With Forum Sentry you do not have to strictly do end-to-end SFTP. You are able to start out with other protocols and Sentry will take care of the rest. An example of this would be SOAP with Attachments (SwA) that sees the attachments end up on an SFTP server. With this in mind the clients will no longer have to be forced to use SFTP so long as the means to deliver SOAP message with an attachment to Forum Sentry. Forum Sentry will extract just the attachment, process it, including AV scanning, deliver it to an SFTP server and send a 200 OK message back to the client.
Use case details:
1. Client sends HTTP SwA request (MIME attachment) into Sentry
2. Sentry extracts just the attachment, and stores it on an SFTP server
3. Sentry returns a generic 200 OK message back to the client
Steps to realize the use case:
1. Create HTTP Listener and SFTP Remote Policies
2. Add a Task List with:
a. ebMS sender {required fields take anything such as "Test"}
b. ebMS receiver
3. Create a Task List Group to add the Task List to
4. Create an XML Policy and associate 1 and 2 above
5. Set Filter to Multipart--->SOAP with Attachments
6. Use a tool to send a request with an Attachment
Example of a request to send attachments to the SFTP server via HTTP:
POST / HTTP/1.1:
Content-Length: 671585
User-Agent: Crosscheck Networks
Content-Type: Multipart/Related; boundary="----=_MIME_boundary"; type="text/xml"; start="<SwAStart@crosschecknet.com>"
Authorization: Basic bWFsYWs6b21hcjFwYXBhMg==
Host: 127.0.0.1
------=_MIME_boundary
Content-Type: application/soap+xml; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-ID: <SwAStart@crosschecknet.com>
Content-Location: soapbody.xml
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope />
------=_MIME_boundary
Content-Type: application/pdf
Content-Transfer-Encoding: 8bit
Content-ID: <filename.pdf@crosschecknet.com>
Content-Location: fielanme.pdf
<mybody type=binary>
<@INCLUDE base8 *C:\training\fielename.pdf*@>
</mybody></xml>
Detailed Setup:
1. Create HTTP Listener and SFTP Remote Policies
a. HTTP Listener:
. Go to Gateway-->Network Policies
. Click New
. Select HTTP then click Next
. Select Listener then click Next
. Click Next to the end, mostly using the defaults.
The only exception is with regards to Authentication. In this case we are using Basic Authentication. Once you have created the listener, click on it to see a similar setup as the image below:
b. SFTP Remote:
. Go to Gateway-->Network Policies
. Click New
. Select SFTP then click Next
. Select Remote then click Next
. Fill in the info for your SFTP server similar to the image below:
2 . Add the ebMS Task Lists:
. Go to Gateway-->Task PoliciesàTask Lists
. Click New
. Type a name and click Apply
. Click New, select ebMS then click Next
. Select Sender
. Fill in the required fields with anything such “Test” then click Save
. Click New, select ebMS then click Next
. Select Receiver (no need to fill any field here) then Save
You will now see:
. Click Save
3. Create a Task List Group:
. Go to Gateway-->Task Policies-->Task List Groups
. Click New
. Type in a name for the Group and click Create
. Select the ebMS Task List from the drop down then click ADD then Apply and Save
You Task List Group should look like:
4. Create the XML Policy and Associate the Listener, Remote Policies and Task List to:
. Go to GatewayàContent Policies
. Click XML Policies then New
. Name the policy then click Next
. Select the Listener and Remote policies create above the click Finish
Next click on the Virtual Directory and towards the bottom select the Task List Group from above then click Save
5. Enable the Multipart (SOAP with Attachments) Filter:
Go back into the Virtual Directory and at the bottom Select Multipart and Enable
Then Save.
This concludes the set up necessary within Sentry in order to be able to send SOAP messages with attachment and have these attachments end up on an SFTP server.
The following is a demonstration of this process using SOAPSonar.
Using SOAPSonar create a new XML test case then setup the following:
1. Authentication:
For this step I have an LDAP policy setup within Sentry to be able to do Basic Authentication. If you have LDAP then you can add your own policy or use ours.
Click on the Authentication button, select Basic Authentication and add a username and a password then click on the green button to save
2. Attachment:
Click on Attachments button and check MIME then click on ADD Attachment and browse to add your attachment.
3. URL:
The final step is specifying the address to the listener you have setup along with the filename to be posted on the SFTP server. Also make sure that Enable File Streaming is checked then save:
Below please find the system log entries for the transaction above showing the processing of the attachment.
The logs on the SFTP server show the file:
<event seq="604" time="2014-08-06 21:12:25.773898 -0400" app="BvSshServer 6.04" name="I_SFS_TRANSFER_FILE" desc="Virtual filesystem: transfer file.">
<session id="1006" remoteAddress="192.168.1.109:54519" windowsAccount="Malak-PC\sftpuser"/>
<channel type="session" id="1"/>
<sfs moduleName="FlowSfsWin" mountPath="/" code="90000" desc="Transferring file completed.">
<parameters path="C:\Users\sftpuser\FS_Sentry_Pre-Installation_Checklist.pdf" timeMs="5" bytesRead="0" bytesWritten="69690" readRangeOffset="0" readRangeLength="0" writeRangeOffset="0" writeRangeLength="69690"/>
And a listing on the SFTP server shows:
$ ls -l *.pdf
-rwx------+ 1 Administrators None 69690 Aug 7 01:12 FS_Sentry_Pre-Installation_Checklist.pdf
Sentry’s system log shows the entire transaction below:
21:12:24.979 Document entered Communications Layer
21:12:24.980 Received an HTTP request:
Protocol: HTTP/1.1
Scheme: http
Method: POST
Client: 127.0.0.1
Request URL: http://127.0.0.1/FS_Sentry_Pre-Installation_Checklist.pdf
Listener Policy: SwA_to_HTTP_Listener
Virtual Directory: New Virtual Directory
Virtual path: /*
Auth Type:
Cookies:
Header Info:
User-Agent: Crosscheck Networks SOAPSonar
Content-Type: Multipart/Related; boundary="----=_MIME_boundary"; type="text/xml"; start="<SwAStart@crosschecknet.com>"
SOAPAction: "http://crosschecknet.com/Echo"
Authorization: ********
Host: 127.0.0.1
Transfer-Encoding: chunked
Connection: keep-alive
21:12:24.981 Processing request for 'XML Policy: 'HTTP_to_SFTP_XML_Policy''
21:12:24.981 Authenticating basic auth credentials with acl ''
21:12:24.982 Authenticating using 'Local users login module'
21:12:24.982 User 'euclid' not found.
21:12:24.982 Authenticating using 'LDAP login module'
21:12:24.982 Found user 'euclid' in cache for LDAP policy 'test_ldap'.
21:12:24.983 Succeeded to authenticate user 'euclid' using LDAP policy 'test_ldap'
21:12:24.983 Basic auth succeeded - User 'euclid' has correct credentials
21:12:24.983 ACL check skipped - no ACL associated with network policy 'SwA_to_HTTP_Listener'
21:12:24.983 ACL check skipped - no ACL associated with virtual directory '/*'
21:12:24.984 Message type filter match succeeded - matched filter 'Multipart' of type Multipart
21:12:24.995 MIME request contains 2 parts
21:12:24.995 Parsed attachment
Content-ID: <SwAStart@crosschecknet.com>
Content-Type: text/xml; charset=UTF-8
Content-Transfer-Encoding: 8bit
Content-Location: soapbody.xml
Start Boundary: 23
End Boundary: 482
Length: 459 bytes
Start: Yes
Other Headers:
21:12:24.995 Parsed attachment
Content-ID: <FS_Sentry_Pre-Installation_Checklist.pdf@crosschecknet.com>
Content-Type: application/pdf
Content-Transfer-Encoding: 8bit
Content-Location: FS_Sentry_Pre-Installation_Checklist.pdf
Start Boundary: 507
End Boundary: 70,397
Length: 69,890 bytes
Start: No
Other Headers:
21:12:24.996 Request document:
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<tns:Echo xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:s="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://crosschecknet.com/"/>
</soap:Body>
</soap:Envelope>
21:12:24.996 No TaskListGroup configured, document will not be processed
21:12:24.996 Incoming document identified to TaskList 'ebMS Task List' using TaskListGroup 'ebMS Task List Group'
21:12:24.996 Document entered Process Manager for task list 'ebMS Task List'
21:12:24.996 Document entered 'ebMS' task: 'ebMS'
21:12:24.997 Document left 'ebMS' task: 'ebMS'
21:12:24.997 Document entered 'ebMS' task: 'ebMS'
21:12:24.997 Document left 'ebMS' task: 'ebMS'
21:12:24.997 Successfully processed task list 'ebMS Task List'
21:12:24.997 Document left Process Manager
21:12:24.997 Sending remote server a processed request:
Method: POST
Remote Path: /FS_Sentry_Pre-Installation_Checklist.pdf
Header Info:
Content-Type: application/pdf
User-Agent: Forum Systems
Message Body:
<binary: length=69690>
21:12:24.998 Connecting to SFTP server at 192.168.1.109:22
21:12:24.998 Opening SFTP connection to 192.168.1.109:22
21:12:25.016 Authenticating user 'sftpuser' to 192.168.1.109:22 using password method
21:12:25.769 Transferring file 'FS_Sentry_Pre-Installation_Checklist.pdf'
21:12:25.775 Response document:
<binary: length=0>
21:12:25.775 Message type filter encode: document was generated locally; encoding with 'simple' format
21:12:25.775 Adding Via header to response
21:12:25.776 Sending client a raw response:
Status Code: 200
Header Info:
Via: sftp/0.0 127.0.0.1:80
Content-Type: application/pdf
Message Body:
<binary: length=0>
21:12:25.776 Document left Communications Layer
0 Comments