No Traces in Azure API Response - azure-api-management

The Flag Ocp-Apim-Tracehas been set to true.
The API Response displays this information under the Trace Tab:
Trace location was not specified in the response or trace log is not
available.
Yet no traces are available. How does one resolve this?

To enable trace, you need to include "Ocp-Apim-Trace" and "Ocp-Apim-Subscription-Key" in request header.
If the API does not require subscription, you can still get admin subscription key in developer portal. This enforces that only admin can get tracing log. To get admin subscription key if you are an admin, go to Developer Portal -> Profile -> find your target API and copy the key.

The Ocp-Apim-Trace feature enables you to specify whether or not APIM should generate a trace file on blob storage.
Setting the header to 'true' within Postman for example, will give you back a HTTP Header in the response called Ocp-Apim-Trace-Location.
This will contain the URL to your trace file, which you can open in any browser.
You might want to install a plugin/extension to be able to format JSON files properly in order to make it easy to read.

Just setting the flag Ocp-Apim-Trace to true will not suffice.
One needs to set the subscription key as well as per this doc.
https://learn.microsoft.com/en-us/azure/api-management/api-management-advanced-policies#Trace
So, for API's which do not have a subscription key, not sure how one can get the traces

Related

Appgyver - Unable to load resource's data model - dreamfactory API

I have this json feed.
I am unable to load this into Appgyver
I have set the following required settings:
- parameter app_name with the correct value
- added the reuired header X-DREAMFACTORY-APPLICATION-NAME
I always get the Oops, Unable to load resource's data model. error
Anyone who has a clue?
I am not very familiar with AppGyver, but I know it's been used with DreamFactory successfully by others. You have not provided enough information, but I will attempt to give you troubleshooting steps from the DreamFactory side.
First, are you definitely authenticating and passing a valid X-DreamFactory-Session-Token header? I can tell that you don't have guest access enabled (to make calls without authentication) because when I navigate to your link I receive a 401 with "There is no valid session for the current request."
Second, what is the call you're making from AppGyver? Is it a GET to simply list resources of a DB called vlaamse_vinyl, or what?
Finally, if you are passing X-DreamFactory-Application-Name in addition to the URI parameter ?app_name=vlaamse_vinyl this is redundant. Perhaps that is preventing your call from succeeding.

Flash - How come I do not receive a security warning to allow cross-site requests?

I am using the URLLoader class to send data to a script that sends an email with that data; the URLLoader is also used to receive the return data on the status of the request. This email script is located on another domain (webscript.io, in this case; they host scripts written in LUA that can perform various functions when called). I don't want to have to get them to host a crossdomain.xml file, but when I visit the page to use the Flash app, I don't even get a security warning. Is that not the default action when there is cross-domain scripting in a Flash application without a crossdomain.xml file?
For your reference, here is the application: http://www.canadadocks.ca/build-dock-app/
The cross domain issues are specifically for data that your SWF is retrieving from other domains. So if you're sending data (via a HTTP POST/GET), then this is not a problem.
Also, unless you're using the debug player, you won't see the security exception that occurs.
There are also various things that will not trigger the exception: like downloading and displaying an image from another domain. However, if you then try to access the bitmap data of that image, you'll get the security exception (unless the crossdomain.xml permits it).
So it can depend on what you're retrieving and what you're doing w/the data you fetch.
If you're still curious, you should further explain what type of data you're retrieving and what you do with it. As usual, it's better to explain that with code than with words ;)

webRequest API not capturing all page requests from application

I am trying to download JSON data from a web application. The URL/API is static and I can use it to call the webpage that returns the data. There is a session variable parameter that needs to be added to the URL/API call to connect to the server and download the JSON data which is created when you launch the application, but times out if the application is not actively used. My current process is to open the developer tools, launch the web application and when the specific JSON request is made I copy the parameter value then add it to a script that mimics the page request and downloads the JSON data.
I am trying to avoid manually copying and pasting this session variable parameter. I want to be able to automatically capture the web request, parse out the value that I need, set a cookie on my machine and then pick up the cookie by a php script to initiate the JSON data download with the valid session value.
I have looked into creating an extension in chrome using the chrome.webRequest.onResponseStarted with the following code:
chrome.webRequest.onCompleted.addListener(function(details) {
console.log(details);
chrome.cookies.set(
{ url: "http://localhost/MySite/", name: "MyCookie", value: "Tested" }
);
}, {urls:["<all_urls>"]} );
This code works for the main web requests but it doesn’t pick up all the JSON data requests that are made by the application. The application is swf format which is most likely the problem, but I can see the requests in the Network Panel tab of the Developer Tools and they are captured using chrome://net-internals which that leads me to believe that I should be able to capture them somehow.
I have looked into chrome.devtools.network but I cannot seem to figure out how that is supposed to work. Any advice or direction would be greatly appreciated.

Customizing json rendering for sling's userManager

I am trying to build my application's admin UI using sling's userManager REST interface, but I would like to customize the json rendering. For example, I would like the response of "Get group" to include the members only if the requestor is a member.
I started by adding libs/sling/group/json.esp but I don't understand how I can get hold of the default response and customize it. Even if I had to query and form the json from scratch, where can I find information about APIs available to get this data from JCR/Sling?
I found that I could use ResourceTraversor to dump the resource object in json form but using new Packages.org.apache.sling.servlets.get.impl.helpers.ResourceTraversor(-1, 10000, resource, true) in the esp throws up an error
There are a few things to note here.
First, you should avoid putting your code under the libs directory. Your app code should live under the apps directory. When attempting to resolve a servlet for a URI, Sling will check apps before it checks libs so if you need to completely override functionality delivered with Sling, you would place your code in apps.
Second, what is (probably, depending on how you have things setup) happening when you request http://localhost:8080/system/userManager/group/administrators.tidy.1.json is the request is being handled by Sling's default GET servlet, because it finds no other script or servlet which is applicable. For research purposes it might be worth looking at the code for the default get servlet, org.apache.sling.servlets.get.impl.DefaultGetServlet, to see what it's using to render JSON. If you need to handle the rendering of a user group in a manner different than what the default GET servlet is doing, then you would need to create a servlet which is listening for requests for resources of type sling/group. It would probably be ideal to create a servlet for this purpose and register it with OSGI. http://sling.apache.org/site/servlets.html provides the various properties you would need to set to ensure the servlet resolver finds your servlet. Your servlet then would handle the request and as such would have direct and easy access to the requested resource.
Third, the particular need you specified is that you do not want the group members to render unless the requesting user is a member of the group requested. This is more of an access control issue than a rendering issue. Sling and Jackrabbit, out of the box, make as few assumptions as possible concerning how you might want your application to be setup. That being the case, you need to establish the access controls that are applicable for your particular use case. The wiki post on Access Control in the Jackrabbit wiki ( http://wiki.apache.org/jackrabbit/AccessControl ) goes into this to an extent.
Using directions from Paul Michelotti's answer, I researched further and found a suitable solution to my problem.
Sling accepts request filters (javax.servlet.Filter) through SCR annotations like the one below
#SlingFilter(scope = SlingFilterScope.REQUEST, order = Integer.MIN_VALUE)
Every request is passed down to the filter before it is processed by the servlet. Using the resourceType, I was able to distinguish requests to group.1.json and group/mygroup.1.json. Since the filter also has access to the current user, I was able to decide to deny the request if it did not abide by my security model and return a 404 status code.
Please refer to this page for details on filters. You can also check out the sample project urlfilter for directions on usage.

Deployed Applet Suddenly Not Working

I put together an applet that uploads images via as3httpclientlib to a servlet. The applet works fine in debug mode (through flash builder) and until today it worked when deployed.
From the servlet logs, it appears the servlet never receives the image(s) byte stream, therefore my hunch is the applet is not posting the multipart data.
Can anyone suggest what I should do next to find the cause of the problem?
I suppose you ran into problem described here:
In Flash Player 10 and later, if you
use a multipart Content-Type (for
example "multipart/form-data") that
contains an upload (indicated by a
"filename" parameter in a
"content-disposition" header within
the POST body), the POST operation is
subject to the security rules applied
to uploads:
The POST operation must be performed
in response to a user-initiated
action, such as a mouse click or key
press.
If the POST operation is
cross-domain (the POST target is not
on the same server as the SWF file
that is sending the POST request), the
target server must provide a URL
policy file that permits cross-domain
access.
So I think you should run your application using debugger and check Flex client logs for exceptions described above.