On Tue, Jul 2, 2013 at 9:46 AM, Udayanga Wickramasinghe <
[email protected]> wrote:
> converting
Thanks for the response Udayanga! I was indeed able to handle this without
meddling with the axis2 code.
This is how i did it.
1) Introduced a new transports property to api configuration xml (If a
transport is not listed in the api, it will be assumed, the API is
accessible via both HTTP and HTTPs)
2) Introduced a validation in the canProcess method to see if the transport
with which the api is accessed is listed in the transports section of said
api.
3) If its a restricted transport and canProcess returns false, a warning
will be listed on console and a property will be set in the synapse context
to indicate transport was rejected.
4) Message will be directed to main sequence as usual, the user may include
a filter mediator in the main sequence to display a custom error message
using the variables added to synapse/axis2 context. Pls. refer below
example.
E.g.
<!-- Filter for handling Rest-API access via unauthorized transports -->
<filter source="$ctx:TRANSPORT_DENIED" regex="true">
<payloadFactory>
<format>
<fault>
<code>403</code>
<type>Status report</type>
<message>Forbidden</message>
<description>Unsupported Transport $2. The
requested resource (/$1) is not available.</description>
</fault>
</format>
<args>
<arg expression="$axis2:REST_URL_POSTFIX"/>
<arg expression="$ctx:IN_TRANSPORT"/>
</args>
</payloadFactory>
<property name="HTTP_SC" value="403" scope="axis2"/>
<property name="RESPONSE" value="true"/>
<header name="To" action="remove"/>
<property name="NO_ENTITY_BODY" scope="axis2" action="remove"/>
<property name="ContentType" scope="axis2" action="remove"/>
<property name="Authorization" scope="transport"
action="remove"/>
<property name="Host" scope="transport" action="remove"/>
<property name="Accept" scope="transport" action="remove"/>
<send/>
</filter>
Thanks,
Ruwan Yatawara
