning, we will learn how to call a SOAP web service from eMagiz.
1 +{{container}}{{container layoutStyle="columns"}}(((
2 +When setting up a point at which your customers can talk to you eMagiz offers various methods of creating such a point. One of those options is by hosting a SOAP Webservice in eMagiz that handles XML messages asynchronously or synchronously. In this microlearning, we will zoom in on the part that security plays on a client level when hosting a SOAP web service.
3 3  
4 4  Should you have any questions, please contact academy@emagiz.com.
5 5  
6 -* Last update: April 1st, 2022
7 -* Required reading time: 5 minutes
6 +* Last update: June 10th, 2021
7 +* Required reading time: 7 minutes
8 8  
9 9  == 1. Prerequisites ==
10 10  * Basic knowledge of the eMagiz platform
11 11  
12 12  == 2. Key concepts ==
13 -This microlearning centers around calling a SOAP Webservice.
13 +This microlearning centers around configuring your SOAP web service.
14 14  
15 -With SOAP, we mean: A messaging protocol specification for exchanging structured information in the implementation of web services in computer networks.
15 +By configuring, we mean: Designing and determining the characteristics of the SOAP web service
16 16  
17 -* To call a REST Webservice you need either:
18 - ** A Web Service Outbound Gateway
19 -* Critical information when configuring this component:
20 - ** URL
21 - ** Retry Advice
22 - ** Error Handling
23 - ** Authentication
17 +Crucial parts in the configuration are:
18 +* Operation Name
19 +* SOAP Webservice Namespace
20 +* Validation
21 +* Authentication
22 +
23 +Of these four points, we will zoom in on the authentication part of our SOAP Webservice in this microlearning.
24 24  
25 -== 3. Calling a SOAP Webservice ==
25 +== 3. Securing your SOAP Webservice ==
26 26  
27 -When talking to external parties via a SOAP web service you need to define in eMagiz that you want to call a SOAP web service so eMagiz will form a correct SOAP message. On top of the call there is a support object in eMagiz that will help you with the analysis of your problems when calling the SOAP web service. In this microlearning, we will learn how to call a SOAP web service from eMagiz.
27 +When setting up a point at which your customers can talk to you eMagiz offers various methods of creating such a point. One of those options is by hosting a SOAP Webservice in eMagiz that handles XML messages asynchronously or synchronously. In this microlearning, we will zoom in on the part that security plays on a client level when hosting a SOAP web service.
28 28  
29 -Calling a SOAP Webservice within eMagiz can be done with the help of a Web Service Outbound Gateway. To correctly configure this component you need to consider the following elements:
30 -
31 -* URL
32 -* Retry Advice
33 -* Error Handling
29 +Crucial parts in the configuration are:
30 +* Operation Name
31 +* SOAP Webservice Namespace
32 +* Validation
34 34  * Authentication
35 35  
36 -We will discuss the first three items in this list in this microlearning. In the microlearnings that will follow this microlearning, we will delve deeper into various authentication possibilities.
35 +Of these four points, we will zoom in on the authentication part of our SOAP Webservice in this microlearning. When hosting your SOAP web service in the eMagiz Cloud the endpoint will be HTTPS secured on default. If you want to mimic the same result for an on-premise environment you should define the valid SSL settings (https://my.emagiz.com/p/question/172825635700357186).
37 37  
38 -Before we delve into the configuration of the component let us first move to Create and open an exit flow in which we want to call the SOAP Webservice. When you open the exit flow it will look similar to this:
37 +Apart from that aspect of security, we should also consider how clients that call the SOAP Web service will authenticate themselves upon entry. Within eMagiz, we advise a two-step approach. Each client that wants to call your SOAP Webservice should:
39 39  
40 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-calling-a-soap-webservice--exit-flow-starting-point.png]]
39 +* Send along a client certificate
40 +* Send along an API key in a SOAP Header that references to the word apiKey (i.e. apiKey)
41 41  
42 -Now that we have opened the flow and are in "Start Editing" mode we need to add the web service outbound gateway to start with.
42 +To verify both parts some configuration is needed. The first aspect, checking for a valid client certificate is done on cloud level. For more information on how to exactly configure this please take a look at the microlearning [Securing a hosted web service with certificates in the eMagiz Cloud](intermediate-securing-your-data-traffic-securing-a-hosted-webservice-with-certificates-in-the-emagiz-cloud.md).
43 43  
44 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-calling-a-soap-webservice--web-service-outbound-component.png]]
44 +In this microlearning, we will focus on the second part of the configuration.
45 45  
46 -=== 3.1 URL ===
46 +=== 3.1 API Key verification ===
47 47  
48 -Now that we have added the correct component to the canvas it has become time to configure the component correctly. The first thing to configure when calling a SOAP Webservice is determining and registering the endpoint (URL) eMagiz should call to deliver the message too. As always in scenarios where an information element can change between environments, you should use a property reference and determine the correct value on a per-environment basis.
48 +To verify whether the client has sent a valid API Key we need to change the configuration within the entry flow in the Create phase of eMagiz. The configuration consists of three steps:
49 49  
50 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-calling-a-soap-webservice--web-service-outbound-component-url.png]]
50 +* Get value from SOAP Header
51 +* Check value against a list
52 +* Respond based on results
51 51  
52 -=== 3.2 Retry Advice ===
54 +==== 3.1.1 Get value from SOAP Header ====
53 53  
54 -The second setting we need to configure is the retry advice. With retry advice, you can guard your solution against temporary connection losses between eMagiz and the external party. As this can happen from time to time the best practice is to configure such a Retry Advice on every Web Service Outbound component. To add the Retry Advice move to the Advanced tab and move down to the Request handler advice chain segment. Within this segment, you will see a button called Retry Advice.
56 +Let us move to the entry flow by going to the Create phase of eMagiz, opening the correct flow, and entering "Start Editing" mode. After you have done so we need to add a support object to the flow. The support we need is called 'Complex SOAP header mapper'. In this component, we need the bottom section.
55 55  
56 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-calling-a-soap-webservice--web-service-outbound-component-retry-advice-button.png]]
58 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--complex-soap-header-mapper.png]]
57 57  
58 -When you click on the Retry Advice button you will be prompted with a pop-up. In here you need to configure the exact settings
60 +Here we define a new header by entering a name and a valid XPath expression.
59 59  
60 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-calling-a-soap-webservice--web-service-outbound-component-retry-advice-pop-up-empty.png]]
62 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--complex-soap-header-mapper-config.png]]
61 61  
62 -The best practice for this configuration is as follows for asynchronous solutions:
63 -* Select the option called Simple Retry Policy
64 -* Set the max attempts at 6
65 -* Select the Fixed back off policy
66 -* Set the backoff period at 5000 (ms)
64 +When you are satisfied you can press Save twice to store the support object. After we have configured the support object we need to link it to our web service inbound gateway. To do so open the component, navigate to the advanced tab and select the Header mapper you have just created.
67 67  
68 -When you have done so the configuration should look as follows. The only thing left is to press Save to save your Retry Advice configuration
66 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--link-complex-soap-header-mapper.png]]
69 69  
70 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-calling-a-soap-webservice--web-service-outbound-component-retry-advice-pop-up-filled-in.png]]
68 +==== 3.1.2 Check value against list ====
71 71  
72 -=== 3.3 Error Handling ===
70 +Now that we placed the value the client has entered in the apiKey SOAP header on our message we can check whether the value exists in a list of predefined valid values. To do add two headers to the standard header enricher component in your flow. The first one ensures that the apiKey is removed from the header (to prevent the API key from being publicly seen by others). The second one searches for the client name that corresponds with the apiKey and returns the name of the client in the header. This search action is done with the help of a SpEL expression, more on that later on. In this case the SpEL expression we use is set up as follows: headers['spwbsrv_apiKey'] != null and {${authentication.api-keys}}.contains(headers.spwbsrv_apiKey) ? {${authentication.tenant-ids}}[{${authentication.api-keys}}.indexOf(headers.spwbsrv_apiKey)] : null
73 73  
74 -When calling a SOAP Web service with the configuration we have defined up till here you could suffer from cryptic error response you get back when the SOAP web service call fails. To improve the error handling to make your life easier when analyzing the problem you need to add a support object to the canvas and link it to the web service outbound gateway. This support object is named "Detailed SOAP Fault Message Resolver".
72 +With this SpEL expression, we check whether there is an API key and whether that apiKey can be found in a predefined list. If so we search for the corresponding name based on the index of where a certain apiKey is within the list. If not the header is not created. Combining this logic in one component should look similar to the following.
75 75  
76 -To link the support object to your web service outbound gateway you open the web service outbound gateway, navigate to the Advanced tab, and select the Fault message resolver. Afterward press Save to save the link between the components.
74 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--check-headers.png]]
77 77  
78 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-calling-a-soap-webservice--web-service-outbound-component-fault-message-resolver.png]]
76 +==== 3.1.3 Respond based on results ====
79 79  
80 -Now that we have configured the HTTP Outbound component to our liking we can press Save on the component level to store our changes. As a result the flow will look as follows:
78 +After we have searched for the API key in the list and we have defined the client that is sending the information (or not) we can respond to the client whether or not the client is authorized to call our SOAP web service. To execute this check we first need a standard filter component. In this component, we will check whether the spwbsrv_client header we have just created is not null.
81 81  
82 -[[image:Main.Images.Microlearning.WebHome@microlearning/novice-soap-webservice-connectivity-calling-a-soap-webservice--flow-result.png]]
80 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--standard-filter.png]]
83 83  
82 +If it is indeed not null we can pass the empty message back to the client telling the client that the message was delivered successfully. If the header is null we need to tell the client that he/she is unauthorized to call the operation. To do so we need to add a component called 'custom error message activator'. In this component, we define the message we want to give back to the client in case of an error. In this case, we simply give back 'Unauthorized'.
83 +
84 +[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--custom-error-message.png]]
85 +
86 +With all this done we have successfully secured our SOAP web service according to the best practices.
87 +
84 84  == 4. Assignment ==
85 85  
86 -Build a flow within your project in which you do a call to an external party that hosts a SOAP web service.
90 +Secure a SOAP web service to confirm the outlined approach above. Focus on the apiKey part.
87 87  This assignment can be completed with the help of the (Academy) project that you have created/used in the previous assignment.
88 88  
89 89  == 5. Key takeaways ==
90 90  
91 -* eMagiz will create a valid SOAP message when using this component
92 -* eMagiz provides a support object for better error handling of SOAP faults
93 -* There are four key configuration elements:
94 - ** URL
95 - ** Retry Advice
96 - ** Error Handling
95 +* Crucial parts in the configuration are:
96 + ** Operation Name
97 + ** SOAP Webservice Namespace
98 + ** Validation
97 97   ** Authentication
100 +* Hosting your SOAP web service in the eMagiz cloud results in standard HTTPS
101 +* Use a combination of client certificate + API key for authentication
98 98  
99 99  == 6. Suggested Additional Readings ==
100 100  
... ... @@ -102,6 +102,6 @@
102 102  
103 103  == 7. Silent demonstration video ==
104 104  
105 -{{video attachment="novice-soap-webservice-connectivity-calling-a-soap-webservice.mp4" reference="Main.Videos.Microlearning.WebHome"/}}
109 +{{video attachment="novice-soap-webservice-connectivity-securing-your-soap-webservice.mp4" reference="Main.Videos.Microlearning.WebHome"/}}
106 106  
107 107  )))((({{toc/}}))){{/container}}{{/container}}