Can we have an update or review meeting on this ? Thanks !
On Thu, Jan 5, 2017 at 9:50 AM, Ishara Cooray <[email protected]> wrote: > Sounds good. > Thanks Kishanthan. > > Thanks & Regards, > Ishara Cooray > Senior Software Engineer > Mobile : +9477 262 9512 <+94%2077%20262%209512> > WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > > On Wed, Jan 4, 2017 at 5:30 PM, Kishanthan Thangarajah < > [email protected]> wrote: > >> We are working on this. We couldn't progress much last week due to other >> priorities. The plan is to deliver in two weeks time. >> >> On Tue, Jan 3, 2017 at 1:40 PM, Ishara Cooray <[email protected]> wrote: >> >>> Hi, >>> >>> What could be the status of this? Do we have a time line defined? >>> >>> Thanks & Regards, >>> Ishara Cooray >>> Senior Software Engineer >>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>> WSO2, Inc. | http://wso2.com/ >>> Lean . Enterprise . Middleware >>> >>> On Fri, Dec 9, 2016 at 2:18 PM, Sagara Gunathunga <[email protected]> >>> wrote: >>> >>>> >>>> >>>> On Fri, Dec 9, 2016 at 2:15 PM, Sanjeewa Malalgoda <[email protected]> >>>> wrote: >>>> >>>>> Hi All, >>>>> Please find inline comments. >>>>> >>>>> On Fri, Dec 9, 2016 at 12:49 PM, Sagara Gunathunga <[email protected]> >>>>> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Thu, Dec 8, 2016 at 6:59 PM, Ishara Cooray <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> To overcome the above limitation where we cannot plug custom >>>>>>> authentication, i came up with the below approach. >>>>>>> >>>>>>> Having one interceptor and delegate authentication to an interface. >>>>>>> Implementation of the interface is configurable so that we can plug >>>>>>> custom >>>>>>> authentication as well. >>>>>>> >>>>>>> [image: Inline image 1] >>>>>>> >>>>>>> One limitation here is we can have only one auth type active at a >>>>>>> time. >>>>>>> >>>>>>> Hi Sanjeewa, >>>>>>> >>>>>>> Shall we continue with this approach until we get a proper fix from >>>>>>> msf4j? >>>>>>> >>>>>> >>>>>> It's ok to use above approach as a temporary workaround till we get >>>>>> proper solution from MSF4J, but please make sure to implement only >>>>>> required >>>>>> features in a simple manner because you have to discard this and have to >>>>>> use proper MSF4J approach before any release. >>>>>> >>>>>> By looking at issues faced by API-M and IS teams we have few issues >>>>>> to solve, >>>>>> >>>>>> >>>>>> 1. Ability to apply/skip Interceptors in global and per-service >>>>>> levels >>>>>> 2. Ability to define the order of Interceptors >>>>>> 3. Ability to intercept response messages >>>>>> >>>>> Ability to build security and user context in a way we can access it >>>>> from service implementation. >>>>> Most of the other platforms allowed to do that and people who work on >>>>> service implementation can get real advantage of that. >>>>> >>>>>> >>>>>> The good news is JAX-RS 2.0 spec is already solved these issues and >>>>>> we can adopt their concepts easily to MSF4J programming model. Please >>>>>> refer >>>>>> solution for each issue below. >>>>>> >>>>>> >>>>>> *1. Ability to intercept response messages * >>>>>> >>>>>> JAX-RS defines 2 interfaces as ContainerRequestFilter[1] and >>>>>> ContainerResponseFilter[2] to intercept request and response messages, >>>>>> IMO >>>>>> these 2 interfaces are much clean and standard then current MSF4J >>>>>> Interceptor[3] concept where response intercepting is not simple. >>>>>> >>>>>> >>>>>> *2. Ability to apply/skip Interceptors in global and per-service >>>>>> levels * >>>>>> >>>>>> Annotation driven NameBinding[4] concept defined for JAX-RS Filters >>>>>> is very flexible and easy to use as well. This NameBinding[4] feature >>>>>> enables to apply JAX-RS Filters at global, per-Resource or even >>>>>> per-sub-Resource level. >>>>>> >>>>>> *3. Define the order of Interceptors * >>>>>> >>>>>> JAX-RS defines several message processing extension points such as >>>>>> Pre, PreMatch, Post, it's possible to apply Filters during some of these >>>>>> message processing stages, as an example refer PreMatching[5] annotation. >>>>>> >>>>>> Further, to define fine grained order of Filters JAX-RS reuse Java's >>>>>> standard Priority[1] annotation, through this annotation numeric priority >>>>>> value can be define per Filters basis. JAX-RS already provide set of >>>>>> pre-defined Priories here[6] >>>>>> >>>>> Ability to engage in different phases is definitely a good feature. >>>>> But there can be situations where we need to engage multiple interceptors >>>>> at same phase with order of execution. As example i need to engage both >>>>> authenticate and authorization interceptors in pre invoke phase but >>>>> authenticator first and then authorizer as 2nd interceptor. In that case >>>>> we >>>>> need to mention phase and order within phase in some way. It seems CXF and >>>>> other run times already handled this in different ways. >>>>> >>>> >>>> This requirement is well handled by the JAX-RS concept I described >>>> above. >>>> >>>> Thanks ! >>>> >>>>> >>>>> >>>>> [1]http://cxf.apache.org/docs/interceptors.html >>>>> >>>>> Thanks, >>>>> sanjeewa. >>>>> >>>>>> >>>>>> >>>>>> I have setup a meeting in next Wednesday, if we can cater current >>>>>> requirements using above concepts let's go ahead with JAX-RS Filters. >>>>>> >>>>>> >>>>>> [1] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/in >>>>>> dex.html?javax/ws/rs/container/ContainerRequestFilter.html >>>>>> [2] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/ja >>>>>> vax/ws/rs/container/ContainerResponseFilter.html >>>>>> [3] - https://github.com/wso2/msf4j/blob/master/core/src/main/ja >>>>>> va/org/wso2/msf4j/Interceptor.java >>>>>> [4] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/in >>>>>> dex.html?javax/ws/rs/NameBinding.html >>>>>> [5] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/in >>>>>> dex.html?javax/ws/rs/container/PreMatching.html >>>>>> [6] - https://jax-rs-spec.java.net/nonav/2.0/apidocs/javax/ws/rs >>>>>> /Priorities.html >>>>>> >>>>>> Thanks ! >>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Thanks & Regards, >>>>>>> Ishara Cooray >>>>>>> Senior Software Engineer >>>>>>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>>> On Thu, Dec 8, 2016 at 11:23 AM, Ishara Cooray <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Thilina, >>>>>>>>> >>>>>>>>> And also if there are multiple interceptors and one interceptor >>>>>>>>> returns false from its' preCaall then the invocation chain will not >>>>>>>>> continue further. >>>>>>>>> >>>>>>>>> So Is this implies if preCall returns 'true' then the invocation >>>>>>>>> chain will continue further? >>>>>>>>> >>>>>>>> >>>>>>>> Yes >>>>>>>> >>>>>>>> I was thinking to return 'true' if particular auth header >>>>>>>> type(Basic, Bearer) is not found in an interceptor, so that it will >>>>>>>> check >>>>>>>> the other available interceptors. >>>>>>>> But i guess this approach may also fail if the request header type >>>>>>>> is not provided may be by mistake. >>>>>>>> Because all the interceptors will return true and will it be taken >>>>>>>> as a valid authorization? >>>>>>>> >>>>>>>> >>>>>>>> Thanks & Regards, >>>>>>>> Ishara Cooray >>>>>>>> Senior Software Engineer >>>>>>>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>>> Lean . Enterprise . Middleware >>>>>>>> >>>>>>>> On Wed, Dec 7, 2016 at 5:25 PM, Afkham Azeez <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, Dec 7, 2016 at 5:17 PM, Ishara Cooray <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi Thilina, >>>>>>>>>> >>>>>>>>>> And also if there are multiple interceptors and one interceptor >>>>>>>>>> returns false from its' preCaall then the invocation chain will not >>>>>>>>>> continue further. >>>>>>>>>> >>>>>>>>>> So Is this implies if preCall returns 'true' then the invocation >>>>>>>>>> chain will continue further? >>>>>>>>>> >>>>>>>>> >>>>>>>>> Yes >>>>>>>>> >>>>>>>>> >>>>>>>>>> If that is the case we can return true in our overridden preCall >>>>>>>>>> method so that it goes to next Interceptor. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thanks & Regards, >>>>>>>>>> Ishara Cooray >>>>>>>>>> Senior Software Engineer >>>>>>>>>> Mobile : +9477 262 9512 <077%20262%209512> >>>>>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>> >>>>>>>>>> On Wed, Dec 7, 2016 at 2:33 PM, Afkham Azeez <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> How about supporting JAXRS filters? >>>>>>>>>>> >>>>>>>>>>> On Wed, Dec 7, 2016 at 12:52 PM, Thusitha Thilina Dayaratne < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Ishara, >>>>>>>>>>>> >>>>>>>>>>>> As you have mentioned, with the current architecture we can't >>>>>>>>>>>> set the specific interceptor for a particular service but rather >>>>>>>>>>>> to all >>>>>>>>>>>> services in the registry. And also if there are multiple >>>>>>>>>>>> interceptors and >>>>>>>>>>>> one interceptor returns false from its' preCaall then the >>>>>>>>>>>> invocation chain >>>>>>>>>>>> will not continue further. >>>>>>>>>>>> >>>>>>>>>>>> IMHO we have few options >>>>>>>>>>>> >>>>>>>>>>>> - We can implement a way to register specific interceptors >>>>>>>>>>>> to specific services >>>>>>>>>>>> - We can support JAX-RS Filters >>>>>>>>>>>> - We can provide a way to skip some interceptors for >>>>>>>>>>>> specific services >>>>>>>>>>>> >>>>>>>>>>>> @Azeez WDYT? >>>>>>>>>>>> >>>>>>>>>>>> Thanks >>>>>>>>>>>> Thusitha >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Dec 7, 2016 at 10:56 AM, Ishara Cooray < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> HI, >>>>>>>>>>>>> >>>>>>>>>>>>> We are using MSF4J interceptor for securing REST APIs in API >>>>>>>>>>>>> Manager. [1] As for now Interceptor registration happens at the >>>>>>>>>>>>> class level >>>>>>>>>>>>> @Component annotation as below. >>>>>>>>>>>>> >>>>>>>>>>>>> @Component( >>>>>>>>>>>>> name = "org.wso2.carbon.apimgt.rest.a >>>>>>>>>>>>> pi.common.interceptors.OAUTH2SecurityInterceptor", >>>>>>>>>>>>> service = Interceptor.class, >>>>>>>>>>>>> immediate = true >>>>>>>>>>>>> ) >>>>>>>>>>>>> The limitations here are >>>>>>>>>>>>> >>>>>>>>>>>>> 1. it is not possible to have more than one interceptor >>>>>>>>>>>>> that will dynamically pick when an api call is >>>>>>>>>>>>> received(Because the order >>>>>>>>>>>>> matters and we are not certain which interceptor will take >>>>>>>>>>>>> into effect ). >>>>>>>>>>>>> 2. We cannot explicitly configure to use Custom >>>>>>>>>>>>> interceptors because of the above[1] reason. >>>>>>>>>>>>> >>>>>>>>>>>>> Do we have any plans for these limitations? >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks & Regards, >>>>>>>>>>>>> Ishara Cooray >>>>>>>>>>>>> Senior Software Engineer >>>>>>>>>>>>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>>>>>>>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Thusitha Dayaratne >>>>>>>>>>>> Software Engineer >>>>>>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>>>>>> >>>>>>>>>>>> Mobile +94712756809 <071%20275%206809> >>>>>>>>>>>> Blog alokayasoya.blogspot.com >>>>>>>>>>>> About http://about.me/thusithathilina >>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> *Afkham Azeez* >>>>>>>>>>> Senior Director, Platform Architecture; WSO2, Inc.; >>>>>>>>>>> http://wso2.com >>>>>>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>>>>>> * <http://www.apache.org/>* >>>>>>>>>>> *email: **[email protected]* <[email protected]> >>>>>>>>>>> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: * >>>>>>>>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>>>>>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>>>>>>>> <http://twitter.com/afkham_azeez> >>>>>>>>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>>>>>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>>>>>>>> >>>>>>>>>>> *Lean . Enterprise . Middleware* >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Afkham Azeez* >>>>>>>>> Senior Director, Platform Architecture; WSO2, Inc.; >>>>>>>>> http://wso2.com >>>>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>>>> * <http://www.apache.org/>* >>>>>>>>> *email: **[email protected]* <[email protected]> >>>>>>>>> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: * >>>>>>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>>>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>>>>>> <http://twitter.com/afkham_azeez> >>>>>>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>>>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>>>>>> >>>>>>>>> *Lean . Enterprise . Middleware* >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> [email protected] >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Sagara Gunathunga >>>>>> >>>>>> Associate Director / Architect; WSO2, Inc.; http://wso2.com >>>>>> V.P Apache Web Services; http://ws.apache.org/ >>>>>> Linkedin; http://www.linkedin.com/in/ssagara >>>>>> Blog ; http://ssagara.blogspot.com >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Sanjeewa Malalgoda* >>>>> WSO2 Inc. >>>>> Mobile : +94713068779 <+94%2071%20306%208779> >>>>> >>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>> :http://sanjeewamalalgoda.blogspot.com/ >>>>> <http://sanjeewamalalgoda.blogspot.com/> >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Sagara Gunathunga >>>> >>>> Associate Director / Architect; WSO2, Inc.; http://wso2.com >>>> V.P Apache Web Services; http://ws.apache.org/ >>>> Linkedin; http://www.linkedin.com/in/ssagara >>>> Blog ; http://ssagara.blogspot.com >>>> >>>> >>> >> >> >> -- >> *Kishanthan Thangarajah* >> Technical Lead, >> Platform Technologies Team, >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - +94773426635 <+94%2077%20342%206635> >> Blog - *http://kishanthan.wordpress.com >> <http://kishanthan.wordpress.com>* >> Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>* >> > > -- Sagara Gunathunga Associate Director / Architect; WSO2, Inc.; http://wso2.com V.P Apache Web Services; http://ws.apache.org/ Linkedin; http://www.linkedin.com/in/ssagara Blog ; http://ssagara.blogspot.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
