Is it possible to add cookie to the request while using IRestFulClient from HAPI-FHIR?
This could be done quite easily by creating a custom interceptor which adds a cookie header. You can see an example of a client interceptor which adds an authorization header here. If you copy that code but change the header from "Authorization" to "Cookie", then register the interceptor by calling
client.registerInterceptor(interceptor);
..you will get that behaviour.
Incidentally, if you create such an interceptor and wanted to share it back with the project, we'd love to have it! :)
Related
I work in project that uses microservice architecture with JWT, every thing is good but when I send the Authorization in the request from client (Angular app) it is checked by the api-gateway (ZuulFilter) and after that the request is sent to auth-server, the problem is that I don't find the Authorization in the header and every data is lost. Any one has an idea ?
The solution was to add he property sensitive-headers in zuul properties and remove "Authorization" from default value as explained here and here
Im using Jmeter to write some load tests on an API secured by oAuth.
I want to be able to reuse the header manager once the bearer token has been produced from the access token call.
However when I try to move the header manager out side of the http request the call is no longer authorised. I think its because it can no longer get the bearer token.
For Post Request, when i put the header manager outside it no longer works, it only works when I put it under the request as I have done for User get request, Delete request and Put request.
How do I make the header manager reusable and therefore only manage one header manager?
Thank you.
{"fault":{"faultstring":"Invalid access token","detail":{"errorcode":"oauth.v2.InvalidAccessToken"}}}
My expectation is that this is due to clash with the HTTP Authorization Manager
Both are Configuration Elements and both obey JMeter Scoping rules
When you move HTTP Header Manager outside the HTTP Request sampler it might be the case that Authorization Header comes from the HTTP Authorization Manager
You can check which exact header value is being sent using Request -> Request Headers tab of the View Results Tree listener
Given you manually create Authorization header for your request I believe if you disable or delete the HTTP Authorization Manager your test should start working as expected as you basically don't need it.
When i send Authorization Header from rest client(postman), also from browser, to back end springboot(2.0.3v) AuthorizationService (without API Gateway), the 'Authorization' Header will be exists and every flow works fine.
But when i send the same Header through API Gateway, The 'Authorization' Header will be missed. This header will be present in all filters of API Gate way. But it will be missed in backend(AuthorizationService)'s filter.
Kindly help what might be cause? any filter is intercepting to avoid Authorization Header? I have also registered CORS Filter with Access-Control-Allow-Origin to "" and Access-Control-Allow-Headers to "".
API gateway has a lambda proxy integrated when you are integrating lambda function with it, if ur wrapping a http url to it, you need to pass the header in Method integration section and also enable CORS by clicking on resource and manually adding the headers with custom name and enabling cors might help.
I have an API protected by basic auth. When I want to make AJAX requests against the API, the browser send an OPTIONS request which doesn't carry the Authorization header so it gets rejected and thus my AJAX call is not allowed by the browser.
I tried to configure Tomcat to not authenticate OPTIONS requests but I don't manage to get it work.
Someone to help me to get it works?
Thanks :)
I found the solution, I had to specify the list of HTTP methods on which the authentication was applied. Default is to apply on all methods.
Is it possible to know that a HTTP request is from Ajax?If yes, how?
Many frameworks add a header X-Requested-With set to XMLHttpRequest when sending an AJAX request. If you are using jQuery or Microsoft frameworks, this should work. If using another framework, you'll have to check the documentation. Since normal requests don't have the header, a check for the presence of the header should be sufficient.
If you are using your own "home-built" AJAX or the framework doesn't do this, but does allow you to set a header, you could simply follow this convention and add your own header when making the request.
Most frameworks set X-Requested-With header to state it. But standard AJAX requests doesn't.
I would assume that any request received by a server would appear to be the same (ie http post/get) and that you would need to look at the referer, but that may just give you the browser details?