Hi,
Using the Java API to push resources to the registry of APIM 2.0.0 fails. The
same code used against APIM 1.10.0 succeeds.
Example code to reproduce is of the sort
> public class RegClient {
> public static void main (String args[]) throws RegistryException,
> MalformedURLException {
> System.out.println("Accessing Registry Resource");
>
> String tenantDomain = “mytenant.com <http://mytenant.com/>";
> String url = "https://localhost:9443/t/
> <http://gatewaymgt.api.cloud.wso2.com/t/>"+tenantDomain+"/registry";
> String userName = “ad...@mytenant.com
> <mailto:p...@spidasolutions.com>";
>
> String password = “admin";
>
> System.setProperty("carbon.repo.write.mode", "true");
>
>
> //Get the file which needs to be added to the registry
> File file = new File(“/home/bob/Desktop/myPayload.json");
> RemoteRegistry remote_registry = new RemoteRegistry(new URL(url),
> userName, password);
>
> //Import the file to config registry
> RegistryClientUtils.importToRegistry(file ,"/_system/config"
> ,remote_registry);
>
> //Export from registry
> //RegistryClientUtils.exportFromRegistry(file
> ,"/_system/governance/SomePayload.json" ,remote_registry);
>
> System.out.println("Done");
> }
>
> }
the call to RegistryClientUtils.importToRegistry(file ,"/_system/config"
,remote_registry); will fail.
Regards,
Alan
Typical exception is:
Caused by: org.wso2.carbon.registry.core.exceptions.RegistryException: Add
resource fail. Suggested Path:
/_system/governance/apimgt/applicationdata/customdata/somedata, Response
Status: 403, Response Type: CLIENT_ERROR
at
org.wso2.carbon.registry.app.RemoteRegistry.put(RemoteRegistry.java:543)
at
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:113)
at
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102)
at
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102)
at
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102)
at
org.wso2.carbon.registry.core.utils.RegistryClientUtils.importToRegistry(RegistryClientUtils.java:65)
And in the APIM log we see typically
[2016-08-18 15:57:34,699] WARN - JavaLogger potential cross-site request
forgery (CSRF) attack thwarted (user:, ip:127.0.0.1, method:POST,
uri:/registry/atom/_system/governance/apimgt/applicationdata/customdata/somedata,
error:required token is missing from the request)
<http://www.spidasolutions.com/>
Alan Tucker <mailto:a...@spidasolutions.com>
Spida Solutions <http://spidasolutions.com/>
London • Bath • UK
+44 (0)78 0308 4376
+44 (0)12 4981 5081
www.spidasolutions.com <http://spidasolutions.com/>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev