Reputation: 21
Unable to use the Java API to push resources to WSO2 API Manager v2.0.0 registry
Using the Java API to push resources to the registry of APIM 2.0.0 fails.
The same code used against APIM 1.10.0 succeeds.
Example code to reproduce is of the sort
String tenantDomain = “mytenant.com";
String url = "https://localhost:9443/t/"+tenantDomain+"/registry";
String userName = “[email protected]";
String password = “admin";
System.setProperty("carbon.repo.write.mode", "true");
//Get the file which needs to be added to the registry
File file = new File(“/home/bob/Desktop/myPayload.json");
RemoteRegistry remote_registry = new RemoteRegistry(new URL(url), userName, password);
//Import the file to config registry
RegistryClientUtils.importToRegistry(file ,"/_system/config" ,remote_registry);
//Export from registry
//RegistryClientUtils.exportFromRegistry(file ,"/_system/governance/SomePayload.json" ,remote_registry);
the call to RegistryClientUtils.importToRegistry(file ,"/_system/config" ,remote_registry); will fail. Same code run against APIM 1.10.0 works fine, as it has always done with other products like the ESB.
Typical exception is:
Caused by: org.wso2.carbon.registry.core.exceptions.RegistryException: Add resource fail. Suggested Path: /_system/governance/apimgt/applicationdata/customdata/somedata, Response Status: 403, Response Type: CLIENT_ERROR at org.wso2.carbon.registry.app.RemoteRegistry.put(RemoteRegistry.java:543) at org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:113) at org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102) at org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102) at org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102) at org.wso2.carbon.registry.core.utils.RegistryClientUtils.importToRegistry(RegistryClientUtils.java:65)
And in the APIM 2.0.0 log we see typically
[2016-08-18 15:57:34,699] WARN - JavaLogger potential cross-site request forgery (CSRF) attack thwarted (user:, ip:127.0.0.1, method:POST, uri:/registry/atom/_system/governance/apimgt/applicationdata/customdata/somedata, error:required token is missing from the request)
Upvotes: 1
Views: 1564
Answers (3)
Reputation: 12502
Try adding below line at the end of <APIM_HOME>/repository/conf/security/Owasp.CsrfGuard.Carbon.properties file.
org.owasp.csrfguard.unprotected.reg=%servletContext%/registry/*
Update: The same error occurs due to a bug in JDK 1.8.0_151.
See wso2 api manger carbon page gives 403 Forbidden
Upvotes: 0
Reputation: 21
APIM 2.0.0 is missing a line in the configuration of CSRF. The registry endpoint needs to be added to those configured for store and publisher. Add the end-point in the "Owasp.CsrfGuard.Carbon.properties" file found in the [APIM_HOME]/repository/conf/security directory. At the end of this file, add the line given below.
org.owasp.csrfguard.unprotected.registry=%servletContext%/t/*
Upvotes: 1
Reputation: 14574
It seems the API call is blocked by the CSRF Filter. Can you open carbon.xml and white-list the URL you are using and check again.
Upvotes: 0
Related Questions
- WSO2 APIM 4.0 : The requested resource is not available
- org.wso2.andes.kernel.AndesException: Unable to initialise application registry - Issue of WSO2 AM with Java 8
- Issue in adding resource to registry path in wso2 APIM
- Why APIs of WSO2 APIManager can not be called successfully?
- WSO2 API Manager - unable to access resource properties
- WSO2 API Manager "error": "no response from server"
- WSO2 API Manager Installation can not run Java
- WSO2 APIM API invocation error
- WSO2 APIM 1.10 : I'm getting following exception when i started server
- WSO2 API Manager : API Creation Issue