Customizing HTTP responses and status codes when an HTTP method is not allowed

Document created by goeer03 Employee on Jun 1, 2015
Version 1Show Document
  • View in full screen mode

Background

The CA API Gateway can be configured to allow a whitelist of acceptable HTTP request methods for a published service. As of version 8.2.00, the Gateway will return an HTTP 500 Internal Server Error when an inbound request does not adhere to the HTTP method whitelist. Development incident SSG-9565 was opened to address this deficiency and the attached policy was created by the CA API Gateway support team as an interim workaround pending future resolution of this issue.

This policy fragment will perform a JDBC query against the local Gateway cluster's database for information on the acceptable HTTP methods for a particular service. A whitelist of acceptable methods will be stored in the Gateway application's caching implementation. The policy will validate the HTTP method of inbound request against the whitelist and adjudicate the request message accordingly. If the request message does not adhere to the whitelist then a customized HTTP error status and response will be transmitted to the service consumer

Implementation

This policy should be deployed in a message-received global policy fragment. This policy fragment ensures that the default process for inspecting the HTTP method is bypassed. There are two assertions that should be modified by an administrator or policy author:

  • The Set Context Variable assertion on line #2.
  • The Customize Error Response assertion on line #18

 

Perform the following procedure to publish this policy fragment

  1. Log in to the Policy Manager as an administrative user
  2. Right-click the root folder in the Services and Policies window
  3. Select Create Policy
  4. Select Global Policy Fragment from the Policy Type drop-down box
  5. Select message-received from the Policy Tag drop-down box
  6. Specify a name in the Name text field
  7. Import the attached policy fragment

The policy will require an existing JDBC connection to the local Gateway. If one does not exist then the Resolve External Dependencies Wizard will appear. If a JDBC connection needs to be created then proceed through that wizard as follows:

  1. Select the Change assertions to use this JDBC connection radio button
  2. Click the Create JDBC Connection button
  3. Click OK to accept the default settings
  4. Click Finish to import the dependency
  5. Save the policy and exit

Outcomes