Skip to Content
Last modified by Danniar Firdausy on 2024/09/05 14:24
From version 40.1
edited by Erik Bakker
on 2023/01/23 08:28
Change comment: There is no comment for this version
To version 47.1
edited by Danniar Firdausy
on 2024/09/04 10:40
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.ebakker
1 +XWiki.dfirdausy
Content
... ... @@ -1,5 +1,5 @@
1 1  {{container}}{{container layoutStyle="columns"}}(((
2 -When setting up a point at which your customers can talk to you eMagiz offers various methods of creating such a point. One of those options is by hosting a SOAP Webservice in eMagiz that handles XML messages asynchronously or synchronously. In this microlearning, we will zoom in on the part that security plays on a client level when hosting a SOAP web service.
2 +In this microlearning, we’ll focus on securing your SOAP web service within eMagiz. Proper authentication is crucial to ensure that only authorized clients can access your service. We’ll cover the essentials of setting up authentication, including API key verification. By the end of this session, you'll understand how to configure your SOAP web service to handle client authentication securely. Let’s dive into how you can effectively set up and manage these security features.
3 3  
4 4  Should you have any questions, please contact academy@emagiz.com.
5 5  
... ... @@ -36,7 +36,7 @@
36 36  * Send along a client certificate
37 37  * Send along an API key in a SOAP Header that references to the word apiKey (i.e. apiKey)
38 38  
39 -To verify both parts some configuration is needed. The first aspect, checking for a valid client certificate is done on cloud level. For more information on how to exactly configure this please take a look at the microlearning [Securing a hosted web service with certificates in the eMagiz Cloud](intermediate-securing-your-data-traffic-securing-a-hosted-webservice-with-certificates-in-the-emagiz-cloud.md).
39 +To verify both parts some configuration is needed. The first aspect, checking for a valid client certificate is done on cloud level. For more information on how to exactly configure this please take a look at the microlearning [[Securing a hosted web service with certificates in the eMagiz Cloud>>Main.eMagiz Academy.Microlearnings.Intermediate Level.Securing Data Traffic.intermediate-securing-your-data-traffic-securing-a-hosted-webservice-with-certificates-in-the-emagiz-cloud||target="blank"]] microlearning.
40 40  
41 41  In this microlearning, we will focus on the second part of the configuration.
42 42  
... ... @@ -64,8 +64,10 @@
64 64  
65 65  ==== 3.1.2 Check value against list ====
66 66  
67 -Now that we placed the value the client has entered in the apiKey SOAP header on our message we can check whether the value exists in a list of predefined valid values. To do add two headers to the standard header enricher component in your flow. The first one ensures that the apiKey is removed from the header (to prevent the API key from being publicly seen by others). The second one searches for the client name that corresponds with the apiKey and returns the name of the client in the header. This search action is done with the help of a SpEL expression, more on that later on. In this case the SpEL expression we use is set up as follows: headers['spwbsrv_apiKey'] != null and {${authentication.api-keys}}.contains(headers.spwbsrv_apiKey) ? {${authentication.tenant-ids}}[{${authentication.api-keys}}.indexOf(headers.spwbsrv_apiKey)] : null
67 +Now that we placed the value the client has entered in the apiKey SOAP header on our message we can check whether the value exists in a list of predefined valid values. To do add two headers to the standard header enricher component in your flow. The first one ensures that the apiKey is removed from the header (to prevent the API key from being publicly seen by others). The second one searches for the client name that corresponds with the apiKey and returns the name of the client in the header. This search action is done with the help of a SpEL expression, more on that later on. In this case the SpEL expression we use is set up as follows:
68 68  
69 +{{code}}headers['spwbsrv_apiKey'] != null and {${authentication.api-keys}}.contains(headers.spwbsrv_apiKey) ? {${authentication.tenant-ids}}[{${authentication.api-keys}}.indexOf(headers.spwbsrv_apiKey)] : null{{/code}}
70 +
69 69  With this SpEL expression, we check whether there is an API key and whether that apiKey can be found in a predefined list. If so we search for the corresponding name based on the index of where a certain apiKey is within the list. If not the header is not created. Combining this logic in one component should look similar to the following.
70 70  
71 71  [[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--check-headers.png]]
... ... @@ -82,13 +82,8 @@
82 82  
83 83  With all this done we have successfully secured our SOAP web service according to the best practices.
84 84  
85 -== 4. Assignment ==
87 +== 4. Key takeaways ==
86 86  
87 -Secure a SOAP web service to confirm the outlined approach above. Focus on the apiKey part.
88 -This assignment can be completed with the help of the (Academy) project that you have created/used in the previous assignment.
89 -
90 -== 5. Key takeaways ==
91 -
92 92  * Crucial parts in the configuration are:
93 93   ** Operation Name
94 94   ** SOAP Webservice Namespace
... ... @@ -97,12 +97,21 @@
97 97  * Hosting your SOAP web service in the eMagiz cloud results in standard HTTPS
98 98  * Use a combination of client certificate + API key for authentication
99 99  
100 -== 6. Suggested Additional Readings ==
97 +== 5. Suggested Additional Readings ==
101 101  
102 -If you are interested in this topic and want more information on it please read the help text provided by eMagiz.
99 +* [[Novice (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Novice.WebHome||target="blank"]]
100 +** [[SOAP Web service Connectivity (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.WebHome||target="blank"]]
101 +*** [[Configure your SOAP web service (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-configure-your-soap-webservice-gen3.WebHome||target="blank"]]
102 +*** [[Validate Incoming Messages (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-validate-incoming-messages-gen3.WebHome||target="blank"]]
103 +*** [[Endpoint Check (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-endpoint-check-gen3.WebHome||target="blank"]]
104 +*** [[SOAP Headers (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-soap-headers||target="blank"]]
105 +*** [[Calling a SOAP Web service (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-calling-a-soap-webservice||target="blank"]]
106 +*** [[Authorization - Calling a SOAP Webservice (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-authorization-calling-a-soap-webservice||target="blank"]]
107 +* [[Intermediate (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.WebHome||target="blank"]]
108 +** [[SOAP Web service Connectivity (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.SOAP Web service Connectivity.WebHome||target="blank"]]
109 +* [[Expert (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Expert Level.WebHome||target="blank"]]
110 +** [[Webservice Security (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Expert Level.Webservice Security.WebHome||target="blank"]]
111 +* [[SOAP Web service (Search Result)>>url:https://docs.emagiz.com/bin/view/Main/Search?sort=score&sortOrder=desc&highlight=true&facet=true&r=1&f_space_facet=0%2FMain.&f_type=DOCUMENT&f_locale=en&f_locale=&f_locale=en&text=%22soap+web+service%22||target="blank"]]
103 103  
104 -== 7. Silent demonstration video ==
105 105  
106 -{{video attachment="novice-soap-webservice-connectivity-securing-your-soap-webservice.mp4" reference="Main.Videos.Microlearning.WebHome"/}}
107 -
108 108  )))((({{toc/}}))){{/container}}{{/container}}