I am new to Camel. I have a working project that receives a request in one format, then route it to a different server. As part of this routing, I need to create the authentication header using a combination of username and password.
The result header should be (I have generated the base64 manually, and hard-coded for now):
<camel:setHeader headerName="Authorization"><camel:simple>Basic YWRtaW46YWRtaW4=</camel:simple></camel:setHeader>
So, I need a way to transform a combination of plain username + password into base64, and add them into Camel configuration. Please note I don't have Java code in the application, only XML code.
Thank you!
One possible solution is to use the Groovy language to populate the Authorization header, eg:
.setHeader("Authorization").groovy(myExpr)
As far as I known, Groovy's GDK provides methods to Base64-encode strings:
def s = 'userid:password'
String encoded = s.bytes.encodeBase64().toString()
Related
I have an application written in angularjs and a dropwizard backend. All API calls are ajax, with the exception of file downloads, which is done by performing a redirect to a standard GET request.
All API calls are secured through a token which is passed as a Token header. We use SSL for all APIs.
The download GET request works but I'm having a hard time figuring out how to secure it. I have no way of setting a custom header, which is required to pass the token. So theoretically, I'm left with two options, clearly none of them acceptable: 1. Pass the token as one the GET parameters 2. Leave the download unsecured.
Any ideas how to secure file download?
Putting a secret token in a URL query parameter isn't great because URL tend to be leakable, for example through history/logging/referrers. There are ways to mitigate this: for example you could have the server side issue a download token that is only good for one use or for a limited amount of time. Or the client could pass a time-limited token created using a signature over the secret token that the server side could verify.
Alternatively you could, just for this one interface (eg path-limited, quitckly-expiring) put the token in a cookie.
Another approach is to download the whole file through AJAX, thus allowing you to set the header as normal. Then you have to present the content as a downloadable local resource, which requires a cocktail of browser-specific hacks (eg using data: or filesystem: URLs, and potentially links with the download attribute). Given the complication this isn't usually worth bothering with, especially if the file is very large which may present further storage constraints.
I have a simple java call out to decode a base64 string. The java looks like this
import javax.xml.bind.DatatypeConverter;
public final class DecodeBase64 {
public static byte[] decode(String base64string) {
return DatatypeConverter.parseBase64Binary(base64string);
}
}
Then I was thinking that since DatatypeConverter.parseBase64Binary is static why not call it directly. This way I can avoid having to deploy my jar.
I cannot however seem to find a way to call a core java class from the OSB java callout.
Is this possible? Is it even feasible?
I don't believe it would be possible to make that, as you can see from the documentation on Java Callouts, you first need to specify the .jar that you will use to make the callout. There's likely a ton of existing libraries, etc., in the classpath in OSB that Oracle et al wouldn't want to blindly expose, but I think you should be able to import and use in a .jar pretty easily.
Section 21.20 - Adding Java Callouts - http://docs.oracle.com/cd/E14571_01/doc.1111/e15867/proxy_actions.htm#i1321171
if you are looking to do Base64 conversion for setting Basic authorization while calling an external system or validating the input authorization header, then OSB has an inbuilt feature called "Service Accounts" which when combined with Business services / proxy services can convert your username / password into a Base64 format.
if you are looking to convert data into Base64 format for some other reason, then i am afraid, you cannot do so in OSB without making a java callout.
This is not possible . You have to import the jar
I want to call the twilio voice API without providing the URL.
Normally you would do it like this using python:
call = client.calls.create(url="http://demo.twilio.com/docs/voice.xml",
to=request.receiver,
from_=sender_number)
Instead of providing the URL I want to provide the XML-String. Is that somehow possible?
Background:
I'm generating the XML via a google cloud endpoints api. The response is in JSON format and a variable contains the XML. I need to parse the JSON to get the XML.
Sounds like you could use the echo Twimlet.
https://www.twilio.com/labs/twimlets/echo
Echo will just output whatever TwiML is passed into it via the URL. It is useful for building stateless, outbound apps, where arbitrarily complex content of the call is pre-generated and just passed into the REST API to initiate a call.
Example: http://twimlets.com/echo?Twiml=%3CResponse%3E%3CSay%3EHi+there.%3C%2FSay%3E%3C%2FResponse%3E
Twilio Evangelist here. I'm afraid you cannot do this, however there are a number of solutions. If your call doesn't require any dynamic XML, you can host it on S3, or a similar service (I use Dropbox public links quite a lot).
If you do need dynamic XML, then we have a whole bunch of tutorials that can help you get setup with a simple web application.
Hope this helps!
in the official trigger.io docs there seems to be no provision for custom http headers when it comes to the forge.file module. I need this so I can download files behind an http authentication scheme. This seems like an easy thing to add, if support is not already there.
any workarounds? any chance of a quick fix in the next update? I know I could use forge.request instead, but I'd like to keep a local copy (saveURL).
thanks
Unfortunately the file module just uses simple "download url" methods rather than a full HTTP request library, which makes it a fairly big task to add support for custom headers.
I've added a task to our backlog for this, but I don't have a timeframe for it being added.
Currently on iOS you can do basic auth by using urls in the form http://user:password#url.com in case that helps.
Maybe to avoid this you can configure your server differently, or have a proxy server in front that allows you to pass authentication details as get parameters?
I'm not aware of a solution for implementing custom persistent vanity URLs (my term, not sure if thats what they're really called) in DotNetNuke. Does anyone know of a solution? It can be configuring the core, using a third party module, or a suggestion of how to write it from scratch.
Here is what I'm thinking:
I want to point people to: http://mywebsite.com/awesome
I want the underlying URL to be http://mywebsite.com/genericpage.aspx?key=awesome&etc=etc
I don't want the URL to redirect. I want the user to see http://mywebsite.com/awesome only.
Essentially I'd envision an administrator being able to create these vanity URLs and specify what the vanity URL is and what the underlying URL is.
The closest thing, out of the box, is to define your friendly urls in SiteUrls.config found in the DotNetNuke root.
This way:
you point people to:
http://mywebsite.com/awesome.aspx
you have an underlying URL
http://mywebsite.com/Default.aspx?tabid=ID&etc=etc
users see:
http://mywebsite.com/awesome.aspx
Main restriction is that you will have an .aspx extension.
SiteUrl.config rules look like this:
<RewriterRule>
<LookFor>.*/awesome.aspx</LookFor>
<SendTo>~/default.aspx?tabid=ID&etc=etc</SendTo>
</RewriterRule>
Rewriter rule matches incoming url to a regular expression in the LookFor section, and sends it to an underlying url in the SendTo section. You need to be careful with the XML escape character '&' in the querystring parameters.
3rd party extensions like URL Master provide much more fine grained control, and you can have a global friendly url scheme based on page names, with or without .aspx extensions. Nevertheless, a simple "one url at a time" approach can be safer if you have custom modules with URL dependencies.
ActiveSocial supports these and I thought I saw something about support for this in Version 2.x of IFinity's URL Master, but I can't find anything on it now.