Layer7 API Management

  • 1.  HTTP header handling

    Posted Mar 18, 2017 07:48 PM

    Dear all,

     

    I'am new in the community and not familiarized with the communication means. So please accept my apologies if it is not the right place to ask such question. Please find below the issue I am facing.

     

    I  am working with Policy Manager 9.2. In my policy, I would like to be able to get a custom HTTP header value of a request in a variable (e.g.: AuthenticatedUser: Username). In the response I would like, based on the aforementioned variable, to compute a token and adding it in another header. I taught that it should be an "out of the shell" feature but it looks harder than expected.

     

    Expected solution:

     

    Request header:

    [...]

    AuthenticatedUser: Username

    [...]

    **************************************

    $username = request.header.AuthenticatedUser.value

    $secret= "anysecretfromanywhere"

     

    token = f($username, $secret)

    **************************************

    Response header:

    [...]

    Token: 19edajfkladsf8zfda

    [...]

     

     

    How can I do such header manipulation ?

     

    Thank you for your help,

    Best regards,

    Greg 



  • 2.  Re: HTTP header handling

    Broadcom Employee
    Posted Mar 20, 2017 10:06 AM

    Hi Greg,

     

    To retrieve the value of a request header you should use this format: ${<target>.http.header.<name>

    ie: ${request.http.header.AuthenticatedUser} would get the value for a header named 'AuthenticatedUser'.

     

    You do not need the .VALUE suffix. To add a custom header to the response you can use the 'Manage Transport Properties' assertion. I have included some links below you will find useful.

     

    Transport Layer Context Variables - CA API Gateway - 9.2 - CA Technologies Documentation 

    Manage Transport Properties/Headers Assertion - CA API Gateway - 9.2 - CA Technologies Documentation 

     

    Regards,

    Joe



  • 3.  Re: HTTP header handling
    Best Answer

    Broadcom Employee
    Posted Mar 20, 2017 06:59 PM

    Hi Greg,

    Regarding "token = f($username, $secret)", it depends how complex of the f(), if you just want to join them together, you may use Set Context Variable as string to: $username:$secret. If it's more complex, usually you can use Apply XSL Transform, Evaluation Regular Expression, etc. And finally you should base64 encode the string with Encode/Decode Data assertion before you put it into response header.

    For those transform assertions, please refer to,

    Message Validation/Transformation Assertions - CA API Gateway - 9.2 - CA Technologies Documentation 

     

    Regards,

    Mark