Skip to Main Content
Forums

Integration

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

[OSB] How to get the customized value from HTTP user-header

712188Jul 23 2009 — edited May 28 2010
Hi everyone,

I'm not able to extract the value from HTTP header by Oracle Service Bus. Here 's the scenario I'm facing:

I have a proxy service(ProxyA) deployed in the Oracle Service Bus. OSB is on the dev server, which is in a cluster mode,configured with one admin server and one managed server.
OSB stands behind a hardware load-balancer (F5).

My Proxy service requires to restrict the in-coming request from limited servers, therefore, I need to implement 'IP Filtering' in the Transport Layer.
Here's the way to configure it :
ProxyA -> Security -> Access Control(ProxyA) ->Add Conditions ->Context element's value equals a string constant
Context element name: com.bea.contextelement.alsb.router.inbound.request.metadata.http.client-address
String value : client's IP(e.g. 192.168.1.100)
->Finish
This configuration was referencing from : http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/security/model.html#wp1096324

I can capture the inbound message from OSB below:
+<con:service>+
+<con:operation>GetEmployeeInfo</con:operation>+
+</con:service>+
+<con:transport>+
+<con:uri>/StaffDemo/StaffDemoProxyService</con:uri>+
+<con:mode>request-response</con:mode>+
+<con:qualityOfService>best-effort</con:qualityOfService>+
+<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">+
+<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">+
+<http:Accept-Encoding>gzip,deflate</http:Accept-Encoding>+
+<http:Content-Length>331</http:Content-Length>+
+<http:Content-Type>text/xml;charset=UTF-8</http:Content-Type>+
+<http:Host>DEVESB1:7001</http:Host>+
+<http:SOAPAction>"http://jtc.soa.web.service/GetEmployeeInfo"</http:SOAPAction>+
+<http:User-Agent>Jakarta Commons-HttpClient/3.1</http:User-Agent>+
+</tran:headers>+
+<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">UTF-8</tran:encoding>+
+<http:client-host>LENOVO-99154B22</http:client-host>+
+<http:client-address>172.88.200.81</http:client-address>+
+<http:http-method>POST</http:http-method>+
+</con:request>+
+<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">+
+<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">+
+<http:Content-Type>text/xml</http:Content-Type>+
+</tran:headers>+
+<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>+
+</con:response>+
+</con:transport>+
+<con:security>+
+<con:transportClient>+
+<con:username>wladmin</con:username>+
+<con:principals>+
+<con:group>AdminChannelUsers</con:group>+
+<con:group>Administrators</con:group>+
+<con:group>IntegrationAdministrators</con:group>+
+</con:principals>+
+</con:transportClient>+
+</con:security>+
+</con:endpoint>+

The field: http:client-address is the one I need to filter out.

As LoadBalancer is the direct client of the OSB, therefore, http:client-address will be always the IP address of load-balancer. According to F5's documentation, we can do configuration on F5 so that ,F5 can put the real client IP address into the HTTP header, which will be message below:
<con:service>
<con:operation>GetEmployeeInfo</con:operation>
</con:service>
<con:transport>
<con:uri>/StaffDemo/StaffDemoProxyService</con:uri>
<con:mode>request-response</con:mode>
<con:qualityOfService>best-effort</con:qualityOfService>
<con:request xsi:type="http:HttpRequestMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpRequestHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
*<tran:user-header name="CLIENT_ADDRESS" value="192.168.1.1"/>*
<http:Accept-Encoding>gzip,deflate</http:Accept-Encoding>
<http:Content-Length>331</http:Content-Length>
<http:Content-Type>text/xml;charset=UTF-8</http:Content-Type>
<http:Host>DEVESB1:7001</http:Host>
<http:SOAPAction>"http://jtc.soa.web.service/GetEmployeeInfo"</http:SOAPAction>
<http:User-Agent>Jakarta Commons-HttpClient/3.1</http:User-Agent>
</tran:headers>
<tran:encoding xmlns:tran="http://www.bea.com/wli/sb/transports">UTF-8</tran:encoding>
<http:client-host>LENOVO-99154B22</http:client-host>
<http:client-address>172.88.200.81</http:client-address>
<http:http-method>POST</http:http-method>
</con:request>
<con:response xsi:type="http:HttpResponseMetaData" xmlns:http="http://www.bea.com/wli/sb/transports/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<tran:headers xsi:type="http:HttpResponseHeaders" xmlns:tran="http://www.bea.com/wli/sb/transports">
<http:Content-Type>text/xml</http:Content-Type>
</tran:headers>
<tran:response-code xmlns:tran="http://www.bea.com/wli/sb/transports">0</tran:response-code>
</con:response>
</con:transport>
<con:security>
<con:transportClient>
<con:username>wladmin</con:username>
<con:principals>
<con:group>AdminChannelUsers</con:group>
<con:group>Administrators</con:group>
<con:group>IntegrationAdministrators</con:group>
</con:principals>
</con:transportClient>
</con:security>
</con:endpoint>

Please note that the one in Bold is the header which inserted by load-balancer. Hence, the IP Filtering rule needs to change to get this IP and so far I'm not able to do that. (After a lot of search on Internet)
I have tried a few combinations below:
0. com.bea.contextelement.alsb.router.inbound.request.headers.tran.CLIENT_ADDRESS
1. com.bea.contextelement.alsb.router.inbound.request.metadata.trans.headers.user-header
2. com.bea.contextelement.alsb.router.inbound.request.metadata.http.headers.user-header
3. com.bea.contextelement.alsb.router.inbound.request.metadata.http.headers.CLIENT_ADDRESS
4. com.bea.contextelement.alsb.router.inbound.request.headers.metadata.tran.user-header.CLIENT_ADDRESS
5. com.bea.contextelement.alsb.router.inbound.request.headers.tran.user-header.CLIENT_ADDRESS
6. com.bea.contextelement.alsb.router.inbound.request.headers.http.CLIENT_ADDRESS
7. com.bea.contextelement.alsb.router.inbound.request.headers.user-header.CLIENT_ADDRESS
8. com.bea.contextelement.alsb.router.inbound.request.headers.http.Host ->ok
9. com.bea.contextelement.alsb.router.inbound.request.headers.tran.user-header.value
10.com.bea.contextelement.alsb.router.inbound.request.headers.http.user-header.value
11.com.bea.contextelement.alsb.router.inbound.request.headers.http.user-header
12.com.bea.contextelement.alsb.router.inbound.request.headers.user-header
13.com.bea.contextelement.alsb.router.inbound.request.headers.http.user-header.CLIENT_ADDRESS
14.com.bea.contextelement.alsb.router.inbound.request.headers.http.CLIENT_ADDRESS

Only the Host value can be retrieved but it's not my requirement. I'm wondering whether anyone has ever faced the same issue and if possible to have a workaround.

Thanks so much for your help.
Edmund
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jun 25 2010
Added on Jul 23 2009
#osb, #soa-process-management, #soa-suite-discusssions
3 comments
6,911 views