Skip to end of metadata
Go to start of metadata

Contents

This page and its children relate to Repose filters and services. You can select and customize Repose filters and services to suit your application.

Standard filter order

The filters in Repose are compiled byte-codes that have configuration files that provide functionality between the client and the origin service. These filters often interact with each other, so the order in which you list them in the system model is important. You can use a filter to gather information from third-party servers that will then pass information to other filters. For example, you can use the Client Authentication filter to determine a user's role before it is used by the API Validation filter.

Although not all filters have strict dependencies, using the standard default order prevents you from injecting unnecessary bugs into your deployment.  Some deployments might require a different order from the standard order. Additionally, not all filters are required for each deployment. You define which filters and services are deployed within your system model.

Note: This table does not contain the full list of filters.

FilterNotes
SLF4J HTTP LoggingPlace the Simple Logging Facade for Java (SLF4J) HTTP Logging filter at the top of the filter chain.
CORS FilterPlace the CORS filter near the top to handle Preflight Requests.
Forwarded ProtocolPlace the Forwarded Protocol filter near the top of your filter chain.
Add HeaderPlace this filter before any filters that need to receive the added static header in the request.
URL Extractor to HeaderPlace this filter before any filters that need to receive the added dynamic header in the request.

Header Normalization

Place the Normalization filters near the top. These filters clean the request to prevent unexpected request headers and content. 


URI Normalization
Header Translation
Place the Header Translation filter before filters that need headers translated.
Keystone v2 Basic AuthenticationPlace the Keystone v2 Basic Authentication filter before the authentication and authorization filters so that they can process the X-Auth-Token header.
Keystone v2Place the Keystone v2 filter before the other identity filters. This filter sets the X-Roles, X-PP-User, and X-PP-Groups headers.
OpenStack Identity v3Place the OpenStack Identity filter before the other identity filters. This filter sets the X-Roles, X-PP-User, and X-PP-Groups headers.
Client AuthenticationPlace the Client Authentication filter before the identity filters. This filter sets the X-Roles, X-PP-User, and X-PP-Groups headers.
Header UserPlace the user filters next. These filters provide alternative methods of setting the X-PP-User and X-PP-Groups headers.

IP User
URI User
Client AuthorizationPlace the Client Authorization filter next to validate whether the user has access to the requested endpoint. 
Rackspace Auth UserPlace the Rackspace Auth User filter before the Rate Limiting filter. This filter removes the username from the body and sets it in the X-PP-User header for rate limiting.
Highly Efficient Record Processor (HERP) Place the HERP filter after the authentication and authorization filters.
Delegation Response Processor (DeRP)Place the DeRP filter after the HERP filter.
Rate LimitingPlace the Rate Limiting filter next. This filter uses the URI, X-PP-User, and X-PP-Groups to establish rate limits. 
VersioningPlace the Versioning filter before the Validation filter to finalize the URI.
CompressionPlace the Compression filter before anything that looks at the request body. 
API (WADL/XSD) ValidationPlace the API (WADL/XSD) Validation filter after the Compression filter. API (WADL/XSD) Validation filter uses X-Roles to validate requests.
Simple RBACPlace the Simple RBAC filter after the Compression filter.
TranslationPlace these filters last in the filter chain. They do not need to precede any other filters.
Destination Router
URI Stripper
Content Type Stripper
Merge Header

You may use two instances of this filter.

  • Place it at the top of the filter chain if you plan use the filter for responses.
  • Place it at the bottom of the filter chain if you plan to use the the filter for requests.

Filter names, XSDs, examples, and descriptions

The following tables include the filter and service names that are used in the system model, the path to the XML schemas, and example configuration files. The filters and services are divided into categories that define their most basic function. Click the links for more detailed information about each component. 

Request-response modification filters


Filter name
<filter-name>
XML schema definition
Example configuration
Description
Recorded demo
Add Headeradd-headeradd-header.xsdadd-header.cfg.xmlAdds arbitrary static headers to a request or a response. -
Body Extractor to Headerbody-extractor-to-headerbody-extractor-to-header.xsdbody-extractor-to-header.cfg.xmlThe Body Extractor to Header filter can extract a value from the request body and put it in a header in the request.-
Body Patcherbody-patcherbody-patcher.xsdbody-patcher.cfg.xmlThe Body Patcher Filter allows changes to the request/response body based on a path regex and content type. Currently only JSON is supported, but XML support is planned for the future. Changes take the form of JSON Patches as defined in RFC-6902.-
Content Type Strippercontent-type-stripper--Strips out the content-type header when no content body is present or when the first eight bytes of the content body are white space. -
Forwarded Protocolforwarded-proto--Adds the X-Forwarded-Proto header to a request if not already present.-

Header Normalization

header-normalizationheader-normalization-configuration.xsdheader-normalization.cfg.xmlCleans the request to prevent unexpected request headers.-
Header Translation header-translationheader-translation.xsdheader-translation.cfg.xmlTranslates a request header to one or many other headers. There is an option to remove the original header or leave it in place.-
Merge Headermerge-headermerge-header.xsdmerge-header.cfg.xmlCombines multiple headers by the same name into a single, comma-separated value. You can use the filter with the request and the response. -
Translation translationtranslation-configuration.xsdtranslation.cfg.xmlTranslates requests and responses so that services receive the request in the expected format and the responses are returned to the client in the expected format.-
URL Extractor to Headerurl-extractor-to-headerurl-extractor-to-header.xsdurl-extractor-to-header.cfg.xmlThe filter can extract a portion of the request URL and put it in a header in the request.-
URI Normalization uri-normalizationuri-normalization-configuration.xsduri-normalization.cfg.xmlAllows normalization of a request's query parameters and media type.-
URI Stripper uri-stripperuri-stripper.xsduri-stripper.cfg.xmlStrips out a specific section of the request URI and edits the Location if there is one present in the response.URI Stripper

Rate limiting filter

Filter name<filter-name>XML schema definitionExample configurationDescription
Rate Limitingrate-limitingrate-limiting-configuration.xsdrate-limiting.cfg.xmlThis filter can be configured to manage the flow of traffic into your service, so that it does not exceed the service's actual capacity. 

Authentication filters

Filter
<filter-name>
XML schema definition
Example configuration
Description
Header Identityheader-identityheader-identity-configuration.xsdheader-identity.cfg.xml

Enables Repose to introspect a configured header and set the X-PP-User and X-PP-Groups headers accordingly. Alternative methods of setting X-PP-User & X-PP-Groups.

Warning: Re-named to Header User in Repose version 8.0.0.0.


Header Userheader-userheader-user-configuration.xsdheader-user.cfg.xmlEnables Repose to introspect a configured header and set the X-PP-User and X-PP-Groups headers accordingly. Alternative methods of setting X-PP-User & X-PP-Groups.
Header Identity Mappingheader-id-mappingheader-id-mapping-configuration.xsd   header-id-mapping.cfg.xml

Enables Repose to introspect a configured header and set the X-PP-User and X-PP-Groups headers as needed.

Warning: Filter was removed in Repose version 8.0.0.0. Use the Header Translation filter instead.


Header Translation filterheader-translationheader-translation.xsdheader-translation.cfg.xmlEnables Repose to create new request headers based on the values in other headers and to delete/modify existing headers.
IP Userip-userip-user.xsdip-user.cfg.xmlEnables Repose to introspect a request's source IP and set the X-PP-User and X-PP-Groups headers as needed.
Keystone v2keystone-v2keystone-v2.xsdkeystone-v2.cfg.xmlEnables Repose to authenticate an HTTP request before the request is passed to the origin server using an OpenStack Identity v2 service.
Keystone v2 Basic Authkeystone-v2-basic-authkeystone-v2-basic-auth.xsdkeystone-v2-basic-auth.cfg.xmlAllows a user to obtain a user token based on the user name and API key presented in the standard HTTP Basic authentication scheme.
OpenStack Identity v3openstack-identity-v3openstack-identity-v3.xsdopenstack-identity-v3.cfg.xmlEnables to use an identity endpoint to authenticate an HTTP request before the request is passed to the origin server. The Keystone v3 filter supports the OpenStack Identity Service authentication scheme.
Rackspace Auth User rackspace-auth-userrackspace-auth-user-configuration.xsdrackspace-auth-user.cfg.xmlEnables Rackspace's identity service to extract usernames from authentication payloads for rate-limiting purposes. 
Rackspace Identity Basic Authenticationrackspace-identity-basic-authrackspace-identity-basic-auth.xsdrackspace-identity-basic-auth.cfg.xml

Allows a user to obtain a user token based on the user name and API key presented in the standard HTTP Basic authentication scheme.

Warning: Re-named to Keystone v2 Basic Auth in Repose version 8.0.0.0.

URI Identityuri-identityuri-identity-configuration.xsduri-identity.cfg.xml

Enables Repose to inspect a request URI and set the X-PP-User and X-PP-Groups headers as needed.

Warning: Re-named to URI User in Repose version 8.0.0.0.

URI Useruri-useruri-user-configuration.xsduri-user.cfg.xmlEnables Repose to inspect a request URI and set the X-PP-User and X-PP-Groups headers as needed.
Valkyrie Authorizationvalkyrie-authorizationvalkyrie-authorization.xsdvalkyrie-authorization.cfg.xmlEnables Repose to use Rackspace's Valkyrie service to authorize a user for a specific device

Other filters

Filter name
<filter-name>
XML schema definition
Example configuration
Description
Recorded Demo
API (WADL/XSD) Validation api-validatorvalidator-configuration.xsdvalidator.cfg.xmlValidates all requests based on an XSD and WADL.
-
Compression compressioncontent-compression-configuration.xsdcompression.cfg.xmlWith this filter, Repose supports decompressing request data and compressing response data. This filter is available in Repose versions 2.7 and later.Compression
CORS Filtercors

cors-configuration.xsd

cors.cfg.xml

Adds support for CORS.-
Delegation Response Processor (DeRP)
derp--Rejects requests containing the X-Delegated header. -
Destination Router destination-routerdestination-router-configuration.xsddestination-router.cfg.xml  

Adds a routing destination at a configured quality. After the request has been processed by all filters, Repose chooses the destination that has the highest quality. Available in Repose versions 2.0 and later.

-
Flush Output Streamflush-output--Forces Repose to flush any data buffered in the filter chain to the output stream.  

Highly Efficient Record Processor (HERP)

herphighly-efficient-record-processor.xsdhighly-efficient-record-processor.cfg.xmlLogs an event for each API request. These logs provide information regarding the processing of each request.-

IRI Validation

iri-validation--Verifies that the request URI has been properly converted from an IRI.-
Simple RBACsimple-rbacsimple-rbac.xsdsimple-rbac.cfg.xmlProvides role authorization for services without the need to create a WADL. -
SLF4J HTTP Loggingslf4j-http-loggingslf4j-http-logging-configuration.xsdslf4j-http-logging.cfg.xmlAllows logging of information in HTTP requests that are sent to Repose and responses from Repose.-
Versioningversioningversioning-configuration.xsdversioning.cfg.xmlEnables REST services to version updates without causing end-client breakage. -
Scripting Filterscriptingscripting.xsdscripting.cfg.xmlEnables users to write custom filters for Repose using a variety of scripting languages. Custom filters can be used to perform arbitrary processing with access to the certain bindings, including the request and response.-

Services

Item<service-name>XML schema definitionExample configurationDescription
Analysismetricsmetrics.xsdmetrics.cfg.xmlThis service is available in Repose versions 2.8.1 and later.
Atom Feed Consumption Serviceatom-feed-serviceatom-feed-service.xsdatom-feed-service.cfg.xmlEnables simple reading of Atom feeds. By centralizing this function in a service, Repose developers may share resources (and reduce overhead) when multiple Repose components need to read the same feed.
Datastoresdist-datastoredist-datastore-configuration.xsddist-datastore.cfg.xmlRepose uses one of the datastore implementations to store various types of data. Current implementations are the Distributed Datastore Service and the Local Datastore.
Health Check service---Allows Repose to return 503 error messages on bad configurations or requests when using other Repose service components.
HTTP Connection Poolhttp-connection-pools--Allows Repose to manage and reuse HTTP connections.
Response Messaging Service response-messagingresponse-messaging.xsdresponse-messaging.cfg.xmlThe Response Messaging Service (RMS) allows Repose to intercept the response and return a pre-configured message body.

Deprecated filters

Filter name
 <filter-name>XML schema definitionExample configurationDescription
Client Authenticationclient-authclient-auth-n-configuration.xsdclient-auth-n.cfg.xml

As of Repose v8.0.0.0, this filter is no longer available.

Acting as a reverse proxy, this filter can be configured to use an identity endpoint to authenticate an HTTP request before the request is passed to the origin server. The Client Authentication filter supports the OpenStack Identity Service authentication scheme.

Client Authorizationclient-authorizationopenstack-authorization-configuration.xsdopenstack-authorization.cfg.xml

As of Repose v8.0.0.0, this filter is no longer available.

This filter can be configured to validate that a client request is allowed. If the request is allowed, it proceeds through the filter chain, on to the origin service. If the request is not allowed, the request will be denied with an HTTP 500 - Internal Server Error response.

Content Normalizationcontent-normalizationnormalization-configuration.xsdcontent-normalization.cfg.xmlAllows normalization of the headers and media-type of the request.
Default Router default-router-default-router-context.xmlScans the destinations of a service domain and add the first destination that has default="true" specified.  This feature was deprecated in Repose version v2.4 and removed in v6.2.2.0
Distributed Datastoredist-datastoredist-datastore-configuration.xsddist-datastore.cfg.xmlAs of Repose v3.0, this filter is no longer available. Use the Datastore Service instead; see Distributed Datastore as a Service. If you have not upgraded to v3.0 and are still using the Distributed Datastore filter, place it at the top of the filter chain. This filter intercepts datastore-specific http requests, which the other filters do not need to process.
HTTP Logginghttp-logginghttp-logging-configuration.xsdhttp-logging-cfg.xmlThe HTTP Logging Component allows logging of information in HTTP requests that are sent to Repose and responses from Repose.
Root Context Router---The root context router applies only to Repose instances running in the JEE 6 Application Container;see ROOT.war Deployment. This filter has been deprecated in Repose version 2.0. In prior versions of Repose, the root context router allows a user to use the ROOT.war deployment to filter requests that will be forwarded to deployed applications on the same application server.
IP Identityip-identityip-identity-configuration.xsdip-identity.cfg.xmlEnables Repose to introspect a request's source IP and set the X-PP-User and X-PP-Groups headers as needed.
Rackspace Auth 1.1 Contentcontent-identity-auth content-identity-auth-1-1.cfg.xml 
Rackspace Cloud Auth 1.1    
Replicated Datastorereplicated-datastore root-context-router.cfg.xmlAs of Repose v2.13.1, this filter is no longer available.



  • No labels

1 Comment

  1. I think the Header Translation filter needs to come after the Client Authorization one, esp. if it is setting the x-tenant-id header value. An example is Barbican which looks for the X-Project-Id to be set instead of x-tenant-id, and tenanted is set to false in the auth filter. Hence the auth filter will set this x-tenant-id via token validation, so the translation filter must come after this occurs.