We are using CXF2.5.2 in PROD, our wsdl url can go down anytime ,So while calling cxf service ,as it validates wsdl from the url ,it fails if the wsdl url is offline.
Is there any way ,can it be switched off to validate wsdl url while calling the service other than keeping wsdl in local .
Related
I want to call External REST API in my Domain Service, what is the best way to do that in abp framework, and where I can put this API Url and how to get it in my Domain Service?
ABP Framework version: v5.3
Project Type: MVC
You can simply use a http client, like RestSharp (https://restsharp.dev/) to be able to call an external api.
Since the api url might change, you can add it in the appsettings.json file and inject Microsoft.Extensions.Configuration.IConfiguration into your domain service constructor.
The architecture of the web project is as follows:
There is a Spring MVC restful web service running to serve HTTP restful APIs.
A node.js express service is running to serve web pages with AngularJS. It also offers some HTTP resful service for the AngularJS to call, which bascially calls the Spring Restful API and returns the result to the front end AngularJS.
The call flow is:
The AngularJS on the page initiates API calls to the express restful service.
Then the express service calls the Spring MVC restful service to get the needed results.
The express service returns the result to the front end AngularJS. Before getting back to Angular, it can post-process the data in order to fit the need of front end.
How can I only allow the users who logged in at the front end (also by calling the login restful API) to make subsequent calls to other services offered by the Spring MVC restful service?
The tricky thing is that the front end (AngularJS + Express which serves the page and also proxies the service call to Spring Restful) and the back end (Spring Restful service) are separated parts. So I am not sure if Spring Security can do the job. Or can I use some other way? Your thoughts will be greatly appreciated.
As soon as a user logs in to the system, you can add his session id in some cache(application level variables) in Spring side. Now send this session id back to the user after he has logged in. The user at the client side should store this session id in his webstorage (sessionstorage or localstorage). Now for each rest service call, pass the session id along with the data to the server.
Spring side when receiving the request should first check for the sessionId, validate the session id with the ones stored in the cache.
This way you can make sure only logged in users are accessing the rest service.
I have an app where in the Camel context I have defined a CXFRS endpoint for a publishing REST API. A snippet from the Camel route:
from("cxfrs:http://localhost:18080?resourceClasses=com.example.RestService&bindingStyle=SimpleConsumer&providers=#jsonProvider")
.toD("direct:${header.operationName}");
I also need to publish a separate SOAP service (but hosted in the same app). The bean definition for the CXF endpoint is:
<!-- setting up a Camel CXF web-service -->
<cxf:cxfEndpoint id="orderEndpoint"
address="http://localhost:9000/order/"
serviceClass="camelinaction.order.OrderEndpoint"
wsdlURL="wsdl/order.wsdl">
</cxf:cxfEndpoint>
When loading the app with both, the SOAP service will work but the REST service will not. The connection is being refused at port 18080. This is solved by removing the endpoint for the SOAP service. I suspect that by wiring both endpoints, the SOAP endpoint is overriding defaults the REST endpoint needs. Is there anything that needs to be manually configured to use CXF and CXFRS in the same context?
Good Morning !!
We have a scenario where a client app hitting a intermediary service (REST - AAD Configured) , will be inturn routed to another Service Endpoint (REST - AAD Configured). While doing so, we are successful in gettting accesstoken at client layer after hit to intermediary service. Now, Intermediary Service should consume an API of another service which is AAD Configured. For doing so, we have made use of BootstrapContext - for which we have got just token but not security token. We did try by making use of same token to consume, but in vain that wasn't helpful.
Exception while consuming REST Service from Intermediary service is nothing but " AAD Login Page HTML " and status is 200 OK.
Kindly Suggest where we missed a piece and suggest needful.
P.S : I have added Intermediary Service in azure portal to client app to have access for consumption and Intermediary service has access to consume REST Service which needs to be consumed. Also, in all layers we are using latest nu-get package of ADAL.
Regards,
Jagadeesh
It sounds like you secured your API using the wrong authentication mechanism - unauthenticated or improperly authenticated API calls should never result in redirects or HTML pages. Also, the bootstrap token you receive is for the first service. The intermediate service should refuse that token as its audience is incorrect. See https://azure.microsoft.com/en-us/documentation/samples/active-directory-dotnet-webapi-onbehalfof/ for the proper pattern.
I have a web api hosted on Azure having Azure AD authentication configured and running properly (all controllers have the Authorized attribute).
The front-end runs AngularJS and authentication of the http requests is implemented by using the amazing ADAL JS library (adalAuthenticationServiceProvider).
Beside the web api I also have a SignalR hub that I'd like to 'protect'. More specifically I need to call (invoke) a method of the Hub from the AngularJS client code. Basically I need to have the Context.User populated in the Hub method.
Any idea how to also authenticate a SignalR invoke under these circumstances?
you can supply token on query parameter as suggested in https://auth0.com/blog/2014/01/15/auth-with-socket-io/ and then process token on your backend