<div dir="ltr">Yes that is the UI option I was referring to.<div><br></div><div>If the request payload is being parsed without that option being set, then there is a bug in the Apiman gateway. I will write up a bug report for that so that @marcsavy can have a look. :)</div><div><br></div><div>-Eric</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 26, 2018 at 4:36 AM, 林 柏廷 <span dir="ltr"><<a href="mailto:btlin1025@hotmail.com" target="_blank">btlin1025@hotmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
Dear Eric</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
Thanks for your helpful information.</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
I can get request body with IPolicyContext object. </div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
Besides, you also mentioned <u>enable this on a per-API basis in the apiman UI.</u></div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Is It "Enable stateful request payload insepction" in API implementation tab?</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
I'm wondering because I didn't enable this option but can still get the request body in doApply() with IPolicyContext.</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
What is the difference if I enable this option?</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Thanks</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Regards</div>
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<hr style="display:inline-block;width:98%">
<div id="m_-338131347025328374divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>寄件者:</b> Eric Wittmann <<a href="mailto:eric.wittmann@redhat.com" target="_blank">eric.wittmann@redhat.com</a>><br>
<b>寄件日期:</b> 2018年4月25日 下午 08:15<br>
<b>收件者:</b> 林 柏廷<br>
<b>副本:</b> <a href="mailto:apiman-user@lists.jboss.org" target="_blank">apiman-user@lists.jboss.org</a><br>
<b>主旨:</b> Re: [Apiman-user] Is it possible blocking request after request body parsing?</font>
<div> </div>
</div><div><div class="h5">
<div>
<div dir="ltr">Yes there is a feature where apiman will parse the request BEFORE applying the policies. This will make the HTTP request body available to all policies in the chain, should they need them.
<div><br>
</div>
<div>You can enable this on a per-API basis in the apiman UI.</div>
<div><br>
</div>
<div>When this feature is enabled, your custom policy can access the request body as an object found in the
<span style="color:rgb(36,41,46);font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;font-style:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);float:none;display:inline">
IPolicyContext</span> object. For example:</div>
<div><br>
</div>
<div><span style="color:rgb(36,41,46);font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;font-style:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);float:none;display:inline">Object
payload = context.get</span><span style="color:rgb(36,41,46);font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;font-style:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:pre-wrap;word-spacing:0px;background-color:rgb(255,255,255);float:none;display:inline">Attribute("apiman.<wbr>request-payload");</span><br>
</div>
<div><br>
</div>
<div>The type of thing that you get depends on the API's endpoint type. The endpoint type might be JSON, XML, or SOAP. I think it might be possible to have some other kind of endpoint type, but those three are handled by the request body parser feature.</div>
<div><br>
</div>
<div>Here is what you'll get as that payload object, depending on endpoint type:</div>
<div><br>
</div>
<div>JSON - Java Map object as a result of parsing the JSON data using Jackson</div>
<div>XML - org.w3c.dom.Document</div>
<div>Soap - javax.xml.soap.SOAPEnvelope</div>
<div>Anything Else - byte[]</div>
<div><br>
</div>
<div>So for example, if your endpoint type is XML, then you could do this in your policy implementation (in the doApply() method):</div>
<div><br>
</div>
<div><span style="font-style:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;color:rgb(36,41,46);font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;white-space:pre-wrap;background-color:rgb(255,255,255);float:none;display:inline">org.w3c.dom.Document
requestBody = (org.w3c.dom.Document) context.get</span><span style="font-style:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;color:rgb(36,41,46);font-family:SFMono-Regular,Consolas,"Liberation Mono",Menlo,Courier,monospace;font-size:12px;white-space:pre-wrap;background-color:rgb(255,255,255);float:none;display:inline">tAttribute("apiman.<wbr>request-payload");</span><br>
</div>
<div><br>
</div>
<div>And then you could make some decision using the request data and e.g. call doFailure().</div>
<div><br>
</div>
<div>Also note - you can *change* the request body at this point as well. For example you could apply a XML Transformation to the w3c Document, resulting in a new w3c Document object, which you could store in the Policy Context (at the same key, obviously).
That new document would then get serialized and sent as the request body to the backing API impl. There may be some Content-Length issues if you do that, I can't remember...</div>
<div><br>
</div>
<div>-Eric</div>
<div><br>
</div>
</div>
<div class="m_-338131347025328374x_gmail_extra"><br>
<div class="m_-338131347025328374x_gmail_quote">On Wed, Apr 25, 2018 at 1:29 AM, 林 柏廷 <span dir="ltr">
<<a href="mailto:btlin1025@hotmail.com" target="_blank">btlin1025@hotmail.com</a>></span> wrote:<br>
<blockquote class="m_-338131347025328374x_gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div style="font-family:Calibri,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<div>Hi all,</div>
<div>I would like to customize a policy, which parses the request body and blocks the request in case.</div>
<div>in <a href="http://www.apiman.io/latest/developer-guide.html" target="_blank">
http://www.apiman.io/latest/de<wbr>veloper-guide.html</a> 4.2.1.2 IData policy, it describes:</div>
<div>The request or response body will not begin streaming before the corresponding doApply has been called, however, it is still possible to interrupt the conversation during the streaming phase by signalling doFailure or doError.</div>
<div>When I trace the transformation-policy source code, doApply() executes before getRequestDataHandler() which matches the description.</div>
<div>In doApply() I can blocks the request via chain.doFailure() however I have no idea how to interrupt/block request in getRequestDataHandler().</div>
<div>Besides, I found following mail group which is similar to my question.</div>
<div>Eric also points it's possible to parse the body before apply in request:</div>
<div> </div>
<div><b>On Thu, Feb 2, 2017 at 10:31 PM, Eric Wittmann <</b></div>
<div><b>eric.wittmann at <a href="http://redhat.com" target="_blank">redhat.com</a>> wrote:</b></div>
<div><b><br>
</b></div>
<div><b> The bottom line here is that you cannot return a Policy Failure (or</b></div>
<div><b> customize it) based on information in the response body. The response is</b></div>
<div><b> streamed from the back-end to the client, and at the time streaming begins,</b></div>
<div><b> the response code and HTTP headers have already been sent.</b></div>
<div><b><br>
</b></div>
<div><b> It sounds to me like you're asking for a feature where you can parse</b></div>
<div><b> the response body *before* the policy's "apply" method is invoked. we have</b></div>
<div><b> such a feature for requests, but not for responses. I suspect core changes</b></div>
<div><b> to apiman would be required to enable that. It seems like a reasonable</b></div>
<div><b> request to me, as long as users of the feature understand the performance</b></div>
<div><b> and memory requirements of enabling it.</b></div>
<div><b><br>
</b></div>
<div><b> -Eric</b></div>
<div><br>
</div>
<div>Thanks for any comments in advance.</div>
<div>Kind Regards</div>
<div>BT</div>
<br>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
Apiman-user mailing list<br>
<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/apiman-user</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div></div></div>
</blockquote></div><br></div>