AFAIK, Pamod did a scenario where he passed the information about the user to the backend service.
--Srinath On Fri, Dec 6, 2013 at 11:11 PM, Dulitha Wijewantha <[email protected]>wrote: > +1 for the Jaggery interceptor. I started work related to intercepting > jaggery APIs [1]. We will have to decide whether we are giving APIM > facility to a JS function or a REST API exposed via goose.js [2]. > > [1] - https://github.com/dulichan/ironman.js > [2] - https://github.com/dulichan/goose.js > > > On Fri, Dec 6, 2013 at 2:46 PM, Sumedha Rubasinghe <[email protected]>wrote: > >> Dulitha, >> First of all, there needs to be a Jaggery interceptor for OAuth2 token >> validations. Fronting Jaggery APIs with a AM layer is bulky. >> >> Answers to two problems are in-line. >> >> On Fri, Dec 6, 2013 at 12:09 PM, Dulitha Wijewantha <[email protected]>wrote: >> >>> Hi All, >>> Below is an architecture diagram I came up to integrate APIM to MDM. >>> There are some issues with it with needs some advice. I have mentioned them >>> below - >>> >>> [image: Inline image 1] >>> If the API access is through the browser the API should be protected via >>> a session. If the API is accessed via APIM no protection is necessary since >>> it's already protected by APIM. But the hiccup in APIM scenario is -the API >>> doesn't know who called it (since it's doesn't have a session username). >>> How do we deal with the above scenario? >>> >>> Other problems are- >>> >>> - When the browser communicates via HTTP the rendering happens in >>> the backend. APIM has no integration here. >>> >>> Browser will go to a URL to get the HTML rendered.. right? If so, that >> URL can be managed. >> > > How do we manage it? Are we managing the URL or are we managing the Module > functions? > >> >>> - When the browser calls via AJAX the MDM APIs will access directly >>> without APIM. This also requires a session >>> >>> >> AJAX calls can also call a managed URL pattern. Isn't it? >> > > Yeah but we can't have OAuth in the browser right? So it has to be > validated for sessions. How does it work with APIM integration? > >> >> >>> >>> Cheers >>> >>> On Fri, Dec 6, 2013 at 9:33 AM, Nuwan Dias <[email protected]> wrote: >>> >>>> For you to protect those APIs through the API Manager, you first have >>>> to publish them through the Publisher and Subscribe to them via the Store. >>>> You can use the APIs available on the Publisher [1] and Store [2] to >>>> create, update and subscribe to APIs programmatically. >>>> >>>> [1] - http://docs.wso2.org/display/AM150/Publisher+APIs >>>> [2] - http://docs.wso2.org/display/AM150/Store+APIs >>>> >>>> Thanks, >>>> NuwanD. >>>> >>>> >>>> On Thu, Dec 5, 2013 at 10:11 AM, Dulitha Wijewantha >>>> <[email protected]>wrote: >>>> >>>>> Hi guys, >>>>> I have a jaggery API set. I want to protect them with OAuth. From what >>>>> I can see in APIM samples - I have to add them manually via the store and >>>>> go through the whole lifecycle. Is there away for me to programmatically >>>>> protect APIs exposed (with jaggery) using APIM? >>>>> >>>>> Cheers~ >>>>> -- >>>>> Chan (Dulitha Wijewantha) >>>>> Software Engineer - Mobile Development >>>>> WSO2Mobile >>>>> Lean.Enterprise.Mobileware >>>>> * ~Email [email protected] <[email protected]>* >>>>> * ~Mobile +94712112165 <%2B94712112165>* >>>>> >>>>> * ~Website dulithawijewantha.com <http://dulithawijewantha.com/> * >>>>> >>>>> * ~Blog blog.dulithawijewantha.com >>>>> <http://dulichan.github.io/chan/>* >>>>> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >>>>> >>>> >>>> >>>> >>>> -- >>>> Nuwan Dias >>>> >>>> Senior Software Engineer - WSO2, Inc. http://wso2.com >>>> email : [email protected] >>>> Phone : +94 777 775 729 >>>> >>> >>> >>> >>> -- >>> Chan (Dulitha Wijewantha) >>> Software Engineer - Mobile Development >>> WSO2Mobile >>> Lean.Enterprise.Mobileware >>> * ~Email [email protected] <[email protected]>* >>> * ~Mobile +94712112165 <%2B94712112165>* >>> >>> * ~Website dulithawijewantha.com <http://dulithawijewantha.com/> * >>> >>> * ~Blog blog.dulithawijewantha.com >>> <http://dulichan.github.io/chan/>* >>> * ~Twitter @dulitharw <https://twitter.com/dulitharw>* >>> >> >> >> >> -- >> /sumedha >> b : bit.ly/sumedha >> > > > > -- > Chan (Dulitha Wijewantha) > Software Engineer - Mobile Development > WSO2Mobile > Lean.Enterprise.Mobileware > * ~Email [email protected] <[email protected]>* > * ~Mobile +94712112165 <%2B94712112165>* > > * ~Website dulithawijewantha.com <http://dulithawijewantha.com/> * > > * ~Blog blog.dulithawijewantha.com > <http://dulichan.github.io/chan/>* > * ~Twitter @dulitharw <https://twitter.com/dulitharw>* > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- ============================ Srinath Perera, Ph.D. http://people.apache.org/~hemapani/ http://srinathsview.blogspot.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
