Layer7 API Management

Expand all | Collapse all

API Gateway assertion based on header information

Jump to Best Answer
  • 1.  API Gateway assertion based on header information

    Posted 05-02-2017 07:57 AM

    Hi,

     

    I have created a REST webservice and added it to API gateway. I am trying to restrict access to the webservice based on the header information coming from request. 


    I am using Regular Expression Properties and checking for the username in header information. In the next step I am trying to check if the username matches with particular format/name if its success then direct to the webserivce else send error message.

     

    I am new to the API management and looking for following things:
    1.  How regular expression works and i do not see much information in the documentation. In this case i want to restrict access based on the user name. Please see the screenshot 1.
    2.  I have configured the logs but not able to see anything in the logs in API gateway, do I need to configure anything else?

    3. How to debug the assertions step by step in API Gateway?

     

     

    I do not want to user OAuth or HTTP basic authorization for different reasons.

    What i am doing is not the right way,  then please guide me.

     

    Note: Please see the screenshots.

    Thanks.



  • 2.  Re: API Gateway assertion based on header information
    Best Answer

    Posted 05-02-2017 06:06 PM

    Good afternoon,

     

    I've reviewed your post and there are a few modifications to what you are attempting to do.

     

    1.  How regular expression works and i do not see much information in the documentation. In this case i want to restrict access based on the user name. Please see the screenshot 1.

    Response: To check if value exists for a particular context variable, use the Compare assertion to check if the variable is blank and/or that the variable is equal to johnny. You can remove the Regular expression assertion from the first line.

    Assertion XML snippet:

    <?xml version="1.0" encoding="UTF-8"?>
    <wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
        <wsp:All wsp:Usage="Required">
            <L7p:ComparisonAssertion>
                <L7p:CaseSensitive booleanValue="false"/>
                <L7p:Expression1 stringValue="${request.http.parameter.username}"/>
                <L7p:Operator operatorNull="null"/>
                <L7p:Predicates predicates="included">
                    <L7p:item dataType="included">
                        <L7p:Type variableDataType="string"/>
                    </L7p:item>
                    <L7p:item binary="included">
                        <L7p:Negated booleanValue="true"/>
                        <L7p:Operator operator="EMPTY"/>
                        <L7p:RightValue stringValue=""/>
                    </L7p:item>
                    <L7p:item binary="included">
                        <L7p:RightValue stringValue="johnny"/>
                    </L7p:item>
                </L7p:Predicates>
            </L7p:ComparisonAssertion>
        </wsp:All>
    </wsp:Policy>

     

    2.  I have configured the logs but not able to see anything in the logs in API gateway, do I need to configure anything else?

    Response: You can add in the audit detail assertion to see in the audit log and ssg log what transpired.

     

    3. How to debug the assertions step by step in API Gateway?

    Response: You can use either the policy debugger or debug tracing as outlined in this documentation link: Debug a Policy - CA API Gateway - 9.2 - CA Technologies Documentation 

     

    Sincerely,

     

    Stephen Hughes

    Director, CA Support



  • 3.  Re: API Gateway assertion based on header information

    Posted 05-03-2017 12:55 AM

    Thank you Stephen , once I removed the regular expression, it started working.