That's a response, traced from Fiddler. Need to grab PCAIId for and re-user later in jmeter script.
</xs:complexType>
<xs:unique name="Constraint1" msdata:PrimaryKey="true">
<xs:selector xpath=".//PolicyChange.policychangeaoi" />
<xs:field xpath="**PCAOIId**" />
</xs:unique>
</xs:element>
</xs:schema>
From your "piece" of response I can only suggest using Regular Expression Extractor, the relevant Regular Expression would be something like <xs:field xpath="(.+?)" />
A better idea would be going for XPath2 Extractor (available since JMeter 5.0), however it is quite hard to come up with the exact configuration without seeing the full response.
Related
I am trying to make a validation of XML requests on missing or empty XML tags. I used this code
<filter description="Validate material" regex=".+"
source="//E1MARAM[not(MATNR)] | //E1MARAM/MATNR[not(text())]">
<then>
<log category="WARN">
<property name="/material"
value="validation-empty tag MATNR send back to SAP" />
</log>
<property name="HTTP_SC" scope="axis2" type="STRING"
value="500" />
<makefault version="soap11">
<code value="soap11Env:VersionMismatch" xmlns:soap11Env="http://schemas.xmlsoap.org/soap/envelope/" />
<reason value="Missing SAP parameter" />
<detail>MATNR</detail>
</makefault>
<respond />
</then>
</filter>
which beatifically checks the XML tag //E1MARAM/MATNR
My problem is that this works only when the tag is empty.
It seems like the Filter mediator with reqex .+ and xpath //E1MARAM[not(MATNR)] does not meet the condition and thus the check does not work
Any idea why? or perhaps another idea how to better validate in WSO2 ESB on missing XML tags or values without XSD? a XSD schema cannot be used, as the XML request does not have a fixed structure - typical for SAP iDoc
The easiest way is to check for an not empty string ''. This will resolve to false both when empty and when missing. Also, you do not have to use the regex to check, you can just use xpath. If you give the filter mediator an xpath expression it will resolve it as if checking a boolean.
<filter description="Validate material" xpath="not(//E1MARAM/MATNR!=''") >
This will return true if the element is either empty or does not exist. It will return false if there is a text value.
I am expecting multiple operation in one request. I need to to loop the xml to to do the following using Apache camel route.
1) get the total opertions in request xml and put in variable.
2) get total number of expression using xpath on xml and put in list
3) loop with (total number of operation ) times to evaluate the expression
First step would be list nodeList = /tractscation/operations
<loop>
<constant>nodeLIst.length</xpath>
compare and execute operation
</loop>
Above lines are just psuedo code, i want anybody help me with exact code using camel Xpath and loop. .
I am new to xpath and camel. we are using camelxpath spring DSL
if you want to loop through each node matching the xpath and process it individually, then use camel-splitter EIP...
<route>
<from uri="direct:a"/>
<split>
<xpath>/transaction/operations</xpath>
<to uri="direct:b"/>
</split>
</route>
otherwise, there is a camel-loop EIP that can be used to execute the same process a variable number of times...but the splitter is generally used for parsing/looping type of operations
from("direct:c").loop().xpath("/hello/#times").to("mock:result");
I hope it helps you =D
Inside route
<to uri="direct:WSCall" />
<split strategyRef="groupExchangeAggregationStrategy">
<xpath>//response/operation</xpath>
</split>
Velocity template
<tag>
#foreach( $exchangeItem in ${body} )
${exchangeItem.in.body}
#end
</tag>
Include
<beans>
<bean id="groupExchangeAggregationStrategy" class="org.apache.camel.processor.aggregate.GroupedExchangeAggregationStrategy" />
</beans>
Of course, I know that the script code is executed on client side. But what countermeasures should be introduced at serice side in order to provide a maximum of security concerning XSS.
Is output encoding reasonable, or are there any other countermeasures that should be applied?
[EDIT]
If I send back the content as HTML encoded, all existing XML schema files and the bean validation will be inoperative since the XSD schema as well the bean validation are using the same regular expression.
<xs:simpleType name="addressNumber">
<xs:restriction base="xs:string">
<xs:pattern value="[0-9]{1}[0-9a-z/\\ -]{0,7}" />
</xs:restriction>
</xs:simpleType>
Finally, I got the answer here on IT - Security! The most important things are:
Use a standart XML parser library that encodes characters like < and >
Check that the content-type header is set to application/xml
Add additional X-Content-Type-Options header and set the value to nosniff
Perform service side input validation (White listing is the most reliable approach)
My application can use one of two web services, lets call them WS A and WS B. Both contain the same interface.
I want to perform some logic on the HTTP headers and request channel. WS B should only used on certain request channels. To decide which channel is used I have created a Java class that takes the request channel as a String parameter.
<http:outbound-gateway request-channel="XXXXX"
url-expression="'${EL EXP}'" http-method="GET"
extract-request-payload="true" expected-response-type="java.lang.String"
charset="UTF-8" reply-timeout="3000" reply-channel="XXXXX">
</http:outbound-gateway>
I then read that the url-expression is evaluated when the context is initialised.
source : http://forum.springsource.org/showthread.php?113446-Usage-of-expressions-in-http-namespace-element-url
<int-http:outbound-gateway request-channel="requestChannel"
url="dummy"
http-method="GET" extract-request-payload="true" expected-response-type="java.lang.String"
charset="UTF-8" reply-timeout="3000" reply-channel="sysLoggerRequestChannel">
<int-http:uri-variable name="teststring" expression="test"/>
<int-http:uri-variable name="url" expression="evalClass.getDestinationForChannel(teststring)"/>
</int-http:outbound-gateway>
The problem with this approach is that the expressions in int-http:uri-variable do not seem to be evaluation.
All this makes me believe I am taking the wrong approach. Any help would be very appreciated.
If you have two separate web service end points and a way to determine which one to use per message then a Spring Integration router would be better suited to directing your messages around. This has the added advantage that you can do further processing on your messages specific to the endpoint prior to sending.
There are many many ways to configure a router, including writing an entirely custom one, so I suggest reading through that whole section to see what will work best for you.
A quick example based on message type:
<int:payload-type-router input-channel="requests">
<int:mapping type="my.business.WebServiceARequest" channel="wsA" />
<int:mapping type="my.business.WebServiceBRequest" channel="wsB" />
</int:payload-type-router>
<int-http:outbound-gateway request-channel="wsA" url="http://wsA.com/whatever"
... />
<int-http:outbound-gateway request-channel="wsB" url="http://wsB.com/foo"
... />
To refer to a Spring Bean you should use #. So instead of expression="evalClass.getDestinationForChannel(teststring)" it will be expression="#evalClass.getDestinationForChannel(teststring)".
New to Camel, and I'm trying to parse a response error xml. Within the camel-context I need to determine if a specific value exists in the error file, and handle it differently than other errors.
The other errors use a series of when statements:
<when>
<xpath>/abc:ErrorResponse/abc:Error/abc:Message/.</xpath>
<setHeader headerName="RESPONSE_STRING">
<xpath resultType="java.lang.String">/abc:ErrorResponse/abc:Error/abc:Message/.</xpath>
</setHeader>
<setHeader headerName="MY_DATA_FIELD"><constant>Error</constant></setHeader>
<to uri="def:doErrorStuff" pattern="InOnly"/>
</when>
<when>
<xpath>/ghi:ErrorResponse/ghi:Error/ghi:Message/.</xpath>
<setHeader headerName="RESPONSE_STRING">
<xpath resultType="java.lang.String">/ghi:ErrorResponse/ghi:Error/ghi:Message/.</xpath>
</setHeader>
<setHeader headerName="MY_DATA_FIELD"><constant>Error</constant></setHeader>
<to uri="def:doErrorStuff" pattern="InOnly"/>
</when>
My error XML file has an outer error element with child "Code" element. I need to parse the value of the code element
UPDATE: HERE IS THE XML I AM PARSING
<ErrorResponse xmlns="http://myhost/location1/">
<Error>
<Type>reserved</Type>
<Code>TEXT_I_NEED_TO_PARSE_IN_WHEN_STATEMENT</Code>
</Error>
<RequestId>some_id</RequestId>
</ErrorResponse>
I used a combination of xpath and 'simple' to make the check. Like this:
<when>
<xpath>/ghi:ErrorResponse/ghi:Error/ghi:Message/.</xpath>
<when>
<simple>${in.body.code} == 'StringIAmSearchingFor'</simple>
<!-- Do Stuff --!>
</when>
</when>
However, I am not getting the response I expect.
1. Is there something wrong with this approach or the syntax?
2. Is there a way to combine the double when layout so they are and-ed together. Otherwise, if I add my "when" statement just ahead of the existing two, the existing "ghi" when statement will never get executed (the xpath statements match).
You are using xpath on your input suggesting that it's XML, then simple (${in.body.code}) which in that case also would be XML. Simple is used to traverse java bodies and not other formats such as XML. Stick to XPATH all the way - your code above can easily be implemented in xpath. Another way, of course, would be to unmarshal the XML into java objects using xstream or jaxb, then you can use only simple/OGNL/groovy or whatnot.
Since I recommend you to solve this very case with xpath alone, you can of course use the xpath and operator to and several xpath expressions together. All logic and power in camel choice/when reside in the expression language you are using (be it simple or xpath), so if you want to mix expression languages, you have to build up sort of a decision tree. That could actually be something good if you are trying to implement very complex routing logic. For a single special case - it's, IMHO, just messy.