Layer7 API Management

Expand all | Collapse all

Websocket Connection Error Handling

  • 1.  Websocket Connection Error Handling

    Posted 04-03-2017 11:17 AM

    We have a use case to fail an incoming websocket connection if the clients token is expired. We would like to return a 500 exception message with a security exception code which will prompt the user to relogin. Using the http error handling with stop processing seems to just drop the connection. How can we gracefully handle this use case?

     

    Thanks



  • 2.  Re: Websocket Connection Error Handling

    Posted 04-04-2017 02:19 PM

    Toni,

    Would you be able to post what your current policy looks like. Maybe one of our experts who have worked in these may be able to assist.


    Thanks.



  • 3.  Re: Websocket Connection Error Handling

    Posted 04-04-2017 04:49 PM

    Hey Mohindra

     

    Here is a sample policy configured on the "inbound Policy" component of the websocket:

     

    ==========

     

    <?xml version="1.0" encoding="UTF-8"?>
    <wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
    <wsp:All wsp:Usage="Required">
    <L7p:CustomizeErrorResponse>
    <L7p:Content stringValue="Security Exception: Error Code 5130001"/>
    <L7p:ExtraHeaders nameValuePairArray="included"/>
    </L7p:CustomizeErrorResponse>
    <L7p:ComparisonAssertion>
    <L7p:CaseSensitive booleanValue="false"/>
    <L7p:Expression1 stringValue="${request.url.host}"/>
    <L7p:Operator operatorNull="null"/>
    <L7p:Predicates predicates="included">
    <L7p:item dataType="included">
    <L7p:Type variableDataType="string"/>
    </L7p:item>
    <L7p:item binary="included">
    <L7p:CaseSensitive booleanValue="false"/>
    <L7p:RightValue stringValue="casupporttest.com"/>
    </L7p:item>
    </L7p:Predicates>
    </L7p:ComparisonAssertion>
    </wsp:All>
    </wsp:Policy>

     

    =====================

     

    It simply checks to see if the host is casupporttest.com before continuing processing. If this fails, the connection simply gets dropped and there is no response body noticed on the app with a reason for the failure.

     

    Thanks



  • 4.  Re: Websocket Connection Error Handling

    Posted 06-06-2017 11:43 AM

    Hey

     

    Just following up for any insights.

     

    Thanks



  • 5.  Re: Websocket Connection Error Handling

    Posted 06-08-2017 02:37 AM

    Dear tonyogidi,

    The response of "inbound policy" will be exactly sent to backend websocket server, not the requestor.

    You may try "connection policy".

    For gw9.2, "connection policy" is OOTB, for other version, you may need to open support ticket to require the tactical websocket assertion.

     

    For more details about  "connection policy", please refer to,

    Manage WebSocket Connections - CA API Gateway - 9.2 - CA Technologies Documentation 

     

    Regards,

    Mark



  • 6.  Re: Websocket Connection Error Handling

    Posted 06-09-2017 11:28 AM

    Hey Mark

     

    The issue is that if the inbound policy fails due to a policy violation, the gateway closes the connection without sending a response to the mobile app. We want to be able to send an exception back so the mobile app can make intelligent decisions based on the reason for the failure.

     

    Thanks



  • 7.  Re: Websocket Connection Error Handling

    Posted 06-23-2017 02:50 AM

    Dear tonyogidi,

    Exception/error raised in connection policy will reject the connection.

    You may try to validate the token in connection policy, and use customize error response assertion to return error.

     

    Regards,

    Mark