Hi, I don't think throttling a web app is practically doable :).
Think of the complications a bit, you will need to skip all requests for things like css, js, images, etc. Then, how are we going to handle cases like users pressing the 'refresh' button on the browser? Is that going to count as another request? If not, how do we skip that particular request? Even though the publisher (owner of the web app) is responsible for defining the throttling limits, this would mean that the web app logic is closely tied to the app on the App Gateway. Making even a slight change to the web app might require them to change the throttling limits set on the Gateway. Thanks, NuwanD. On Tue, Feb 11, 2014 at 12:50 PM, Suresh Attanayaka <[email protected]> wrote: > HI Venura, > > SAML Response would not be available for every subsequent requests though > the user is successfully authenticated. Best way would be to check the > session ID, and have a map for the authenticated session and the username. > This way, you do not need to know how the user was authenticated, it can be > SAML, OAuth or OpenID. > > And if the app is configured in a such a way that do not require > authentication, then throttling should be done as for anonymous user. If > the app requires authentication and the request doesn't have an > authenticated session, user should be redirected to the IDP. > > Thanks, > -Suresh > > > On Tue, Feb 11, 2014 at 12:33 PM, Venura Kahawala <[email protected]> wrote: > >> Hi, >> >> One way of doing this is based on the authentication mechanism. For >> example, a web application publisher can decide what is the authentication >> mechanism that is going to be used for the web application. Let's take SAML >> as an example [1]. With the subject of the saml response, user can be >> identified and can apply the throttling. If the web application publisher >> decides that the web app need not to be authenticated, then user based >> throttling is not applicable. >> >> Please share your thoughts. >> >> [1] >> https://docs.google.com/a/wso2.com/drawings/d/1yYe6n17sBGhegEyu8aym-C44gsZEkfsZDR3ZUTzj38k/edit?usp=sharing >> >> Regards, >> Venura >> >> >> >> On Mon, Feb 10, 2014 at 10:05 PM, Venura Kahawala <[email protected]>wrote: >> >>> Hi Suresh, >>> >>> I meant the user, not the web browser. >>> >>> Regards, >>> Venura >>> >>> >>> On Mon, Feb 10, 2014 at 9:56 PM, Suresh Attanayaka <[email protected]>wrote: >>> >>>> Hi Venura, >>>> >>>> I'm confused, are we going to throttle based on User or Client or both >>>> ? I assume a client is a web browser. >>>> >>>> Thanks, >>>> -Suresh >>>> >>>> >>>> On Mon, Feb 10, 2014 at 6:58 PM, Venura Kahawala <[email protected]>wrote: >>>> >>>>> Hi, >>>>> >>>>> As you may be already aware 'App manager' is capable of providing a >>>>> gateway for web applications. Web Apps can be registered in the publisher >>>>> and can be published to the store so the users can subscribe and consume >>>>> web applications. >>>>> >>>>> Currently we are in the stage of implementing throttling for the >>>>> gateway. This is a bit different from API Manager since, consumer/ client >>>>> of the web application is not capable of sending a unique identifier to >>>>> the >>>>> gateway (In AM this unique identifier is OAuth token which is given for a >>>>> client application). This is because, client should be able to type the >>>>> gateway URL in the browser and access the web app. >>>>> >>>>> We need to identify the client who is calling the gateway and throttle >>>>> based on the client. >>>>> >>>>> Any ideas on this are most welcome. >>>>> >>>>> Regards, >>>>> Venura >>>>> >>>>> -- >>>>> Senior Software Engineer >>>>> >>>>> Mobile: +94 71 82 300 20 >>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Suresh Attanayake >>>> Senior Software Engineer; WSO2 Inc. http://wso2.com/ >>>> Blog : http://sureshatt.blogspot.com/ >>>> Web : http://www.ssoarcade.com/ >>>> Facebook : https://www.facebook.com/IdentityWorld >>>> Twitter : https://twitter.com/sureshatt >>>> LinkedIn : http://lk.linkedin.com/in/sureshatt >>>> Mobile : +94755012060 >>>> Mobile : +016166171172 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Senior Software Engineer >>> >>> Mobile: +94 71 82 300 20 >>> >>> >> >> >> -- >> Senior Software Engineer >> >> Mobile: +94 71 82 300 20 >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Suresh Attanayake > Senior Software Engineer; WSO2 Inc. http://wso2.com/ > Blog : http://sureshatt.blogspot.com/ > Web : http://www.ssoarcade.com/ > Facebook : https://www.facebook.com/IdentityWorld > Twitter : https://twitter.com/sureshatt > LinkedIn : http://lk.linkedin.com/in/sureshatt > Mobile : +94755012060 > Mobile : +016166171172 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Nuwan Dias Senior Software Engineer - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
