search

wso2 / api-manager

All issues, tasks, improvements and new features of WSO2 API Manager
Apache License 2.0
34 stars 8 forks source link

Path forwarding issue with WSO2 API Manager #3117

Open saber13812002 opened 2 months ago

saber13812002 commented 2 months ago

Description

In WSO2 API Manager, by default, any path after the defined proxy path (i.e., the main API path) is passed to the destination endpoint (backend) as is. Therefore, if you have defined the following path for the proxy:

I have encountered an issue with WSO2 API Manager where paths after the base proxy path are not being forwarded to the backend as expected.

please read Relevant Log Output part for main problem

Steps to Reproduce

Setup: Proxy base path: http://localhost:8280/z-auth/2.0.0 Backend endpoint: http://192.168.0.63:5013 When I send the following requests:

http://localhost:8280/z-auth/2.0.0/AUTH/graphql http://localhost:8280/z-auth/2.0.0/auth/graphql I expect them to be forwarded to:

http://192.168.0.63:5013/AUTH/graphql http://192.168.0.63:5013/auth/graphql Issue: Instead, the requests are either not reaching the backend or there is unexpected behavior in the way the paths are being forwarded. Specifically:

There seems to be an issue with case sensitivity, where /AUTH and /auth are treated differently. I suspect that there might be URL rewrite rules or path mappings in WSO2 API Manager that are affecting the correct forwarding of the requests. Expected behavior: Any path after the base proxy path should be forwarded to the backend endpoint without modification, including case sensitivity.

Steps to reproduce: Define an API with the base path http://localhost:8280/z-auth/2.0.0 in WSO2 API Manager. Send requests to http://localhost:8280/z-auth/2.0.0/AUTH/graphql and http://localhost:8280/z-auth/2.0.0/auth/graphql. Observe if the paths are forwarded to the backend as expected. Environment: WSO2 API Manager version: [Your version] Backend service: [Details of your backend service] Please investigate this issue and provide guidance on how to resolve it.

Affected Component

Analytics

Version

wso2/wso2am 4.3.0

Environment Details (with versions)

docker image wso2/wso2am 4.3.0 1.16GB

Relevant Log Output

If I call the following:

curl "http://192.168.0.65:2010/AUTH/graphql" ^
  -H "Cache-Control: no-cache" ^
  -H "Connection: keep-alive" ^
  ...

The response is:

```json
{
  "data": {
    "message": "OK",
    "statusCode": 200
  }
}

However, when I call:

curl "http://192.168.0.65:2010/auth/graphql" ^
  -H "Cache-Control: no-cache" ^
  -H "Connection: keep-alive" ^
  ...

The response is:

{
  "code": "900901",
  "message": "Invalid Credentials",
  "description": "Invalid JWT token. Make sure you have provided the correct security credentials"
}

Sometimes, if I call the first endpoint, I get the error. Other times, if I call the second one after several hours, the error is triggered for that one while the first returns a valid response.

This description explains the inconsistency in responses based on the two similar endpoints and the timing of the requests. You might want to investigate the underlying authentication mechanism or token caching issues that could be causing this behavior.



### Related Issues

_No response_

### Suggested Labels

case sensitive
saber13812002 commented 2 months ago

Sometimes, if I call the first endpoint, I get the error. Other times, if I call the second one after several hours, the error is triggered for that one while the first returns a valid response.