Apigee OPTIONS 404 - cross-domain

I have been stumped by Apigee's CORS support. I setup a new proxy and made sure to tick the " Enable Direct Browser Access for Your API — Allow direct requests from a browser via CORS." box.
It appears that CORS is working for the normal GET requests, however pre-flight OPTIONS requests are not found and are returning a 404. I found this answer but was not able to resolve my problem because it seems like a different problem perhaps?
The main question I would like answered is how do I setup Access-Control-Allow-Origin=* for all requests? Even OPTIONS requests?
Proxy Endpoints
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
<Description/>
<Flows>
<Flow name="Forecast">
<Description/>
<Request/>
<Response/>
<Condition>(proxy.pathsuffix MatchesPath "/forecast") and (request.verb = "GET")</Condition>
</Flow>
</Flows>
<PreFlow name="PreFlow">
<Request/>
<Response/>
</PreFlow>
<HTTPProxyConnection>
<BasePath>/v1/weather</BasePath>
<VirtualHost>default</VirtualHost>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
</ProxyEndpoint>
Target Endpoints
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetEndpoint name="default">
<Description/>
<Flows>
<Flow name="OptionsCORS">
<Description/>
<Request/>
<Response>
<Step>
<Name>CrossOriginResourceSharing</Name>
</Step>
</Response>
<Condition>request.verb equals "OPTIONS"</Condition>
</Flow>
</Flows>
<PreFlow name="PreFlow">
<Request/>
<Response>
<Step>
<Name>CrossOriginResourceSharing</Name>
</Step>
</Response>
</PreFlow>
<HTTPTargetConnection>
<URL>https://home.nest.com/api/0.1/weather</URL>
</HTTPTargetConnection>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
</TargetEndpoint>
Add CORS File
<AssignMessage async="false" continueOnError="false" enabled="true" name="CrossOriginResourceSharing">
<DisplayName>Add CORS</DisplayName>
<FaultRules/>
<Properties/>
<Add>
<Headers>
<Header name="Access-Control-Allow-Origin">*</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
<Header name="Access-Control-Max-Age">3628800</Header>
<Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE, OPTIONS</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>
Just in case it helps- the following is the error I get when doing my request. I'm using Chrome and have an AngularJS app. I've been able to replicate the issue using a cURL statement as well
( curl -H "Origin: localhost" --verbose http://*********-prod.apigee.net/v1/weather/forecast/12345 -X OPTIONS )
{
"url": "/api/0.1/weather/forecast/73013",
"message": "404 Not Found"
}
Thanks!

In your proxy.xml you add one more flow specific to OPTIONS
<Flow name="OPTIONS">
<Description>This flow is for client side applications</Description>
<Response>
<Step>
<Name>CORSResponse</Name>
</Step>
</Response>
<Condition>(request.verb = "OPTIONS")</Condition>
<Request/>
</Flow>
Now the CORSResponse.xml Policy can be like below
<AssignMessage name="CORSResponse">
<AssignTo type="response" createNew="true" />
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<Set>
<Headers>
<Header name="Access-Control-Allow-Origin">yourdomain.com</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, x-source-ip, Accept, Authorization, User-Agent, Host, Accept-Language, Location, Referer</Header>
<Header name="Access-Control-Allow-Methods">GET, POST</Header>
</Headers>
<StatusCode>200</StatusCode>
</Set>
</AssignMessage>

The solution was to add a RouteRule that prevented the request from passing through to my API on OPTIONS requests.
<RouteRule name="NoRoute">
<Condition>request.verb == "OPTIONS"</Condition>
</RouteRule>
Additionally I added a flow that added CORS support to the response
<Flow name="OptionsPreFlight">
<Request/>
<Response>
<Step>
<Name>Add-CORS</Name>
</Step>
</Response>
<Condition>request.verb == "OPTIONS"</Condition>
</Flow>
And my Final Add-CORS policy
<AssignMessage async="false" continueOnError="false" enabled="true" name="Add-CORS">
<DisplayName>Add CORS</DisplayName>
<FaultRules/>
<Properties/>
<Add>
<Headers>
<Header name="Access-Control-Allow-Origin">*</Header>
<Header name="Access-Control-Allow-Headers">origin, x-requested-with, accept</Header>
<Header name="Access-Control-Max-Age">3628800</Header>
<Header name="Access-Control-Allow-Methods">GET, PUT, POST, DELETE</Header>
</Headers>
</Add>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<AssignTo createNew="false" transport="http" type="response"/>
</AssignMessage>

Related

Application Insights Multi-Step Availability Test Producing 411

I have created a WebTest via Fiddler which POST's to a public endpoint using the basic Authorization method. The call works fine in Fiddler/Postman however when I upload the following webtest as an Azure's Availablity test it fails, giving me a 411 error.
The Web Test:
<?xml version="1.0" encoding="utf-8"?>
<TestCase Name="FiddlerGeneratedWebTest" Id="" Owner="" Description="" Priority="0" Enabled="True" CssProjectStructure="" CssIteration="" DeploymentItemsEditable="" CredentialUserName="" CredentialPassword="" PreAuthenticate="True" Proxy="" RequestCallbackClass="" TestCaseCallbackClass="">
<Items>
<Request Method="POST" Version="1.1" Url="https://myapp.scm.azurewebsites.net/api/triggeredwebjobs/mywebjob/run" ThinkTime="0" Timeout="60" ParseDependentRequests="True" FollowRedirects="True" RecordResult="True" Cache="False" ResponseTimeGoal="0" Encoding="utf-8">
<Headers>
<Header Name="Authorization" Value="Basic JGRldi1sb2NhbGl0eS13ZWItam9iphYVJSN1o0QjlmUXBNZlhjcXJKSHd1RFpYNW1xWlE4MTNzRnRMMUpOc2JFNXVna3l2aWVhQ3pBNXJvYzg=" />
<Header Name="Content-Length" Value="0" />
</Headers>
<QueryStringParameters>
<QueryStringParameter Name="arguments" Value="health" UrlEncode="True" UseToGroupResults="False" />
</QueryStringParameters>
</Request>
</Items>
</TestCase>
The Error
Returned once the availability test fails:
> 1 primary requests, 0 dependant requests and 0 conditional rules failed
> Http Error (subtype '411 - LengthRequired') occured at 09/06/2018
> 05:49:45 (UTC) for Uri
> 'https://myapp.scm.azurewebsites.net/api/triggeredwebjobs/mywebjob/run?arguments=health',
> step #1 with the error '411 - LengthRequired'.
Any help would be greatly appreciated!

DRM playready license acquisition

i'm implementing a DRM server, so far HLS is working great but i have a problem with the playready key encryption, i know that i need to use the public key and License Nonce(IV) from the client request but i couldn't find the algorithm to encrypt it.
example from Microsoft playReady test server
client requst:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<AcquireLicense xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols">
<challenge>
<Challenge xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols/messages">
<LA xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols" Id="SignedData" xml:space="preserve">
<Version>1</Version>
<ContentHeader>
<WRMHEADER xmlns="http://schemas.microsoft.com/DRM/2007/03/PlayReadyHeader" version="4.0.0.0">
<DATA>
<PROTECTINFO>
<KEYLEN>16</KEYLEN>
<ALGID>AESCTR</ALGID>
</PROTECTINFO>
<KID>7987aj+eE0uBlXi0N73AQw==</KID>
<CHECKSUM>s1zZSs3Wwow=</CHECKSUM>
<CUSTOMATTRIBUTES>
<IIS_DRM_VERSION>7.1.1064.0</IIS_DRM_VERSION>
</CUSTOMATTRIBUTES>
<LA_URL>http://playready.directtaps.net/pr/svc/rightsmanager.asmx</LA_URL>
<DS_ID>AH+03juKbUGbHl1V/QIwRA==</DS_ID>
</DATA>
</WRMHEADER>
</ContentHeader>
<CLIENTINFO>
<CLIENTVERSION>2.0.0.1446</CLIENTVERSION>
</CLIENTINFO>
<RevocationLists>
<RevListInfo>
<ListID>ioydTlK2p0WXkWklprR5Hw==</ListID>
<Version>11</Version>
</RevListInfo>
<RevListInfo>
<ListID>gC4IKKPHsUCCVhnlttibJw==</ListID>
<Version>11</Version>
</RevListInfo>
<RevListInfo>
<ListID>BOZ1zT1UnEqfCf5tJOi/kA==</ListID>
<Version>12</Version>
</RevListInfo>
<RevListInfo>
<ListID>Ef/RUojT3U6Ct2jqTCChbA==</ListID>
<Version>34</Version>
</RevListInfo>
</RevocationLists>
<LicenseNonce>e7NgfwBi1xX/egdgV9BrWQ==</LicenseNonce>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://schemas.microsoft.com/DRM/2007/03/protocols#ecc256" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>WMRMServer</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>W13Rs+iFyn5Qgh8iAduenxsRw3w2mOTNhfOPI6Fwv5kIn93cCauDFJexka6jtQHJ+by8wyTv4u7RofeZW9G8NakvV0JpGg7d5rEg1q1XMwy267Hecnch75FKEPSiydx2NU83IambHenRhJJ5gg3/u1aVpaXsCVtnQsv5pt5L+JM=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>cWEqivcZkvs9Le02WXFsSnCn8W+J87cN0a0/6IXZ1OIYJ8ZgVE2Bf6J14Destd4rYxKonQiMZ5mL+LZytuq7dA8LGFASKUNGKynx887tdMDMbwJnBQAllE593kUqnD4XIyKO04APahlQ1k4ezBrTU3o0TD8ssIN2OxxW4NdoNMPc+rlrPMY31hXVoIdUV7viueMRFcokDgDk/vii3yrHfLpx+iyVINhYhye1Oh0JsKc8Fkz/O1XfSrCVQzVZHI3Hui62r/Pf9H1kblv7CXo1H7Vno8trNq2zsEj96lz2b2GgYpbbiMHBJAMmIjsR6o9z3KUbOIh0eIrupDLTTvITDXDX8Q9x1A9dsDOJJGWMgWUT2n0Ay6GIzATojlMfp9eCti2gJNWv+vWKJD0k2k/COk71mcWttGgA4dnxUqCkkr7wSI/mAmxb/ZHaNFBoF55sUTycsoYrucD60XHeZA3OB/1NIodczWfMwCE1UGiSXpafdxDsBxgdlDXQxHzlWXhQBzVWNdjpdLVv7NMteA8t6MqmD+i+xlOD/rI5ZWb9uNmBNMNF2KkgBLHx9NQx5BQReQonL1wHcEfk/SjiovRFx33aYkfDZZwx1QmIR6xhksktwpvO/z0Bud9II3gle/Is5XgQwXET25KRvJ/pZlIvwXuklpgzBFMTU71RbaKWWTeLk9zddw0bb0O/dNm8HX6JmZIv1VHz/D/p0l7L+JyG5xl1DxxIxJOIuVkhucdFJDVRlMbNXp2/hMTKpK9Ph70TQNJx2hOvSEFwOjGsUpaGOI8z6r3zFpObg3w6VpeCBQNipekxSvgcedk2DNELYsFvTn5moxPEwCrPwYurg3dBbzSvgfZm67H/h319B/spg76MGiTauXl54LkOKQC2gWF/t7e9bV0NBZR5cAPwa346d5hWPnU/s1hAEKh8k5PZfQlHX9MY4ktYHe+16y4GhlN4FXF8fvnOlTYWZAa6UJyJycqHOeg5S/wb5qcx8HTJ7WXaz6EYN1f3ZLM+ziCRFL7DPBPs9fx4bpxIE01MjnDsCNQq1TJRtHJbjnhjZTyI77c17myN/rmauyZAeTgSeuVzEKwNi/UV2TQIxxFVlN0wMcoh8AHPuvuAU9MailoAHfRBvx46ksCD0l4GMssfMCqhLx54A0O8lwsmnVHfFBPMYwPXu3JJqiher9hsy9bzBtEOulLiiDpnA8ABZnRxH5aPo0cY5HjwUbinupJ5Zy+WeC1l6581ikQ2rRAFX68G7FabDqvhKJ9ruVOk3xw1k82IMsHrLxrxjPFh7+V3ixmg3/d/ExXRoayKVFTAax6c3e3sZaC7xopt9l0SFG8zLtMs9MyN6zH8J9P7/d2J8aU7Jvp+QU8G2b8+20Ci1BxIG04XEec1eSemcgTQ3AbwoCpN6UmZpe9EgkcfQcaXw0VyQSnk96xDrW1BkbCCBlqXWyYCNs335i/KcmbVgSICd/RJJlMTcDZx+TkUVSO52WPIYXKcMGhQi7KGND6R1PgEE1TFRRj7CeRWbswSzt3b/mDSy+T3Pg3v0miGN/sxulFrNJJpdnpExkWb2LDkFgO2N+GMZ2uHNdbE8JiXEgXiqbtRWpT/tfpp71YwQVsnRSgUUXnGop79wtfEtFC8sAQ/0v2Tj1+Nstf58t7rf8lOkY3dEVYxidLrgqfSpnkkJqmBAlhN5ZNXBv9ui/Ah1aY706tOPdMKsjHbz7LS9GPDeApYfVSsHGGVUMp5Ms0U7FlsqIDgcQR8SzDuhJen764U8lbj8nsWMFUkex5lTS5d4+mw/ysR1zd4BN6MYTMFqNRSLQEqaZQCft8pBTZ4QRnyJ9h8JrC+vdAI1jl69EaJfo+WgLMr+yG2Q9hM/qtMePqLmi+4ZwO4eszdt23d7437ueY7052yjaa5f42HQsul6qzkfKIs5jdu4oVFS2L3NycemiO6VSj8lp48WvlvPMTPihHuavxwrt/LQeM7NQg+Or1v2z9pyF/JN9gbUI72h6qfoN2/DlcPqmXBYb0TZaaXFrvZ2xllcAPHq/d8hdOpJ+aRS0+IV7ivIcftlPByr958Bmw2kkmNqZi4nwkfmilYQ3aVOr6GHgKRq76llVMhQBUc3c0WB2HCppwPz9j3kw9XY/72GnlnVCVkS+Ju864WbyKMNeWS5kHOyGdwgyRulidv7HiEZymOuL9npAKjso8kO+9aCLj5Wm1zylqudA15EhZaseD5ljK7c9dM0zYJcwe01MZHkUSqts1M4g9M83wLCllA6Hedfkb+niYKTTfcnnhNpLxQwkC3MMOhvl9ytGoW0jdAuYW+ubKR/mroAho5WisS64tLWR3Eo9NQoA224jIz7tHcMIMwQ+mH/SEUBy7qKRwTT5wmgJIDMjZckbeZAC3WsUgwvkkBL9Y5wQ8RuGMrfJMbCuU39w+FrH4We/JlmA6B+ArdWxkgxhvCCTk0WN1Zg/IOV6iWVNbGDmMqRVWijzDUC0CYP7ppk4c+VXDLfFKe04by9waIZW1h6aAavfvmbHZGw6b35keOS1VGfTlGGcSbfrIMwlRwV8AT+dgP1CU+gzhc9N+Os96ByplnsjtpPEoY2MN0QPziT5NLeCdBf8prtX8EOujnrW8enfubA/1qiROQsG+hWYIXyEG6SiIDq8y9dIIjB8DIe1rLcJzdBp17ajafy0ZyBAwt/3wA+37r1H26gcyfoAufBopK7JlnKOHoe1EU5MtCl+ZcoEJPXybE0GP4Q4Wdx/dhVFybMAt3BKnflx/zqWFDAItoru3gVqbFZZ4evhmSUcnL0xmzFvR89KFEIhNste8bq2AxZt5av/V+uTBFvWoHsdOhv8RIrL4o8SeGRWzgZ9gcQf8ieeFMaQSqaMKHiYfu99H/LVZpq0/YdRKs6pTKWFpfQXBXCQUO9IWQS98ddvyAKjwkq+Jzskg1yhIYJHU/jiq+yKPAsDLeD+WXovXeWPEEubkIT60g9Sb7GX6XYs2fnkR78DzxpMI8kyBs6EVwpgpeFBqH99rASOr8FrwHcFF0TAY8YtMiy+PK08xgMcrOg/0sLIoIWzQ7M25ttfKJtP+z/YA/4yi4hSxBojSbvxh8B41k044Q/ZI776ZAFp618QfDbwvS4Hh/42akPyA2Y8wjH+VoDesuxVzzr4g4pBMCWNVk7Q5WhfsoaA0WiV+mhK4VcPxMms8sGBGoZllQnwPh7JYy9Hz0wDg0OUAe8BLv/YwETYZwa0qlkLl4OMPAy8bSG8wo4TJeUubVF9FJeswXUt5K/FIv6S3AroecmGih9XIHNKnST9BTlcDSoxsLMfoYrQmFr8xJyJw/i+DtZr2zC1CUqBNGyvov9qFatys/HDe18KO51O/ahyUSjHEsCPCqxQfoQstvD7ZE/SN8c3ZZLNBqQ4SPY2jPqtsmzVch4HTzhpFxyqXwe2uHaccCuNwlSmewDY2VkQDbWdvRPHzLPsHOPZJdcVvRw/C8S4wJNZ03GDiYHThJjWv7wgnpIUA/i68u7t6uS33xlPAlytIefnNpXA5bc6QDTzKJW9gwJ8hlxcsHxfO8d3+oij9/vqDQMG9j0EponBs1ewNaGTg8rniisnATQwQEZo4USNTE+VneWnaY1wLOSExCIv6glJ+oMfPvZT/pq/uhz6C7u7gfvVvTG3eY3/srKRE5baKwI8MJCEEqmWonHM5C+NRboRFMpqO5AR5X27YrSsa38xen8f1VHnzYLFr0UdkprbLbm/dvFpaxivYTqfCVQEXaFMTfNp884OylSAcmvNZbUvrCyritL5xiBm/1rxypDprDv0X0C1WR9rfGilbpqc8MdqcBgmsSpJO1zW43LBBPI6U4/oBlpYKx+T2ovlq/zdgwrtmX/rp6BB+nXFtWdgJZWYN+4cwF0FooIAF8hXNiJGWR9tVPipT7s00BaL0u8udR59W/2T79vUIt0PMpuVHFmp7ZSZumsr2W1pTybmmuj5Lv54XoXryTE63GZYZRhiEE5uS3hwSWLqxd0xyCnz6ThuWaS6N0+rlxDVM+9Z1rlIhR4C5YJ5LJ2xpZFsS1apXPLm+QQ7SM1lspF/bSlHv4m3/LJqaK/sbaLAaxORDF1uE6</CipherValue>
</CipherData>
</EncryptedData>
</LA>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://schemas.microsoft.com/DRM/2007/03/protocols#ecdsa-sha256" />
<Reference URI="#SignedData">
<DigestMethod Algorithm="http://schemas.microsoft.com/DRM/2007/03/protocols#sha256" />
<DigestValue>Y6z9FSz2qWpvIN823wrK13in0TnWGoAcPCKw9KlWZPk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>u45hKzad6Wir2SLSY7WTkTxpziPY2w5WTiLbNSb0RyciFV8Xm2aFyLbOCpMW33ZYubN59lsaZy8fAjUsr7ManA==</SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyValue>
<ECCKeyValue>
<PublicKey>2sumijs/TOhMhxwvkmjp4nXwJku8UXFHU+oY4fg+sRTp/pM7O3/w4k4QXAAn69pHahdLN+6OGpnQfwTv4xzGCQ==</PublicKey>
</ECCKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</Challenge>
</challenge>
</AcquireLicense>
</soap:Body>
</soap:Envelope>
server response:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<AcquireLicenseResponse xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols">
<AcquireLicenseResult>
<Response xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols/messages">
<LicenseResponse xmlns="http://schemas.microsoft.com/DRM/2007/03/protocols">
<Version>1</Version>
<Licenses>
<License>WE1SAAAAAAN7s2B/AGLXFf96B2BX0GtZAAMAAQAAAVAAAgAEAAAACAADAAIAAAAyAAAADQAAAAoAAQABADIAAAAMAAAAIgABADQAAAAKAJYAAAAzAAAACgABAAMACQAAAPIAAQAKAAAAnu/fO2o/nhNLgZV4tDe9wEMAAQADAIDB6u6Ltq5a8s2SvNkd4kAVzxDnlUysqzX6k5epsJ4iNaZaFyLTtpgVjTRQP2lgDeJaJSIObuf2yd2Qd1tWIQDk4gXxCbUPL8NJgdvl6d4z2xBIvJq4Ol3KDiHgkYn6mYEyniIm+2IWZUrUWsKo6Z2brnsoe3GoYoNmXkJ5+kyMOgAAACoAAABMAAEAQDrjNbZngMLUdzVuWakTkwXziavX6rZhzIaQJYQOWLtJSqiFpiWTutb777SRP48Zvx2FMpyqhGdjn53dLmsiRDYAAQALAAAAHAABABB8/phYFmuGw7Y3HoQs0swN</License>
</Licenses>
<Acknowledgement>
<TransactionID>5c062475-4b2c-48e6-9b0b-54fce5b2b770</TransactionID>
</Acknowledgement>
</LicenseResponse>
</Response>
</AcquireLicenseResult>
</AcquireLicenseResponse>
</soap:Body>
</soap:Envelope>
how do i create the License from the client request and my 16 byte key?

Check security header in Mule http:listener

I have a need to check some security HTTP header (called for example X-MyApp-Security) value before processing it after Mule http:listener. Header should be checked like basic auth header but more simply.
I found some Mule documentation about this but don't understand how to use it my simple flow:
<http:listener-config name="HTTP_Listener_Configuration" host="${httpServer.host}" port="${httpServer.port}" doc:name="HTTP Listener Configuration" />
<flow name="planadoWebhookFlow">
<http:listener config-ref="HTTP_Listener_Configuration" path="/" doc:name="HTTP" allowedMethods="POST"/>
<set-payload value="Hello from security area!" doc:name="Set Payload"/>
</flow>
Please help me with header authentication in Mule 3.7.
You can use the "http:basic-security-filter" element, here you have an example:
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:spring="http://www.springframework.org/schema/beans"
xmlns:scripting="http://www.mulesoft.org/schema/mule/scripting"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns:jms="http://www.mulesoft.org/schema/mule/jms"
xmlns:vm="http://www.mulesoft.org/schema/mule/vm"
xmlns:file="http://www.mulesoft.org/schema/mule/file"
xmlns:ftp="http://www.mulesoft.org/schema/mule/ftp"
xmlns:db="http://www.mulesoft.org/schema/mule/db"
xmlns:mule-xml="http://www.mulesoft.org/schema/mule/xml"
xmlns:jersey="http://www.mulesoft.org/schema/mule/jersey"
xmlns:json="http://www.mulesoft.org/schema/mule/json"
xmlns:ws="http://www.mulesoft.org/schema/mule/ws"
xmlns:smtps="http://www.mulesoft.org/schema/mule/smtps"
xmlns:email="http://www.mulesoft.org/schema/mule/email"
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:mule-ss="http://www.mulesoft.org/schema/mule/spring-security"
xmlns:ss="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/scripting http://www.mulesoft.org/schema/mule/scripting/current/mule-scripting.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/jms http://www.mulesoft.org/schema/mule/jms/current/mule-jms.xsd
http://www.mulesoft.org/schema/mule/vm http://www.mulesoft.org/schema/mule/vm/current/mule-vm.xsd
http://www.mulesoft.org/schema/mule/file http://www.mulesoft.org/schema/mule/file/current/mule-file.xsd
http://www.mulesoft.org/schema/mule/ftp http://www.mulesoft.org/schema/mule/ftp/current/mule-ftp.xsd
http://www.mulesoft.org/schema/mule/db http://www.mulesoft.org/schema/mule/db/current/mule-db.xsd
http://www.mulesoft.org/schema/mule/xml http://www.mulesoft.org/schema/mule/xml/current/mule-xml.xsd
http://www.mulesoft.org/schema/mule/jersey http://www.mulesoft.org/schema/mule/jersey/current/mule-jersey.xsd
http://www.mulesoft.org/schema/mule/json http://www.mulesoft.org/schema/mule/json/current/mule-json.xsd
http://www.mulesoft.org/schema/mule/ws http://www.mulesoft.org/schema/mule/ws/current/mule-ws.xsd
http://www.mulesoft.org/schema/mule/smtps http://www.mulesoft.org/schema/mule/smtps/current/mule-smtps.xsd
http://www.mulesoft.org/schema/mule/email http://www.mulesoft.org/schema/mule/email/current/mule-email.xsd
http://www.mulesoft.org/schema/mule/spring-security http://www.mulesoft.org/schema/mule/spring-security/3.1/mule-spring-security.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
">
<spring:beans>
<ss:authentication-manager alias="authenticationManager">
<ss:authentication-provider>
<ss:user-service id="userService">
<ss:user name="user" password="password" authorities="ROLE_ADMIN" />
<ss:user name="anon" password="anon" authorities="ROLE_ANON" />
</ss:user-service>
</ss:authentication-provider>
</ss:authentication-manager>
</spring:beans>
<mule-ss:security-manager>
<mule-ss:delegate-security-provider name="memory-provider" delegate-ref="authenticationManager" />
</mule-ss:security-manager>
<http:listener-config name="HTTP_Listener_Configuration" host="localhost" port="9091" doc:name="HTTP Listener Configuration"/>
<flow name="testingFlow">
<http:listener config-ref="HTTP_Listener_Configuration" path="/*" doc:name="HTTP"/>
<logger message="Before Authentication" level="INFO" doc:name="Log Failure"/>
<http:basic-security-filter realm="mule-realm"/>
<logger message="After Authentication" level="INFO" doc:name="Log Failure"/>
</flow>
</mule>
You can find more information in the next link:
https://docs.mulesoft.com/mule-user-guide/v/3.7/http-listener-connector#authentication

apigee statistic collector/custom reports not working

I'm stuck at generating custom reports using Statistics Collector.
My scenario,
I have an BaaS DB with a collection named "icustomer" which has few name/value pair's.
I created a proxy(icustomer) to display an specific Customer(Resource name- specificcust) depending on unique "cust_id".
For Specific Customer I did "extract variable and assign variable policies" which is working fine.
Now to get custom reports I again added an Extract Variable policy to extract cust_id from JSON Path and then added and Statistic Collector policy to get stats.
Then I created an new report from Analytics and saved it. But reports aren't generated. All I get is "NO_ID" report.
Where did I go wrong?
Proxy Endpoint Code
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ProxyEndpoint name="default">
<Description/>
<PreFlow name="PreFlow">
<Request/>
<Response/>
</PreFlow>
<Flows>
<Flow name="specficcust">
<Description/>
<Request/>
<Response/>
<Condition>(proxy.pathsuffix MatchesPath "/{cust_id}") and (request.verb = "GET")</Condition>
</Flow>
</Flows>
<PostFlow name="PostFlow">
<Request/>
<Response/>
</PostFlow>
<HTTPProxyConnection>
<BasePath>/icustomer</BasePath>
<VirtualHost>default</VirtualHost>
<VirtualHost>secure</VirtualHost>
</HTTPProxyConnection>
<RouteRule name="default">
<TargetEndpoint>default</TargetEndpoint>
</RouteRule>
</ProxyEndpoint>
Target Endpoint Code
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TargetEndpoint name="default">
<Description/>
<PreFlow name="PreFlow">
<Request/>
<Response/>
</PreFlow>
<Flows>
<Flow name="specficcust">
<Description/>
<Request>
<Step>
<FaultRules/>
<Name>Extract-Variables-1</Name>
</Step>
<Step>
<FaultRules/>
<Name>Assign-Message-1</Name>
</Step>
</Request>
<Condition>(proxy.pathsuffix MatchesPath "/{cust_id}") and (request.verb = "GET")</Condition>
<Response/>
</Flow>
</Flows>
<PostFlow name="PostFlow">
<Response>
<Step>
<FaultRules/>
<Name>Extracting-for-Stats</Name>
</Step>
<Step>
<FaultRules/>
<Name>Statistics-Collector-1</Name>
</Step>
</Response>
<Request/>
</PostFlow>
<HTTPTargetConnection>
<URL>https://api.usergrid.com/siddharth1/sandbox/icustomer</URL>
</HTTPTargetConnection>
</TargetEndpoint>
Extracting for Stats code-
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ExtractVariables async="false" continueOnError="false" enabled="true" name="Extracting-for-Stats">
<DisplayName>Extracting for Stats</DisplayName>
<FaultRules/>
<Properties/>
<IgnoreUnresolvedVariables>true</IgnoreUnresolvedVariables>
<JSONPayload>
<Variable name="customer_id">
<JSONPath>$.entities[0].cust_id</JSONPath>
</Variable>
</JSONPayload>
<Source clearPayload="false">response</Source>
<VariablePrefix>apigee</VariablePrefix>
</ExtractVariables>
Statistics Collector code-
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<StatisticsCollector async="false" continueOnError="false" enabled="true" name="Statistics-Collector-1">
<DisplayName>Statistics Collector 1</DisplayName>
<FaultRules/>
<Properties/>
<Statistics>
<Statistic name="test_cust_id" ref="customer_id" type="STRING">NO_ID</Statistic>
</Statistics>
</StatisticsCollector>
Your ExtractVariables specifies a VariablePrefix of "apigee". I would expect the extracted field to be accessible from apigee.customer_id instead of just customer_id, which would return null in the StatisticsCollector check. I think that's why you are getting your default "NO_ID".

I cannot get Mule to send an HTML formatted email

I have tried all I can think of string-to-byte-array-transformer, no string-to-byte-array-transformer, and I still get the email sent in plain/text format.
Here is my gmail version when I show original message:
Subject: Why no markup?
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-Path: rufus#abc.com
<html><head><meta http-equiv="Content-Type" content="text/html" charset="us-ascii"/></head><body><p>An HTML paragraph</p></body></html>
Please shine a light on what I am doing wrong.
Thanks, Don
Below is a simple test case:
<mule xmlns:scripting="http://www.mulesoft.org/schema/mule/scripting" xmlns:smtp="http://www.mulesoft.org/schema/mule/smtp" xmlns:quartz="http://www.mulesoft.org/schema/mule/quartz"
xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:spring="http://www.springframework.org/schema/beans"
version="EE-3.5.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.mulesoft.org/schema/mule/scripting http://www.mulesoft.org/schema/mule/scripting/current/mule-scripting.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/smtp http://www.mulesoft.org/schema/mule/smtp/current/mule-smtp.xsd
http://www.mulesoft.org/schema/mule/quartz http://www.mulesoft.org/schema/mule/quartz/current/mule-quartz.xsd">
<flow name="htmlemailtestFlow1" doc:name="htmlemailtestFlow1">
<quartz:inbound-endpoint jobName="Q1" repeatInterval="60000" responseTimeout="10000" doc:name="Quartz">
<quartz:event-generator-job />
</quartz:inbound-endpoint>
<scripting:component doc:name="Groovy">
<scripting:script engine="Groovy">
<scripting:text><![CDATA[return '<html><head><meta http-equiv="Content-Type" content="text/html" charset="us-ascii"/></head><body><p>An HTML paragraph</p></body></html>']]></scripting:text>
</scripting:script>
</scripting:component>
<string-to-byte-array-transformer mimeType="text/html" doc:name="String to Byte Array" />
<smtp:outbound-endpoint host="mail.abc.com" to="dharrington#abc.com" from="rufus#abc.com" subject="Why no markup?"
responseTimeout="10000" doc:name="AsnEmail" mimeType="text/html" />
</flow>
</mule>
Do you have to set the contentType on the connector:
<smtp:connector name="smtp"
validateConnections="true" contentType="text/html" />
As described in the previous comment, graphically, it is enough to make the configuration of the image if you can not apply it by code

Resources