[Dev] APIM 2.0.0 Unable to push resources to the registry using the Java API

Fri, 19 Aug 2016 06:29:44 -0700 

Hi,

Using the Java API to push resources to the registry of APIM 2.0.0 fails. The 
same code used against APIM 1.10.0 succeeds.

Example code to reproduce is of the sort

> public class RegClient { 
>     public static void main (String args[]) throws RegistryException, 
> MalformedURLException { 
>         System.out.println("Accessing Registry Resource"); 
>          
>         String tenantDomain = “mytenant.com <http://mytenant.com/>"; 
>         String url = "https://localhost:9443/t/ 
> <http://gatewaymgt.api.cloud.wso2.com/t/>"+tenantDomain+"/registry"; 
>         String userName = “ad...@mytenant.com 
> <mailto:p...@spidasolutions.com>"; 
> 
>         String password = “admin"; 
> 
>         System.setProperty("carbon.repo.write.mode", "true"); 
>       
> 
>         //Get the file which needs to be added to the registry
>         File file = new File(“/home/bob/Desktop/myPayload.json"); 
>         RemoteRegistry remote_registry = new RemoteRegistry(new URL(url), 
> userName, password); 
> 
>         //Import the file to config registry
>         RegistryClientUtils.importToRegistry(file ,"/_system/config" 
> ,remote_registry); 
>          
>         //Export  from registry 
>         //RegistryClientUtils.exportFromRegistry(file 
> ,"/_system/governance/SomePayload.json" ,remote_registry);
>          
>         System.out.println("Done"); 
>     } 
> 
> }


the call to  RegistryClientUtils.importToRegistry(file ,"/_system/config" 
,remote_registry);  will fail.

Regards,

Alan

Typical exception is:

Caused by: org.wso2.carbon.registry.core.exceptions.RegistryException: Add 
resource fail. Suggested Path: 
/_system/governance/apimgt/applicationdata/customdata/somedata, Response 
Status: 403, Response Type: CLIENT_ERROR
        at 
org.wso2.carbon.registry.app.RemoteRegistry.put(RemoteRegistry.java:543)
        at 
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:113)
        at 
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102)
        at 
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102)
        at 
org.wso2.carbon.registry.core.utils.RegistryClientUtils.processImport(RegistryClientUtils.java:102)
        at 
org.wso2.carbon.registry.core.utils.RegistryClientUtils.importToRegistry(RegistryClientUtils.java:65)


And in the APIM log we see typically

[2016-08-18 15:57:34,699]  WARN - JavaLogger potential cross-site request 
forgery (CSRF) attack thwarted (user:<anonymous>, ip:127.0.0.1, method:POST, 
uri:/registry/atom/_system/governance/apimgt/applicationdata/customdata/somedata,
 error:required token is missing from the request)



                 <http://www.spidasolutions.com/>                               
Alan Tucker <mailto:a...@spidasolutions.com>
Spida Solutions <http://spidasolutions.com/>
London • Bath • UK 
+44 (0)78 0308 4376 <tel:+44-780-308-4376>
+44 (0)12 4981 5081 <tel:+44-12-4981-5081>
www.spidasolutions.com <http://spidasolutions.com/>

 


_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to