How to automatically redirect access denied requests in tRestRequest

Six Stars

How to automatically redirect access denied requests in tRestRequest

I've created a web service that I'm running in the Talend Open Studio ESB Runtime environment. I used the tRestrequest component and set the "Use Authentication" to Basic HTTP. Everything is working well.
What I'm trying to do is catch the requests that are denied access (http status code: 403) and automatically redirect them to a default URL.
Is there a way of doing this?
- ESB runtime configuration
- catch tRestRequest "rejects" and send a response using tRestResponse
Employee

Re: How to automatically redirect access denied requests in tRestRequest

Hi
tRESTRequest has onWrongRequest flow which captures all the escaped exceptions - you can check the status there and return a response with a custom Location header
HTH, Sergey
Six Stars

Re: How to automatically redirect access denied requests in tRestRequest

That is exactly what I needed to know! 
Thanks for the fast reply.
Six Stars

Re: How to automatically redirect access denied requests in tRestRequest

I tried it out. I'm now able to catch the wrong calls (even when not authorized), however the headers I define in the tRestResponse are not passed. Only if it follows a defined output flow (tRestRequest). 
I tested it out and the issue seems to be that the headers set in the "Response Headers" under advanced setting on the tRestResponse component don't get set if following a "wrong call" flow.
Can anyone confirm the same behavior? is so, I can enter it as a defect. Otherwise, it must be something that I'm doing wrong on my end.
    
Six Stars

Re: How to automatically redirect access denied requests in tRestRequest

I have tested this out in the Studio and verified in the generated code that the headers are being added to the response. However, the console output doesn't indicate the correct headers. However, the payload and status code are correct.
INFO: Outbound Message
---------------------------
ID: 1
Response-Code: 301
Content-Type: application/xml
Headers: {Content-Type=, Date=}
Payload: <?xml version="1.0" encoding="UTF-8"?>
<root><uri>r</uri><method>GET</method><status>404</status><error>HTTP 404 Not Found</error></root>
--------------------------------------
Six Stars

Re: How to automatically redirect access denied requests in tRestRequest

NOTE: In order to make a redirect work using the Location header, the status code needs to be a 3xx for the browsers to use it.
It still doesn't work.
Employee

Re: How to automatically redirect access denied requests in tRestRequest

Sorry I did not get the notifications...
Hmm, this response is wrong:
<root><uri>r</uri><method>GET</method><status>404</status><error>HTTP 404 Not Found</error></root>
If it is a redirect then returning the body is not correct, how to you process the authorization failure ?
Cheers, Sergey
Six Stars

Re: How to automatically redirect access denied requests in tRestRequest

Sergey - I think you misunderstood me. I'm trying to handle the Wrong Calls by sending back a payload message that explains the error (in the case you references, a bad path) and then to redirect by adding a status code of 3xx and a header with the Location set to our login page.
The issue seems to be that the Wrong Call flow works fine and the response is sent back, however, the headers that I set in the tRESTResponse component are being ignored (or overwritten). I would think that a tRESTResponse would use the custom headers defined in the component regardless of the flow (e.g.: Wrong Call).
 I searched through the component plugin code (jet files) and couldn't find where the headers are being ignored. When I debugged the flow, the global response object has the custom headers in it, but they're just not sent.
Employee

Re: How to automatically redirect access denied requests in tRestRequest

What do you mean and "...then to redirect" ? You are sending a 404 first so that has gone out to the client, when do you follow up it with 301, and who is receiving this 301 if the client has already got the response back by now ?
Sergey
Six Stars

Re: How to automatically redirect access denied requests in tRestRequest

For now forget the 404. I was just using it to test the wrong call flow.
The situation is like this...
1. Client (browser) call the rest endpoint with a bad SAML token in the header (e.g.: Authorization: SAML xxxddccvv1234).
2. The tRESTRequest is set to authenticate using SAML.
3. The tRestRequest denies access (403) and the Wrong Call flow is used
4. The Wrong Call flow is connected to a tXMLMap component that builds the xml document for the payload. 
5. The output from the tXMLMap is connected to the tRestResponse
6. tRestResonse is configured as follows:
   a. schema - document
   b. return code - custom : 403
   c. headers - Location: http://:8040/services/login
7. The client receives the response with the payload and correct status code, but Location is not in the header
Employee

Re: How to automatically redirect access denied requests in tRestRequest

Well that was confusing, you talking about redirects but posting some 404 examples...
Now, as I said, returning Location alongside the response seems wrong to me so please try to return some non standard custom header,
example "MyHeader" - this will help to see if Jetty is blocking Location when body is also returned or not.
If "MyHeader" is not returned - please open a TESB issue that a Wrong Call handler loses custom headers.
Six Stars

Re: How to automatically redirect access denied requests in tRestRequest

I have tested it without the Location in the header. Any custom headers that are sent using the WrongCall flow are lost. Even if the status code is 200.
I'll opened a bug:  TESB-17054.
Employee

Re: How to automatically redirect access denied requests in tRestRequest

Thank you for spotting this issue
Sergey