Layer7 API Management

  • Private Community

  • 1.  Customize default error response?

    Posted Dec 12, 2018 11:28 AM

    Is there any possibility to override the default error messages(401 authentication required) produced by ca policy manager into our custom response and code. I know that customize error response assertion can be used to customize our error responses. But am not able to override error exceptions like (401 auth required)?



  • 2.  Re: Customize default error response?

    Broadcom Employee
    Posted Dec 12, 2018 12:11 PM

    You could try something like this where you setup logic to handle the failure and use a return template response to set the HTTP status code

     



  • 3.  Re: Customize default error response?

    Posted Dec 12, 2018 12:43 PM

    Thanks! But i need something configurable to handle all errors. So far i have created global policy fragments in message completed and am trying to compare error response code to produce customize error response. But when i tried to capture response code it shows 0 for few errors like authentication required(401)? Is there any other way to customize error responses for all status codes? 



  • 4.  Re: Customize default error response?

    Posted Dec 12, 2018 04:46 PM

    I had the same problem. 

     

    You can check for the basic auth header (if that's what you are using) and create a custom error. But then we ran into not being able to generate the www-authenticate header that is also required.

     

    Our goal is to never let the caller know the system details and I think some l7tech stuff shows up in the standard 401 response.



  • 5.  Re: Customize default error response?

    Broadcom Employee
    Posted Dec 31, 2018 09:35 AM

    Hi

    Did the answers on this thread answered your question? If it did please mark it as the right answer.
    When your question is not answered or you still have additional questions please let us know.

    With Kind Regards
    Dirk



  • 6.  Re: Customize default error response?

    Posted Jan 02, 2019 10:19 AM

    You can check "OTK Fail with error message" policy logic.



  • 7.  Re: Customize default error response?

    Posted Jan 04, 2019 11:17 AM

    BTW, to respond fully to your question:

    > But am not able to override error exceptions like (401 auth required)?

    At first, place near begining of your policy:

     

    You can later on define error.code, error.content-type and error.msg, to dynamically send back reponse code.

     

    For the 401, I'm guessing you're trying to find out if authentication succeded after a "Route via HTTPS" assertion.

    By default, "Route via HTTPS" will fail if error code >= 400.

    One way is to explicitely tell this assertion to "never fail", then add some policy logic to parse ${httpRouting.reasonCode}.

     

     

    Or you can live with "fail if >=400" but then modify policy logic to trap error, including special treat for "special errors" from -1 to -6. Then ultimately you can turn this error handling into a nice encapsulated assertion

    Didn't tested the following code, I've quickly copied/pasted some of our own routing error handler (and seems if special errors doesn't triggers,  it won't parse rest.... well you've got the overall idea).

     

     

    In fact our real Special error handling is an encap assertion: