Changes for page Securing your SOAP Webservice
Last modified by Danniar Firdausy on 2024/09/05 14:24
From version 44.1
edited by Carlijn Kokkeler
on 2024/08/21 16:30
on 2024/08/21 16:30
Change comment:
There is no comment for this version
Summary
-
Page properties (4 modified, 0 added, 0 removed)
-
Attachments (0 modified, 4 added, 0 removed)
Details
- Page properties
-
- Title
-
... ... @@ -1,1 +1,0 @@ 1 -Securing your SOAP Webservice - Parent
-
... ... @@ -1,1 +1,0 @@ 1 -WebHome - Author
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki. CarlijnKokkeler1 +XWiki.marijn - Content
-
... ... @@ -1,113 +1,97 @@ 1 -{{container}}{{container layoutStyle="columns"}}((( 2 -When setting up a point at which your customers can talk to you eMagiz offers various methods of creating such a point. One of those options is by hosting a SOAP Webservice in eMagiz that handles XML messages asynchronously or synchronously. In this microlearning, we will zoom in on the part that security plays on a client level when hosting a SOAP web service. 1 +{{html wiki="true"}} 2 +<div class="ez-academy"> 3 + <div class="ez-academy_body"> 3 3 4 - Shouldyou haveany questions, please contact academy@emagiz.com.5 +<div class="doc"> 5 5 6 -== 1. Prerequisites == 7 -* Basic knowledge of the eMagiz platform 8 8 9 -== 2. Key concepts == 10 -This microlearning centers around configuring your SOAP web service. 11 11 12 - Byconfiguring, we mean: Designing and determining the characteristicsof the SOAP webservice9 += Annotations = 13 13 14 -Crucial parts in the configuration are: 15 -* Operation Name 16 -* SOAP Webservice Namespace 17 -* Validation 18 -* Authentication 11 +In this microlearning, we will focus on using annotations to clarify your thought process. In the annotation, you either describe a best practice everyone should follow when they change that flow (i.e. within the asynchronous routing), describe how the (more complex) parts of the flow work or describe (parts of) of your message definitions (i.e. CDM, API Gateway Data model, system message, etc.). This will help yourself and others every time changes are needed. 19 19 20 - Of these four points, we willzoomin on the authentication part of our SOAP Webserviceinhismicrolearning.13 +Should you have any questions, please contact academy@emagiz.com. 21 21 22 -== 3. Securing your SOAP Webservice == 15 +* Last update: May 9th, 2021 16 +* Required reading time: 5 minutes 23 23 24 - Whensetting up a point at which your customers can talk to you eMagiz offers various methods of creating such a point.One of those options is by hosting a SOAPWebservicein eMagiz that handles XML messages asynchronously or synchronously. In this microlearning, we will zoom in on the part that security playson a clientlevel when hostinga SOAP web service.18 +== 1. Prerequisites == 25 25 26 -Crucial parts in the configuration are: 27 -* Operation Name 28 -* SOAP Webservice Namespace 29 -* Validation 30 -* Authentication 20 +* Basic knowledge of the eMagiz platform 31 31 32 - Ofthese four points, we will zoom in on the authentication part of our SOAP Webservice in this microlearning.When hostingyourSOAP web service in the eMagiz Cloud the endpoint will be HTTPS secured on default. If you want to mimic the same result for an on-premise environmentyoushoulddefine the valid SSL settings, as explained in this [[Q&A>>https://my.emagiz.com/p/question/172825635700357186||target="blank"]].22 +== 2. Key concepts == 33 33 34 -Apart from that aspect of security, we should also consider how clients that call the SOAP Web service will authenticate themselves upon entry. Within eMagiz, we advise a two-step approach. Each client that wants to call your SOAP Webservice should: 24 +This microlearning centers around using annotations. 25 +With annotations, we mean: A piece of text to explain something to yourself and others 35 35 36 -* Send along a client certificate 37 -* Send along an API key in a SOAP Header that references to the word apiKey (i.e. apiKey) 27 +Annotations can be used for: 38 38 39 -To verify both parts some configuration is needed. The first aspect, checking for a valid client certificate is done on cloud level. For more information on how to exactly configure this please take a look at the microlearning [Securing a hosted web service with certificates in the eMagiz Cloud](intermediate-securing-your-data-traffic-securing-a-hosted-webservice-with-certificates-in-the-emagiz-cloud.md). 29 +* Describing a best practice everyone should follow 30 +* Describing (more complex) parts of the flow 31 +* Describe (parts of) your message definitions 40 40 41 -In this microlearning, we will focus on the second part of the configuration. 42 42 43 -=== 3.1 API Key verification === 44 44 45 - Toverifywhether the client has sent a validAPI Key weneed to change the configuration within the entry flow in the Create phase of eMagiz. The configuration consistsof three steps:35 +== 3. Annotations == 46 46 47 -* Get value from SOAP Header 48 -* Check value against a list 49 -* Respond based on results 37 +In this microlearning, we will focus on using annotations on the flow level to clarify our thought process. In the annotation, you either describe a best practice everyone should follow when they change that flow (i.e. within the asynchronous routing) or describe how the (more complex) parts of the flow work. This will help yourself and others every time changes are needed within the flow. 50 50 51 - ====3.1.1Getvalue from SOAP Header====39 +Annotations can be used for: 52 52 53 -Let us move to the entry flow by going to the Create phase of eMagiz, opening the correct flow, and entering "Start Editing" mode. After you have done so we need to add a support object to the flow. The support we need is called 'Complex SOAP header mapper'. In this component, we need the bottom section. 41 +* Describing a best practice everyone should follow 42 +* Describing (more complex) parts of the flow 43 +* Describe (parts of) your message definitions 54 54 55 - [[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--complex-soap-header-mapper.png]]45 +To clarify the use cases let us take a look at how annotations can be added within the eMagiz platform. In our first example, we will take a look at asynchronous routing. In many eMagiz projects, a best practice is followed on how to add something to the asynchronous routing (or change something within the asynchronous routing). Because the best practice contains multiple steps it makes sense to use the annotation functionality of eMagiz to define all these steps and register them at the place you need them (i.e. the asynchronous routing). Having done so will result in something like this: 56 56 57 - Herewe defineanew headerbyentering a namedavalid XPathexpression.47 +<p align="center">[[image:novice-devops-perspectives-annotations--annotation-best-practice-async-routing.png||]]</p> 58 58 59 - [[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--complex-soap-header-mapper-config.png]]49 +The second example is about using annotations on the flow level to describe parts of the flow. In this example, we will use the annotation to describe that we use a filter to determine which messages are picked up from a local directory and how we filter. That way anyway opening the flow has to merely read the annotation to get the context. Having done so will result in something like this: 60 60 61 - When you are satisfied you canpressSave twiceo storethe support object. After we have configured the support object weneed tolink it to our web serviceinboundgateway. Todoso open the component, navigateto theadvancedtab andselect the Header mapper you have justcreated.51 +<p align="center">[[image:novice-devops-perspectives-annotations--describe-parts-of-flow.png||]]</p> 62 62 63 - [[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--link-complex-soap-header-mapper.png]]53 +The third example does not take place on the flow level but the message definition level. Therefore instead of going to Create, we go to Design. In Design when you navigate to the CDM, API Gateway Data model, Event Streaming Data model, message definitions, etc. you have the option to add annotations to the canvas. In this example, we want to make clear to all that make changes that a certain part of our CDM is used by a lot of integrations within eMagiz and therefore everyone should be careful and think twice before adjusting anything related to that part. Having done so will result in something like this: 64 64 65 - ====3.1.2 Check valueainstlist====55 +<p align="center">[[image:novice-devops-perspectives-annotations--describe-crucial-part-of-cdm.png||]]</p> 66 66 67 -Now that we placedthevaluethe clienthasentered intheapiKeySOAPheaderonour messagewecancheckwhetherthe valueexistsin alistofpredefinedvalidvalues.Todo addtwoheaderstohe standardheader enrichercomponentin yourflow. Thefirst one ensuresthatthe apiKeyis removedfrom theheader (topreventtheAPI key frombeing publiclyseenbyothers).The secondonesearchesfortheclientname thatcorrespondswiththeapiKey andreturnsthe nameoftheentin the header. This searchactionis donewithhehelpofa SpELexpression,moreon thatlateron.Inthiscase the SpEL expressionweuseissetupas follows:57 +Now that we saw some examples let us turn our attention to the how. How can I add an annotation and how can I link it. Adding the annotation is simple. You drag the annotation icon from the left context menu onto the canvas. As a result, an empty annotation will be shown on the canvas. By double-clicking on it you can type whatever you want. Note that you need to be in "Start Editing" mode to change anything, including annotations. 68 68 69 - {{code}}headers['spwbsrv_apiKey'] !=null and {${authentication.api-keys}}.contains(headers.spwbsrv_apiKey) ? {${authentication.tenant-ids}}[{${authentication.api-keys}}.indexOf(headers.spwbsrv_apiKey)] :null{{/code}}59 +<p align="center">[[image:novice-devops-perspectives-annotations--annotation-icon-context-menu.png||]]</p> 70 70 71 -W iththisSpEL expression, wecheckwhetherthereis anAPI key andwhetherthatapiKeycanbefoundina predefinedlist.If soweearchforthe correspondingnamebasedon the indexofwhere acertain apiKeyis withintheist.If nottheheaderisnotcreated. Combiningthislogicinmponentshouldlooksimilarto thefollowing.61 +When you are satisfied with what you have written down you can press the Save button. After you have done so you can rescale the annotation to ensure that the complete text is visible. To link the annotation to a component (on flow level) or an entity (on message definition level) you hover over the annotation until your mouse indicator changes to a + icon, execute a right-click and drag from the annotation to the component in question. 72 72 73 - [[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--check-headers.png]]63 +Now you know what annotations are good for and how you can add them within the eMagiz platform. 74 74 75 -==== 3.1.3 Respond basedon results====65 +===== Practice ===== 76 76 77 - Afterwehave searched for theAPI key in the list and we have defined the client that issendingthe information (or not) wecanrespondtothe client whether or not the client is authorized to call our SOAP web service. To execute this check we first need a standard filter component. In this component, we will check whether the spwbsrv_client header we have just created is not null.67 +== 4. Assignment == 78 78 79 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--standard-filter.png]] 69 +Add annotation on the flow level that describes how (a part of) a flow works. 70 +This assignment can be completed with the help of the (Academy) project that you have created/used in the previous assignment. 80 80 81 - Ifitis indeednotnull we can pass the empty message backto theclient telling the client that the messagewas delivered successfully. If the header isnull we need to tell the client that he/she is unauthorized to call the operation. To do so we need to add a component called 'custom error message activator'. In this component, we define the message we want to give back to the client in case of an error. In this case, we simply give back 'Unauthorized'.72 +== 5. Key takeaways == 82 82 83 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--custom-error-message.png]] 74 +* Annotations can be used for: 75 + * Describing a best practice everyone should follow 76 + * Describing (more complex) parts of the flow 77 + * Describe (parts of) your message definitions 78 +* You can add annotations by dragging and dropping the annotation icon on the canvas. 84 84 85 -With all this done we have successfully secured our SOAP web service according to the best practices. 86 86 87 -== 4. Key takeaways == 88 88 89 -* Crucial parts in the configuration are: 90 - ** Operation Name 91 - ** SOAP Webservice Namespace 92 - ** Validation 93 - ** Authentication 94 -* Hosting your SOAP web service in the eMagiz cloud results in standard HTTPS 95 -* Use a combination of client certificate + API key for authentication 82 +== 6. Suggested Additional Readings == 96 96 97 - ==5.SuggestedAdditionalReadings==84 +There are no suggested additional readings on this topic 98 98 99 -* [[Novice (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Novice.WebHome||target="blank"]] 100 -** [[SOAP Web service Connectivity (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.WebHome||target="blank"]] 101 -*** [[Configure your SOAP web service (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-configure-your-soap-webservice-gen3.WebHome||target="blank"]] 102 -*** [[Validate Incoming Messages (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-validate-incoming-messages-gen3.WebHome||target="blank"]] 103 -*** [[Endpoint Check (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-endpoint-check-gen3.WebHome||target="blank"]] 104 -*** [[SOAP Headers (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-soap-headers||target="blank"]] 105 -*** [[Calling a SOAP Web service (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-calling-a-soap-webservice||target="blank"]] 106 -*** [[Authorization - Calling a SOAP Webservice (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-authorization-calling-a-soap-webservice||target="blank"]] 107 -* [[Intermediate (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.WebHome||target="blank"]] 108 -** [[SOAP Web service Connectivity (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.SOAP Web service Connectivity.WebHome||target="blank"]] 109 -* [[Expert (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Expert Level.WebHome||target="blank"]] 110 -** [[Webservice Security (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Expert Level.Webservice Security.WebHome||target="blank"]] 86 +== 7. Silent demonstration video == 111 111 88 +This video demonstrates how you could have handled the assignment and gives you some context on what you have just learned. 112 112 113 -)))((({{toc/}}))){{/container}}{{/container}} 90 +<iframe width="1280" height="720" src="../../vid/microlearning/novice-devops-perspectives-annotations.mp4" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe> 91 + 92 +</div> 93 + 94 +</div> 95 +</div> 96 + 97 +{{/html}}
- novice-devops-perspectives-annotations--annotation-best-practice-async-routing.png
-
- Author
-
... ... @@ -1,0 +1,1 @@ 1 +XWiki.marijn - Size
-
... ... @@ -1,0 +1,1 @@ 1 +25.7 KB - Content
- novice-devops-perspectives-annotations--annotation-icon-context-menu.png
-
- Author
-
... ... @@ -1,0 +1,1 @@ 1 +XWiki.marijn - Size
-
... ... @@ -1,0 +1,1 @@ 1 +774 bytes - Content
- novice-devops-perspectives-annotations--describe-crucial-part-of-cdm.png
-
- Author
-
... ... @@ -1,0 +1,1 @@ 1 +XWiki.marijn - Size
-
... ... @@ -1,0 +1,1 @@ 1 +15.5 KB - Content
- novice-devops-perspectives-annotations--describe-parts-of-flow.png
-
- Author
-
... ... @@ -1,0 +1,1 @@ 1 +XWiki.marijn - Size
-
... ... @@ -1,0 +1,1 @@ 1 +18.9 KB - Content