Sounds good. Thanks Kishanthan. Thanks & Regards, Ishara Cooray Senior Software Engineer Mobile : +9477 262 9512 WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware
On Wed, Jan 4, 2017 at 5:30 PM, Kishanthan Thangarajah <[email protected]> wrote: > We are working on this. We couldn't progress much last week due to other > priorities. The plan is to deliver in two weeks time. > > On Tue, Jan 3, 2017 at 1:40 PM, Ishara Cooray <[email protected]> wrote: > >> Hi, >> >> What could be the status of this? Do we have a time line defined? >> >> Thanks & Regards, >> Ishara Cooray >> Senior Software Engineer >> Mobile : +9477 262 9512 <+94%2077%20262%209512> >> WSO2, Inc. | http://wso2.com/ >> Lean . Enterprise . Middleware >> >> On Fri, Dec 9, 2016 at 2:18 PM, Sagara Gunathunga <[email protected]> >> wrote: >> >>> >>> >>> On Fri, Dec 9, 2016 at 2:15 PM, Sanjeewa Malalgoda <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> Please find inline comments. >>>> >>>> On Fri, Dec 9, 2016 at 12:49 PM, Sagara Gunathunga <[email protected]> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Thu, Dec 8, 2016 at 6:59 PM, Ishara Cooray <[email protected]> >>>>> wrote: >>>>> >>>>>> To overcome the above limitation where we cannot plug custom >>>>>> authentication, i came up with the below approach. >>>>>> >>>>>> Having one interceptor and delegate authentication to an interface. >>>>>> Implementation of the interface is configurable so that we can plug >>>>>> custom >>>>>> authentication as well. >>>>>> >>>>>> [image: Inline image 1] >>>>>> >>>>>> One limitation here is we can have only one auth type active at a >>>>>> time. >>>>>> >>>>>> Hi Sanjeewa, >>>>>> >>>>>> Shall we continue with this approach until we get a proper fix from >>>>>> msf4j? >>>>>> >>>>> >>>>> It's ok to use above approach as a temporary workaround till we get >>>>> proper solution from MSF4J, but please make sure to implement only >>>>> required >>>>> features in a simple manner because you have to discard this and have to >>>>> use proper MSF4J approach before any release. >>>>> >>>>> By looking at issues faced by API-M and IS teams we have few issues to >>>>> solve, >>>>> >>>>> >>>>> 1. Ability to apply/skip Interceptors in global and per-service levels >>>>> 2. Ability to define the order of Interceptors >>>>> 3. Ability to intercept response messages >>>>> >>>> Ability to build security and user context in a way we can access it >>>> from service implementation. >>>> Most of the other platforms allowed to do that and people who work on >>>> service implementation can get real advantage of that. >>>> >>>>> >>>>> The good news is JAX-RS 2.0 spec is already solved these issues and we >>>>> can adopt their concepts easily to MSF4J programming model. Please refer >>>>> solution for each issue below. >>>>> >>>>> >>>>> *1. Ability to intercept response messages * >>>>> >>>>> JAX-RS defines 2 interfaces as ContainerRequestFilter[1] and >>>>> ContainerResponseFilter[2] to intercept request and response messages, IMO >>>>> these 2 interfaces are much clean and standard then current MSF4J >>>>> Interceptor[3] concept where response intercepting is not simple. >>>>> >>>>> >>>>> *2. Ability to apply/skip Interceptors in global and per-service >>>>> levels * >>>>> >>>>> Annotation driven NameBinding[4] concept defined for JAX-RS Filters is >>>>> very flexible and easy to use as well. This NameBinding[4] feature enables >>>>> to apply JAX-RS Filters at global, per-Resource or even per-sub-Resource >>>>> level. >>>>> >>>>> *3. Define the order of Interceptors * >>>>> >>>>> JAX-RS defines several message processing extension points such as >>>>> Pre, PreMatch, Post, it's possible to apply Filters during some of these >>>>> message processing stages, as an example refer PreMatching[5] annotation. >>>>> >>>>> Further, to define fine grained order of Filters JAX-RS reuse Java's >>>>> standard Priority[1] annotation, through this annotation numeric priority >>>>> value can be define per Filters basis. JAX-RS already provide set of >>>>> pre-defined Priories here[6] >>>>> >>>> Ability to engage in different phases is definitely a good feature. But >>>> there can be situations where we need to engage multiple interceptors at >>>> same phase with order of execution. As example i need to engage both >>>> authenticate and authorization interceptors in pre invoke phase but >>>> authenticator first and then authorizer as 2nd interceptor. In that case we >>>> need to mention phase and order within phase in some way. It seems CXF and >>>> other run times already handled this in different ways. >>>> >>> >>> This requirement is well handled by the JAX-RS concept I described >>> above. >>> >>> Thanks ! >>> >>>> >>>> >>>> [1]http://cxf.apache.org/docs/interceptors.html >>>> >>>> Thanks, >>>> sanjeewa. >>>> >>>>> >>>>> >>>>> I have setup a meeting in next Wednesday, if we can cater current >>>>> requirements using above concepts let's go ahead with JAX-RS Filters. >>>>> >>>>> >>>>> [1] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/in >>>>> dex.html?javax/ws/rs/container/ContainerRequestFilter.html >>>>> [2] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/ja >>>>> vax/ws/rs/container/ContainerResponseFilter.html >>>>> [3] - https://github.com/wso2/msf4j/blob/master/core/src/main/ja >>>>> va/org/wso2/msf4j/Interceptor.java >>>>> [4] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/in >>>>> dex.html?javax/ws/rs/NameBinding.html >>>>> [5] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/in >>>>> dex.html?javax/ws/rs/container/PreMatching.html >>>>> [6] - https://jax-rs-spec.java.net/nonav/2.0/apidocs/javax/ws/rs >>>>> /Priorities.html >>>>> >>>>> Thanks ! >>>>> >>>>>> >>>>>> >>>>>> >>>>>> Thanks & Regards, >>>>>> Ishara Cooray >>>>>> Senior Software Engineer >>>>>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>>>>> WSO2, Inc. | http://wso2.com/ >>>>>> Lean . Enterprise . Middleware >>>>>> >>>>>> On Thu, Dec 8, 2016 at 11:23 AM, Ishara Cooray <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Thilina, >>>>>>>> >>>>>>>> And also if there are multiple interceptors and one interceptor >>>>>>>> returns false from its' preCaall then the invocation chain will not >>>>>>>> continue further. >>>>>>>> >>>>>>>> So Is this implies if preCall returns 'true' then the invocation >>>>>>>> chain will continue further? >>>>>>>> >>>>>>> >>>>>>> Yes >>>>>>> >>>>>>> I was thinking to return 'true' if particular auth header >>>>>>> type(Basic, Bearer) is not found in an interceptor, so that it will >>>>>>> check >>>>>>> the other available interceptors. >>>>>>> But i guess this approach may also fail if the request header type >>>>>>> is not provided may be by mistake. >>>>>>> Because all the interceptors will return true and will it be taken >>>>>>> as a valid authorization? >>>>>>> >>>>>>> >>>>>>> Thanks & Regards, >>>>>>> Ishara Cooray >>>>>>> Senior Software Engineer >>>>>>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>>> On Wed, Dec 7, 2016 at 5:25 PM, Afkham Azeez <[email protected]> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Dec 7, 2016 at 5:17 PM, Ishara Cooray <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Thilina, >>>>>>>>> >>>>>>>>> And also if there are multiple interceptors and one interceptor >>>>>>>>> returns false from its' preCaall then the invocation chain will not >>>>>>>>> continue further. >>>>>>>>> >>>>>>>>> So Is this implies if preCall returns 'true' then the invocation >>>>>>>>> chain will continue further? >>>>>>>>> >>>>>>>> >>>>>>>> Yes >>>>>>>> >>>>>>>> >>>>>>>>> If that is the case we can return true in our overridden preCall >>>>>>>>> method so that it goes to next Interceptor. >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks & Regards, >>>>>>>>> Ishara Cooray >>>>>>>>> Senior Software Engineer >>>>>>>>> Mobile : +9477 262 9512 <077%20262%209512> >>>>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>>> On Wed, Dec 7, 2016 at 2:33 PM, Afkham Azeez <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> How about supporting JAXRS filters? >>>>>>>>>> >>>>>>>>>> On Wed, Dec 7, 2016 at 12:52 PM, Thusitha Thilina Dayaratne < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Ishara, >>>>>>>>>>> >>>>>>>>>>> As you have mentioned, with the current architecture we can't >>>>>>>>>>> set the specific interceptor for a particular service but rather to >>>>>>>>>>> all >>>>>>>>>>> services in the registry. And also if there are multiple >>>>>>>>>>> interceptors and >>>>>>>>>>> one interceptor returns false from its' preCaall then the >>>>>>>>>>> invocation chain >>>>>>>>>>> will not continue further. >>>>>>>>>>> >>>>>>>>>>> IMHO we have few options >>>>>>>>>>> >>>>>>>>>>> - We can implement a way to register specific interceptors >>>>>>>>>>> to specific services >>>>>>>>>>> - We can support JAX-RS Filters >>>>>>>>>>> - We can provide a way to skip some interceptors for >>>>>>>>>>> specific services >>>>>>>>>>> >>>>>>>>>>> @Azeez WDYT? >>>>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> Thusitha >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Wed, Dec 7, 2016 at 10:56 AM, Ishara Cooray <[email protected] >>>>>>>>>>> > wrote: >>>>>>>>>>> >>>>>>>>>>>> HI, >>>>>>>>>>>> >>>>>>>>>>>> We are using MSF4J interceptor for securing REST APIs in API >>>>>>>>>>>> Manager. [1] As for now Interceptor registration happens at the >>>>>>>>>>>> class level >>>>>>>>>>>> @Component annotation as below. >>>>>>>>>>>> >>>>>>>>>>>> @Component( >>>>>>>>>>>> name = "org.wso2.carbon.apimgt.rest.a >>>>>>>>>>>> pi.common.interceptors.OAUTH2SecurityInterceptor", >>>>>>>>>>>> service = Interceptor.class, >>>>>>>>>>>> immediate = true >>>>>>>>>>>> ) >>>>>>>>>>>> The limitations here are >>>>>>>>>>>> >>>>>>>>>>>> 1. it is not possible to have more than one interceptor >>>>>>>>>>>> that will dynamically pick when an api call is received(Because >>>>>>>>>>>> the order >>>>>>>>>>>> matters and we are not certain which interceptor will take into >>>>>>>>>>>> effect ). >>>>>>>>>>>> 2. We cannot explicitly configure to use Custom >>>>>>>>>>>> interceptors because of the above[1] reason. >>>>>>>>>>>> >>>>>>>>>>>> Do we have any plans for these limitations? >>>>>>>>>>>> >>>>>>>>>>>> Thanks & Regards, >>>>>>>>>>>> Ishara Cooray >>>>>>>>>>>> Senior Software Engineer >>>>>>>>>>>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>>>>>>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Dev mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Thusitha Dayaratne >>>>>>>>>>> Software Engineer >>>>>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>>>>> >>>>>>>>>>> Mobile +94712756809 <071%20275%206809> >>>>>>>>>>> Blog alokayasoya.blogspot.com >>>>>>>>>>> About http://about.me/thusithathilina >>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Architecture mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> *Afkham Azeez* >>>>>>>>>> Senior Director, Platform Architecture; WSO2, Inc.; >>>>>>>>>> http://wso2.com >>>>>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>>>>> * <http://www.apache.org/>* >>>>>>>>>> *email: **[email protected]* <[email protected]> >>>>>>>>>> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: * >>>>>>>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>>>>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>>>>>>> <http://twitter.com/afkham_azeez> >>>>>>>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>>>>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>>>>>>> >>>>>>>>>> *Lean . Enterprise . Middleware* >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Afkham Azeez* >>>>>>>> Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com >>>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>>> * <http://www.apache.org/>* >>>>>>>> *email: **[email protected]* <[email protected]> >>>>>>>> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: * >>>>>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>>>>> <http://twitter.com/afkham_azeez> >>>>>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>>>>> >>>>>>>> *Lean . Enterprise . Middleware* >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Dev mailing list >>>>>> [email protected] >>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Sagara Gunathunga >>>>> >>>>> Associate Director / Architect; WSO2, Inc.; http://wso2.com >>>>> V.P Apache Web Services; http://ws.apache.org/ >>>>> Linkedin; http://www.linkedin.com/in/ssagara >>>>> Blog ; http://ssagara.blogspot.com >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> *Sanjeewa Malalgoda* >>>> WSO2 Inc. >>>> Mobile : +94713068779 <+94%2071%20306%208779> >>>> >>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>> :http://sanjeewamalalgoda.blogspot.com/ >>>> <http://sanjeewamalalgoda.blogspot.com/> >>>> >>>> >>>> >>> >>> >>> -- >>> Sagara Gunathunga >>> >>> Associate Director / Architect; WSO2, Inc.; http://wso2.com >>> V.P Apache Web Services; http://ws.apache.org/ >>> Linkedin; http://www.linkedin.com/in/ssagara >>> Blog ; http://ssagara.blogspot.com >>> >>> >> > > > -- > *Kishanthan Thangarajah* > Technical Lead, > Platform Technologies Team, > WSO2, Inc. > lean.enterprise.middleware > > Mobile - +94773426635 <+94%2077%20342%206635> > Blog - *http://kishanthan.wordpress.com <http://kishanthan.wordpress.com>* > Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>* >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
