Community Advisor

Solved

Set and Pass Mulesoft client id and client secret in Proxy call

Forum|Forum|2 years ago
August 7, 2023
2 replies
2361 views

Hello members,

We have a requirement, where we need to route FE - Mulesoft calls via AEM Dispatcher. So, we are using Dispatcher rewrites 301 Redirect to pass FE request (which is AEM SPA components only) to Mule system.

Now, we need to set Mule client id and client secret in incoming request and redirect to Mule system from Dispatcher.

Any pointers would be helpful and sample code example will be add on 🙂

Thanks!

cc: @aanchal-sikka @tanika02

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by yuriy_shestakov

Thanks @yuriy_shestakov for pointers.

So, I am trying to do that using rewrite rule to send request to Mule server. I need to set RequestHeader with client_id and client_secret.

How can I do that?

cc: @arunpatidar

I've never done something like that. Only updated once request/response headers for the current request, not for remote.

Does it work with rewrite rules? I thought there must be a path on the same server, not a remote address.

Or do you use some Apache module, like mod_proxy?

To update response headers I used this one:

<IfModule mod_headers.c>
  Header always set CLIENT_ID ${CLIENT_ID}			
</IfModule>

but it will update the headers that you send to the client. For the request it will be `RequestHeader set`, but I don't know if it works if you put it before RewriteRule.

Update: found a sample on Stackoverflow, you can try using <Location> directive.

<Location /api/mule/>
    Header set MULE_CLIENT_ID "clientId"
</Location>
...
RewriteRule ^/api/mule/(.*)$ https://mule.website/$1 [P]

viveksachdeva

Community Advisor

301 redirects are cached by browsers, so these requests wouldn't even go to dispatcher once cached in browser. Any reason you are trying to do 301?

And I assume you want to pass client id and secret in headers?

yuriy_shestakov

Level 3

Hi @iamnjain ,

I would create that not on dispatcher but using a proxy servlet on AEM, which will receive all requests from your fronted, fulfill it with that secure data that you don't want your website visitors to see (clientId, password, etc.), send to Mule or whatever and return the response back to the website. It won't be processed on the dispatcher, but you can configure rewrites or caching for those requests if you wish.

iamnjain

Author

Community Advisor

Hi @yuriy_shestakov

I agree with you. So you are saying to hit AEM Publisher Instance server each time, these request comes in from Front-end using a Servlet which is deployed on AEM Publish Instance. Will it not create unnecessary load on AEM Instance?

yuriy_shestakov

Level 3

It depends on how many requests you will have (it will be not ok if there are thousands of requests per second) + how many of them you can cache (if that is possible) - you can create a rewrite rule for such requests on the dispatcher to avoid cache skipping, like https://website.com/api/read-from-mule/some-param1-value/some-param2-value for frontend, which will be cached on browser and finally will be rewritten to something like https://mule-server/some/rest-api?param1=some-param1-value&param2=some-param2-value for Mule API and will be cached on dispatcher as well in the folder like /mnt/var/www/api/read-from-mule/some-param1-value... However, it needs to test and play with the dispatcher configuration to make it work well.

I didn't work with Mule, so don't know which authorization schemes it can work with, maybe you can create a servlet that will generate a new time-limited token per session or per user, so on frontend, you can hit that servlet once, store the token in browser's storage or cookies and then send requests directly to mule with that token?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded