I am writing a mediation sequence for APIM v 2.6. The point is to extract Authorization
headers for further processing. Based on this documentation , I thought of the following:
<?xml version="1.0" encoding="UTF-8"?>
<sequence name="ExtractAuthorization2EndPoint" trace="disable" xmlns="http://ws.apache.org/ns/synapse">
<property expression="get-property('axis2', 'TRANSPORT_HEADERS')" name="basic_auth" scope="axis2"/>
<log level="full">
<property expression="get-property('basic_auth')" name="captured_headers"/>
</log>
</sequence>
Reading the logs, I get captured_headers = null
TID: [-1234] [] [2020-01-09 13:46:44,178] INFO {org.apache.synapse.mediators.builtin.LogMediator} - To: /somewhere, MessageID: urn:uuid:e9fc50db-5a7b-41d1-9613-80b215633bcd, Direction: request, captured_headers = null, Envelope: <?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope"><soapenv:Body/></soapenv:Envelope> {org.apache.synapse.mediators.builtin.LogMediator}
How can I capture the headers (more specifically, the Authorization
) of the incoming request?
get-property('transport','Authorization')
$trp:Authorization
Authorization Header is used in API Manager for internal authorization purposes only, and that header is normally removed from the outgoing request(from APIM gw to backend) before it is sent to backend. This happens at APIAuthenticationHandler level. And the custom in sequence you attached to API will be executed after the APIAuthenticationHandler. You may refer the message flow diagram in [1] for a better understanding.
Now let's see how this APIAuthenticationHandler is applied by default on the API's synapse file. (You may find this at /repository/deployments/server/synapse-configs/api folder)
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler">
<property name="RemoveOAuthHeadersFromOutMessage" value="true"/>
<property name="APILevelPolicy" value=""/>
<property name="APISecurity" value="oauth2"/>
</handler>
You can modify the above handler as below and enforce to keep the Oauth header in the outgoing message.
<property name="RemoveOAuthHeadersFromOutMessage" value="false"/>
After modifying the API's synapse you may see a log like below in the console.
INFO - APIDeployer API: admin--PizzaShackAPI:v1.0.0 has been updated from the file: /wso2am-2.6.0/repository/deployment/server/synapse-configs/default/api/admin--PizzaShackAPI_v1.0.0.xml
Now, try invoking the API. You should be able to log the Authorization header.
[1]. https://docs.wso2.com/display/AM210/Message+Flow+in+the+API+Manager+Gateway
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.