Skip to Content
Last modified by Danniar Firdausy on 2024/09/05 14:24
From version 44.1
edited by Carlijn Kokkeler
on 2024/08/21 16:30
Change comment: There is no comment for this version
To version 28.2
edited by Erik Bakker
on 2022/06/10 13:13
Change comment: Update document after refactoring.

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -Securing your SOAP Webservice
1 +novice-file-based-connectivity-processing-a-file-per-line
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.CarlijnKokkeler
1 +XWiki.ebakker
Content
... ... @@ -1,113 +1,70 @@
1 1  {{container}}{{container layoutStyle="columns"}}(((
2 -When setting up a point at which your customers can talk to you eMagiz offers various methods of creating such a point. One of those options is by hosting a SOAP Webservice in eMagiz that handles XML messages asynchronously or synchronously. In this microlearning, we will zoom in on the part that security plays on a client level when hosting a SOAP web service.
2 +In this microlearning, we will learn how you can define a header line in which you specify the naming of the various columns. Some external systems require a header line when you supply them with data via a flat file that is placed somewhere.
3 3  
4 -Should you have any questions, please contact academy@emagiz.com.
4 +Should you have any questions, please contact [[academy@emagiz.com>>mailto:academy@emagiz.com]].
5 5  
6 +* Last update: May 28th, 2021
7 +* Required reading time: 5 minutes
8 +
6 6  == 1. Prerequisites ==
10 +
7 7  * Basic knowledge of the eMagiz platform
8 8  
9 9  == 2. Key concepts ==
10 -This microlearning centers around configuring your SOAP web service.
11 11  
12 -By configuring, we mean: Designing and determining the characteristics of the SOAP web service
15 +This microlearning centers around learning how to place a header line on a flat-file output.
13 13  
14 -Crucial parts in the configuration are:
15 -* Operation Name
16 -* SOAP Webservice Namespace
17 -* Validation
18 -* Authentication
17 +By header line we mean: A line in the output that defines the naming of the various columns
19 19  
20 -Of these four points, we will zoom in on the authentication part of our SOAP Webservice in this microlearning.
19 +Some external parties require that the first line in the flat file output (i.e. CSV) is filled with column names (i.e. headers). In eMagiz, we call this line a header line.
21 21  
22 -== 3. Securing your SOAP Webservice ==
21 +== 3. Header line ==
23 23  
24 -When setting up a point at which your customers can talk to you eMagiz offers various methods of creating such a point. One of those options is by hosting a SOAP Webservice in eMagiz that handles XML messages asynchronously or synchronously. In this microlearning, we will zoom in on the part that security plays on a client level when hosting a SOAP web service.
23 +In this microlearning, we will learn how you can define a header line in which you specify the naming of the various columns. Some external systems require a header line when you supply them with data via a flat file that is placed somewhere. The header line is the first line in the flat file output. Within this line, the various column names are specified for clarity.
25 25  
26 -Crucial parts in the configuration are:
27 -* Operation Name
28 -* SOAP Webservice Namespace
29 -* Validation
30 -* Authentication
25 +To add such a header line in eMagiz you need to navigate to the Create phase of eMagiz and open the exit flow in which you want to drop the file to a certain location. Within the context of this flow, we need to add functionality that will ensure that a header line is written to the output before any functional lines are added. To do so first enter "Start Editing" mode on flow level. After you have done so please add a file outbound channel adapter to the flow including an input channel. We will use this component to write our header line to the flat file output.
31 31  
32 -Of these four points, we will zoom in on the authentication part of our SOAP Webservice in this microlearning. When hosting your SOAP web service in the eMagiz Cloud the endpoint will be HTTPS secured on default. If you want to mimic the same result for an on-premise environment you should define the valid SSL settings, as explained in this [[Q&A>>https://my.emagiz.com/p/question/172825635700357186||target="blank"]].
27 +Ensure that the directory to which you reference is the same as in your functional file outbound channel adapter.
33 33  
34 -Apart from that aspect of security, we should also consider how clients that call the SOAP Web service will authenticate themselves upon entry. Within eMagiz, we advise a two-step approach. Each client that wants to call your SOAP Webservice should:
29 +[[image:Main.Images.Microlearning.WebHome@novice-file-based-connectivity-header-line--file-outbound-channel-header-line.png]]
35 35  
36 -* Send along a client certificate
37 -* Send along an API key in a SOAP Header that references to the word apiKey (i.e. apiKey)
31 +Now it is time to turn our attention to the Advanced tab. For the Mode select Ignore. Select this option to ensure that the header line is only written down once when there is no output created yet and not somewhere in the middle, in the end, or every time. Furthermore, select the option Append New Line to ensure that the remainder of the information is not appended to the same line.
38 38  
39 -To verify both parts some configuration is needed. The first aspect, checking for a valid client certificate is done on cloud level. For more information on how to exactly configure this please take a look at the microlearning [Securing a hosted web service with certificates in the eMagiz Cloud](intermediate-securing-your-data-traffic-securing-a-hosted-webservice-with-certificates-in-the-emagiz-cloud.md).
33 +[[image:Main.Images.Microlearning.WebHome@novice-file-based-connectivity-header-line--file-outbound-channel-header-line-advanced.png]]
40 40  
41 -In this microlearning, we will focus on the second part of the configuration.
35 +After you have done so we need to add a standard transformer that defines the various column names to be written to the flat file output. To do so add the standard transformer component to the canvas including an input channel. After you have done so define the relevant SpEL expression. In this case, we advise using a property value that represents a string of column names. The value of the property should be something as follows:
42 42  
43 -=== 3.1 API Key verification ===
37 +'Header1;Header2;Header3;Header4'
44 44  
45 -To verify whether the client has sent a valid API Key we need to change the configuration within the entry flow in the Create phase of eMagiz. The configuration consists of three steps:
39 +Do note that the separator, in this case, needs to match the requirements of the external system. At the flow configuration level, the standard transformer should look as follows.
46 46  
47 -* Get value from SOAP Header
48 -* Check value against a list
49 -* Respond based on results
41 +[[image:Main.Images.Microlearning.WebHome@novice-file-based-connectivity-header-line--define-columns-names.png]]
50 50  
51 -==== 3.1.1 Get value from SOAP Header ====
43 +Our last step is to ensure that this piece of logic is tied to the main flow and is executed before writing the functional line(s) to the output file. To make that happen we need to add a wiretap to the flow. With the help of this functionality, you can define which part of the logic takes precedence over another part of the logic. To do so double click on the channel on which you want to place a wiretap, select the option wiretap and select the correct wiretap channel. After you have done this the result should be something as follows:
52 52  
53 -Let us move to the entry flow by going to the Create phase of eMagiz, opening the correct flow, and entering "Start Editing" mode. After you have done so we need to add a support object to the flow. The support we need is called 'Complex SOAP header mapper'. In this component, we need the bottom section.
45 +[[image:Main.Images.Microlearning.WebHome@novice-file-based-connectivity-header-line--wiretap-result.png]]
54 54  
55 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--complex-soap-header-mapper.png]]
47 +With these couple of steps, you have now successfully added logic to your flow that will ensure that a header line is added before any functional line(s) are written to the output file.
56 56  
57 -Here we define a new header by entering a name and a valid XPath expression.
49 +== 4. Assignment ==
58 58  
59 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--complex-soap-header-mapper-config.png]]
51 +Configure an exit in which you define and write a header line to a flat-file output before adding functional lines.
52 +This assignment can be completed with the help of the (Academy) project that you have created/used in the previous assignment.
60 60  
61 -When you are satisfied you can press Save twice to store the support object. After we have configured the support object we need to link it to our web service inbound gateway. To do so open the component, navigate to the advanced tab and select the Header mapper you have just created.
54 +== 5. Key takeaways ==
62 62  
63 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--link-complex-soap-header-mapper.png]]
56 +* The header line contains the names of the columns of the flat file output
57 +* Use the Ignore mode to ensure the header line is created once
58 +* Use the wiretap to ensure the header line is created first
64 64  
65 -==== 3.1.2 Check value against list ====
60 +== 6. Suggested Additional Readings ==
66 66  
67 -Now that we placed the value the client has entered in the apiKey SOAP header on our message we can check whether the value exists in a list of predefined valid values. To do add two headers to the standard header enricher component in your flow. The first one ensures that the apiKey is removed from the header (to prevent the API key from being publicly seen by others). The second one searches for the client name that corresponds with the apiKey and returns the name of the client in the header. This search action is done with the help of a SpEL expression, more on that later on. In this case the SpEL expression we use is set up as follows:
62 +There are no suggested additional readings on this topic
68 68  
69 -{{code}}headers['spwbsrv_apiKey'] != null and {${authentication.api-keys}}.contains(headers.spwbsrv_apiKey) ? {${authentication.tenant-ids}}[{${authentication.api-keys}}.indexOf(headers.spwbsrv_apiKey)] : null{{/code}}
64 +== 7. Silent demonstration video ==
70 70  
71 -With this SpEL expression, we check whether there is an API key and whether that apiKey can be found in a predefined list. If so we search for the corresponding name based on the index of where a certain apiKey is within the list. If not the header is not created. Combining this logic in one component should look similar to the following.
66 +This video demonstrates how you could have handled the assignment and gives you some context on what you have just learned.
72 72  
73 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--check-headers.png]]
68 +{{video attachment="novice-file-based-connectivity-header-line.mp4" reference="Main.Videos.Microlearning.WebHome"/}}
74 74  
75 -==== 3.1.3 Respond based on results ====
76 -
77 -After we have searched for the API key in the list and we have defined the client that is sending the information (or not) we can respond to the client whether or not the client is authorized to call our SOAP web service. To execute this check we first need a standard filter component. In this component, we will check whether the spwbsrv_client header we have just created is not null.
78 -
79 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--standard-filter.png]]
80 -
81 -If it is indeed not null we can pass the empty message back to the client telling the client that the message was delivered successfully. If the header is null we need to tell the client that he/she is unauthorized to call the operation. To do so we need to add a component called 'custom error message activator'. In this component, we define the message we want to give back to the client in case of an error. In this case, we simply give back 'Unauthorized'.
82 -
83 -[[image:Main.Images.Microlearning.WebHome@novice-soap-webservice-connectivity-securing-your-soap-webservice--custom-error-message.png]]
84 -
85 -With all this done we have successfully secured our SOAP web service according to the best practices.
86 -
87 -== 4. Key takeaways ==
88 -
89 -* Crucial parts in the configuration are:
90 - ** Operation Name
91 - ** SOAP Webservice Namespace
92 - ** Validation
93 - ** Authentication
94 -* Hosting your SOAP web service in the eMagiz cloud results in standard HTTPS
95 -* Use a combination of client certificate + API key for authentication
96 -
97 -== 5. Suggested Additional Readings ==
98 -
99 -* [[Novice (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Novice.WebHome||target="blank"]]
100 -** [[SOAP Web service Connectivity (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.WebHome||target="blank"]]
101 -*** [[Configure your SOAP web service (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-configure-your-soap-webservice-gen3.WebHome||target="blank"]]
102 -*** [[Validate Incoming Messages (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-validate-incoming-messages-gen3.WebHome||target="blank"]]
103 -*** [[Endpoint Check (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-endpoint-check-gen3.WebHome||target="blank"]]
104 -*** [[SOAP Headers (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-soap-headers||target="blank"]]
105 -*** [[Calling a SOAP Web service (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-calling-a-soap-webservice||target="blank"]]
106 -*** [[Authorization - Calling a SOAP Webservice (Explanation)>>doc:Main.eMagiz Academy.Microlearnings.Novice.SOAP Web service Connectivity.novice-soap-webservice-connectivity-authorization-calling-a-soap-webservice||target="blank"]]
107 -* [[Intermediate (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.WebHome||target="blank"]]
108 -** [[SOAP Web service Connectivity (Navigation)>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.SOAP Web service Connectivity.WebHome||target="blank"]]
109 -* [[Expert (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Expert Level.WebHome||target="blank"]]
110 -** [[Webservice Security (Menu)>>doc:Main.eMagiz Academy.Microlearnings.Expert Level.Webservice Security.WebHome||target="blank"]]
111 -
112 -
113 113  )))((({{toc/}}))){{/container}}{{/container}}