Apigee Java Call Out Response - ntlm

In a standalone java code, using Apache HTTPClient libs, implementing the NTLM Authentication with SharePoint Server and accessing its Web Service and receiving the huge XML content as response. Now this final output is in String format. Created the Java Call Out Policy and uploaded all the jars.
I need some help here,
How to pass the java's final output response to Apigee's response.
My requirement is: If I hit the Apigee API Proxy then I need to receive the Java's output(String) as Apigee's response.
Which policy is more appropriate to handle this response.
Appreciate your help! Thanks in Advance.

You can use the javacallout policy to author custom java code. Here is a related post in SO: Working With JAVA Callout in apigee?
You can try
message.setContent(string) to create the content, and
messageContext.setResponseMessage(Message)
in java code to directly write to output.

Related

What is the fastest way to generate an POST or GET SOAP XML payload for SuiteTalk Web services?

Hopefully someone can help me.
I am currently using POSTMAN to run SOAP web service tests on NetSuite.
Annoyingly, I am having to generate the body of an XML request from scratch, and would really like a method whereby a basic template is generated for me, and I simply fill in the gaps. Creating an XML web request from scratch is prone to errors hence my question. I tried SOAPUI but it does not
Any ideas is most appreciated!
hope you remember me!! The easiest way would be to download any of the existing working SOAP web request from any running build and modify that to suit your need. There is no out of the box built in template that you could build on at least as per my knowledge. Please specify the record for which you are building the SOAP request
The easiest way is to not use POSTMAN.
I used to do a lot of this and what I'd do is:
generate the java client for SuiteTalk
install a recording proxy (I think WireMock does this -- the one I used to use doesn't seem to be around anymore)
use JUnit tests to hit SuiteTalk
in the test setup override the SSL config to ignore host name verification
test an API call
extract the complete working SOAP from the proxy logs
templatize the SOAP and use it where needed.

How to prevent ServiceStack from leaking private server information during 403 Forbidden Response

Servicestack Version: 3.9.71.0
Target Framework: .NET 3.5
Program background: has been in production use for over 3.5 years
Recently due to a customer security audit items were brought to our attention. All but one have been eliminated as IIS configuration changes.
The last item identified describes a situation in which the probing software accessed an endpoint without the proper authentication. This was fine and the expected result was the 403 Forbidden. The unexpected result was that the response body is displaying certain internal information of the server.
Based on quite a few articles I have searched it seams the the response body information being returned is a result of how Servicestack my be configured.
I realize this is a fairly older version of Service Stack. My preference would be to identify an IIS setting to override a forbidden response. Aside from that an option to just return a status code of 403 without the additional information. The third would be to create and use a custom 403 response object to control what is revealed.
Any guidance or help would surely be appreciated.. Thank you in advance.
ServiceStack v3 is a very old version of ServiceStack last updated in 2013. If you need to make any changes you'll need to create a custom build from its Sources
Looking at the v3 sources for how it resolves the ForbiddenHttpHandler:
ForbiddenHttpHandler = config.GetCustomErrorHttpHandler(HttpStatusCode.Forbidden);
It looks like you'll be able to override what HttpHandler is used by overriding the CustomHttpHandlers, e.g:
EndpointHostConfig.Instance.CustomHttpHandlers[HttpStatusCode.Forbidden] = MyHandler {...}

Node.Js : How to log a request's body without access to the Request object

I'm currently using a framework in Node.js ( the botbuilder module from Microsoft Bot Framework) which uses the request[2] module to make HTTP requests.
I'm encountering a problem : this framework seems to send a malformed JSON to Microsoft's servers, but I fail to see why and what is this JSON message made of.
So I'm looking for a way to log those messages, to take a peek at this malformed JSON, as I don't have access to the request object (unless I heavily alter the framework code, which is not something one shall do)
So far, I'm able to log the response body (by adding request to the NODE_DEBUG environment variable), but not the original request body. I did try a tcpdump on our server but since it's all HTTPS there's nothing I can use there.
Any idea / tool that might help ?
Thanks for your time.
Use Node.js middleware to log all your requests. For example, you could use the module request-debug.
Another popular request logging middleware worth knowing about is Morgan, from the Express.js server team.

Method not allowed when trying to access API methods via SOAP integration

Good day,
I'm having trouble calling DSAPI methods via SOAP ( C# Integration ). I keep getting 405 Method not allowed errors. So far I've tried calling the RequestTemplate and CreateEnvelopeFromTemplates methods, both of which fail. I was able to successfully retrieve the DSAPIServiceSoapClient object and also successfully login via the login method of the credential API. If you need more information, i'm ready to provide them. Thank you.
You're succeeding with the login, which is good.
My guess is that the other calls are not well formed. Perhaps they're missing the right base url (which you receive from the login call).
Are you switching to the different base url for your subsequent calls? (Different server name?)
I suggest that you try the API logging feature and see what it reports. It enables you to see a log of your API requests. See the Request Logging article for the classic DocuSign experience, or the new DocuSign UI.
i just needed to add the in the X-DocuSign-Authentication http header whenever i try to get a DSAPIClient object.

Difference between logging in into salesforce sandbox with and without consuming wsdl?

I am very new to Salesforce and it's API.
I am having a sandbox org and with it I have url, username, password, security token and last but not the least partner.wsdl
My aim was to connect and retrieve/create data.
Technologies at hand was nodejs
So here is how I started.
I searched over the internet and came to know that I need to create a client, SOAP client in order to login, create the connection and use that connection to create and access the Leads data.So I followed this sample where the wsdl was being consumed.
So I was able to connect
I was very happy on this success and then suddenly I wasn't able to identify/find a way where I can get the sObject.I looked hard for this but no luck. So posted a question on SO
Meanwhile I also looked for other node module and found jsforce
I used jsforce starting guide and created a client that was connecting to salesforce however without using the wsdl file.
Again I was happy, even more happy because I was having the sObject with me.
Now, what is the fundamental difference if I login using the local wsdl file and without wsdl file in the language of salesforce. Which one is the correct way of logging in?
Sorry if this question is not according to SO rules or if there is a typo.
I'm the author of jsforce you mentioned.
In that lib we use REST API mostly and SOAP APIs are only used in some specific calls like login or metadata. Even in such calls we don't use WSDLs because there's no good lib to generate client modules from WSDL in JavaScript/Node.js area. Instead we wrote modules for each APIs which generate SOAP XML strings and parse the response XML.
It is enough because these API message schema are static and fiesible in the specific version, unlike SOAP API Enterprise WSDL differs in organizations. So we can hard code the client module directly w/o generate it from WSDL.

Resources