Skip to Content
Last modified by Danniar Firdausy on 2024/09/05 14:24
From version 44.1
edited by Carlijn Kokkeler
on 2024/08/21 16:30
Change comment: There is no comment for this version
To version 19.1
edited by eMagiz
on 2022/05/22 21:30
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,0 @@
1 -Securing your SOAP Webservice
Parent
... ... @@ -1,1 +1,0 @@
1 -WebHome
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.CarlijnKokkeler
1 +XWiki.marijn
Content
... ... @@ -1,113 +1,97 @@
1 -{{container}}{{container layoutStyle="columns"}}(((
2 -When setting up a point at which your customers can talk to you eMagiz offers various methods of creating such a point. One of those options is by hosting a SOAP Webservice in eMagiz that handles XML messages asynchronously or synchronously. In this microlearning, we will zoom in on the part that security plays on a client level when hosting a SOAP web service.
1 +{{html wiki="true"}}
2 +<div class="ez-academy">
3 + <div class="ez-academy_body">
3 3  
4 -Should you have any questions, please contact academy@emagiz.com.
5 +<div class="doc">
5 5  
6 -== 1. Prerequisites ==
7 -* Basic knowledge of the eMagiz platform
8 8  
9 -== 2. Key concepts ==
10 -This microlearning centers around configuring your SOAP web service.
11 11  
12 -By configuring, we mean: Designing and determining the characteristics of the SOAP web service
9 += Annotations =
13 13  
14 -Crucial parts in the configuration are:
15 -* Operation Name
16 -* SOAP Webservice Namespace
17 -* Validation
18 -* Authentication
11 +In this microlearning, we will focus on using annotations to clarify your thought process. In the annotation, you either describe a best practice everyone should follow when they change that flow (i.e. within the asynchronous routing), describe how the (more complex) parts of the flow work or describe (parts of) of your message definitions (i.e. CDM, API Gateway Data model, system message, etc.). This will help yourself and others every time changes are needed.
19 19  
20 -Of these four points, we will zoom in on the authentication part of our SOAP Webservice in this microlearning.
13 +Should you have any questions, please contact academy@emagiz.com.
21 21  
22 -== 3. Securing your SOAP Webservice ==
15 +* Last update: May 9th, 2021
16 +* Required reading time: 5 minutes
23 23  
24 -When setting up a point at which your customers can talk to you eMagiz offers various methods of creating such a point. One of those options is by hosting a SOAP Webservice in eMagiz that handles XML messages asynchronously or synchronously. In this microlearning, we will zoom in on the part that security plays on a client level when hosting a SOAP web service.
18 +== 1. Prerequisites ==
25 25  
26 -Crucial parts in the configuration are:
27 -* Operation Name
28 -* SOAP Webservice Namespace
29 -* Validation
30 -* Authentication
20 +* Basic knowledge of the eMagiz platform
31 31  
32 -Of these four points, we will zoom in on the authentication part of our SOAP Webservice in this microlearning. When hosting your SOAP web service in the eMagiz Cloud the endpoint will be HTTPS secured on default. If you want to mimic the same result for an on-premise environment you should define the valid SSL settings, as explained in this [[Q&A>>https://my.emagiz.com/p/question/172825635700357186||target="blank"]].
22 +== 2. Key concepts ==
33 33  
34 -Apart from that aspect of security, we should also consider how clients that call the SOAP Web service will authenticate themselves upon entry. Within eMagiz, we advise a two-step approach. Each client that wants to call your SOAP Webservice should:
24 +This microlearning centers around using annotations.
25 +With annotations, we mean: A piece of text to explain something to yourself and others
35 35  
36 -* Send along a client certificate
37 -* Send along an API key in a SOAP Header that references to the word apiKey (i.e. apiKey)
27 +Annotations can be used for:
38 38  
39 -To verify both parts some configuration is needed. The first aspect, checking for a valid client certificate is done on cloud level. For more information on how to exactly configure this please take a look at the microlearning [Securing a hosted web service with certificates in the eMagiz Cloud](intermediate-securing-your-data-traffic-securing-a-hosted-webservice-with-certificates-in-the-emagiz-cloud.md).
29 +* Describing a best practice everyone should follow
30 +* Describing (more complex) parts of the flow
31 +* Describe (parts of) your message definitions
40 40  
41 -In this microlearning, we will focus on the second part of the configuration.
42 42  
43 -=== 3.1 API Key verification ===
44 44  
45 -To verify whether the client has sent a valid API Key we need to change the configuration within the entry flow in the Create phase of eMagiz. The configuration consists of three steps:
35 +== 3. Annotations ==
46 46  
47 -* Get value from SOAP Header
48 -* Check value against a list
49 -* Respond based on results
37 +In this microlearning, we will focus on using annotations on the flow level to clarify our thought process. In the annotation, you either describe a best practice everyone should follow when they change that flow (i.e. within the asynchronous routing) or describe how the (more complex) parts of the flow work. This will help yourself and others every time changes are needed within the flow.
50 50  
51 -==== 3.1.1 Get value from SOAP Header ====
39 +Annotations can be used for:
52 52  
53 -Let us move to the entry flow by going to the Create phase of eMagiz, opening the correct flow, and entering "Start Editing" mode. After you have done so we need to add a support object to the flow. The support we need is called 'Complex SOAP header mapper'. In this component, we need the bottom section.
41 +* Describing a best practice everyone should follow
42 +* Describing (more complex) parts of the flow
43 +* Describe (parts of) your message definitions
54 54  
55 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--complex-soap-header-mapper.png]]
45 +To clarify the use cases let us take a look at how annotations can be added within the eMagiz platform. In our first example, we will take a look at asynchronous routing. In many eMagiz projects, a best practice is followed on how to add something to the asynchronous routing (or change something within the asynchronous routing). Because the best practice contains multiple steps it makes sense to use the annotation functionality of eMagiz to define all these steps and register them at the place you need them (i.e. the asynchronous routing). Having done so will result in something like this:
56 56  
57 -Here we define a new header by entering a name and a valid XPath expression.
47 +<p align="center">[[image:novice-devops-perspectives-annotations--annotation-best-practice-async-routing.png||]]</p>
58 58  
59 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--complex-soap-header-mapper-config.png]]
49 +The second example is about using annotations on the flow level to describe parts of the flow. In this example, we will use the annotation to describe that we use a filter to determine which messages are picked up from a local directory and how we filter. That way anyway opening the flow has to merely read the annotation to get the context. Having done so will result in something like this:
60 60  
61 -When you are satisfied you can press Save twice to store the support object. After we have configured the support object we need to link it to our web service inbound gateway. To do so open the component, navigate to the advanced tab and select the Header mapper you have just created.
51 +<p align="center">[[image:novice-devops-perspectives-annotations--describe-parts-of-flow.png||]]</p>
62 62  
63 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--link-complex-soap-header-mapper.png]]
53 +The third example does not take place on the flow level but the message definition level. Therefore instead of going to Create, we go to Design. In Design when you navigate to the CDM, API Gateway Data model, Event Streaming Data model, message definitions, etc. you have the option to add annotations to the canvas. In this example, we want to make clear to all that make changes that a certain part of our CDM is used by a lot of integrations within eMagiz and therefore everyone should be careful and think twice before adjusting anything related to that part. Having done so will result in something like this:
64 64  
65 -==== 3.1.2 Check value against list ====
55 +<p align="center">[[image:novice-devops-perspectives-annotations--describe-crucial-part-of-cdm.png||]]</p>
66 66  
67 -Now that we placed the value the client has entered in the apiKey SOAP header on our message we can check whether the value exists in a list of predefined valid values. To do add two headers to the standard header enricher component in your flow. The first one ensures that the apiKey is removed from the header (to prevent the API key from being publicly seen by others). The second one searches for the client name that corresponds with the apiKey and returns the name of the client in the header. This search action is done with the help of a SpEL expression, more on that later on. In this case the SpEL expression we use is set up as follows:
57 +Now that we saw some examples let us turn our attention to the how. How can I add an annotation and how can I link it. Adding the annotation is simple. You drag the annotation icon from the left context menu onto the canvas. As a result, an empty annotation will be shown on the canvas. By double-clicking on it you can type whatever you want. Note that you need to be in "Start Editing" mode to change anything, including annotations.
68 68  
69 -{{code}}headers['spwbsrv_apiKey'] != null and {${authentication.api-keys}}.contains(headers.spwbsrv_apiKey) ? {${authentication.tenant-ids}}[{${authentication.api-keys}}.indexOf(headers.spwbsrv_apiKey)] : null{{/code}}
59 +<p align="center">[[image:novice-devops-perspectives-annotations--annotation-icon-context-menu.png||]]</p>
70 70  
71 -With this SpEL expression, we check whether there is an API key and whether that apiKey can be found in a predefined list. If so we search for the corresponding name based on the index of where a certain apiKey is within the list. If not the header is not created. Combining this logic in one component should look similar to the following.
61 +When you are satisfied with what you have written down you can press the Save button. After you have done so you can rescale the annotation to ensure that the complete text is visible. To link the annotation to a component (on flow level) or an entity (on message definition level) you hover over the annotation until your mouse indicator changes to a + icon, execute a right-click and drag from the annotation to the component in question.
72 72  
73 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--check-headers.png]]
63 +Now you know what annotations are good for and how you can add them within the eMagiz platform.
74 74  
75 -==== 3.1.3 Respond based on results ====
65 +===== Practice =====
76 76  
77 -After we have searched for the API key in the list and we have defined the client that is sending the information (or not) we can respond to the client whether or not the client is authorized to call our SOAP web service. To execute this check we first need a standard filter component. In this component, we will check whether the spwbsrv_client header we have just created is not null.
67 +== 4. Assignment ==
78 78  
79 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--standard-filter.png]]
69 +Add annotation on the flow level that describes how (a part of) a flow works.
70 +This assignment can be completed with the help of the (Academy) project that you have created/used in the previous assignment.
80 80  
81 -If it is indeed not null we can pass the empty message back to the client telling the client that the message was delivered successfully. If the header is null we need to tell the client that he/she is unauthorized to call the operation. To do so we need to add a component called 'custom error message activator'. In this component, we define the message we want to give back to the client in case of an error. In this case, we simply give back 'Unauthorized'.
72 +== 5. Key takeaways ==
82 82  
83 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--custom-error-message.png]]
74 +* Annotations can be used for:
75 + * Describing a best practice everyone should follow
76 + * Describing (more complex) parts of the flow
77 + * Describe (parts of) your message definitions
78 +* You can add annotations by dragging and dropping the annotation icon on the canvas.
84 84  
85 -With all this done we have successfully secured our SOAP web service according to the best practices.
86 86  
87 -== 4. Key takeaways ==
88 88  
89 -* Crucial parts in the configuration are:
90 - ** Operation Name
91 - ** SOAP Webservice Namespace
92 - ** Validation
93 - ** Authentication
94 -* Hosting your SOAP web service in the eMagiz cloud results in standard HTTPS
95 -* Use a combination of client certificate + API key for authentication
82 +== 6. Suggested Additional Readings ==
96 96  
97 -== 5. Suggested Additional Readings ==
84 +There are no suggested additional readings on this topic
98 98  
99 -* [[Novice (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Novice.WebHome||target="blank"]]
100 -** [[SOAP Web service Connectivity (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.WebHome||target="blank"]]
101 -*** [[Configure your SOAP web service (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-configure-your-soap-webservice-gen3.WebHome||target="blank"]]
102 -*** [[Validate Incoming Messages (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-validate-incoming-messages-gen3.WebHome||target="blank"]]
103 -*** [[Endpoint Check (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-endpoint-check-gen3.WebHome||target="blank"]]
104 -*** [[SOAP Headers (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-soap-headers||target="blank"]]
105 -*** [[Calling a SOAP Web service (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-calling-a-soap-webservice||target="blank"]]
106 -*** [[Authorization - Calling a SOAP Webservice (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-authorization-calling-a-soap-webservice||target="blank"]]
107 -* [[Intermediate (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.WebHome||target="blank"]]
108 -** [[SOAP Web service Connectivity (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.SOAP Web service Connectivity.WebHome||target="blank"]]
109 -* [[Expert (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Expert Level.WebHome||target="blank"]]
110 -** [[Webservice Security (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Expert Level.Webservice Security.WebHome||target="blank"]]
86 +== 7. Silent demonstration video ==
111 111  
88 +This video demonstrates how you could have handled the assignment and gives you some context on what you have just learned.
112 112  
113 -)))((({{toc/}}))){{/container}}{{/container}}
90 +<iframe width="1280" height="720" src="../../vid/microlearning/novice-devops-perspectives-annotations.mp4" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
91 +
92 +</div>
93 +
94 +</div>
95 +</div>
96 +
97 +{{/html}}
novice-devops-perspectives-annotations--annotation-best-practice-async-routing.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.marijn
Size
... ... @@ -1,0 +1,1 @@
1 +25.7 KB
Content
novice-devops-perspectives-annotations--annotation-icon-context-menu.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.marijn
Size
... ... @@ -1,0 +1,1 @@
1 +774 bytes
Content
novice-devops-perspectives-annotations--describe-crucial-part-of-cdm.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.marijn
Size
... ... @@ -1,0 +1,1 @@
1 +15.5 KB
Content
novice-devops-perspectives-annotations--describe-parts-of-flow.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.marijn
Size
... ... @@ -1,0 +1,1 @@
1 +18.9 KB
Content