Hi Sagara, ViduraN has almost implemented this. We will schedule a meeting tomorrow or day after tomorrow to discuss the current implementation.
Thanks Thusitha On Mon, Jan 16, 2017 at 12:44 PM, Sagara Gunathunga <[email protected]> wrote: > > Can we have an update or review meeting on this ? > > Thanks ! > > > On Thu, Jan 5, 2017 at 9:50 AM, Ishara Cooray <[email protected]> wrote: > >> Sounds good. >> Thanks Kishanthan. >> >> Thanks & Regards, >> Ishara Cooray >> Senior Software Engineer >> Mobile : +9477 262 9512 <+94%2077%20262%209512> >> WSO2, Inc. | http://wso2.com/ >> Lean . Enterprise . Middleware >> >> On Wed, Jan 4, 2017 at 5:30 PM, Kishanthan Thangarajah < >> [email protected]> wrote: >> >>> We are working on this. We couldn't progress much last week due to other >>> priorities. The plan is to deliver in two weeks time. >>> >>> On Tue, Jan 3, 2017 at 1:40 PM, Ishara Cooray <[email protected]> wrote: >>> >>>> Hi, >>>> >>>> What could be the status of this? Do we have a time line defined? >>>> >>>> Thanks & Regards, >>>> Ishara Cooray >>>> Senior Software Engineer >>>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>>> WSO2, Inc. | http://wso2.com/ >>>> Lean . Enterprise . Middleware >>>> >>>> On Fri, Dec 9, 2016 at 2:18 PM, Sagara Gunathunga <[email protected]> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Fri, Dec 9, 2016 at 2:15 PM, Sanjeewa Malalgoda <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> Please find inline comments. >>>>>> >>>>>> On Fri, Dec 9, 2016 at 12:49 PM, Sagara Gunathunga <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, Dec 8, 2016 at 6:59 PM, Ishara Cooray <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> To overcome the above limitation where we cannot plug custom >>>>>>>> authentication, i came up with the below approach. >>>>>>>> >>>>>>>> Having one interceptor and delegate authentication to an interface. >>>>>>>> Implementation of the interface is configurable so that we can plug >>>>>>>> custom >>>>>>>> authentication as well. >>>>>>>> >>>>>>>> [image: Inline image 1] >>>>>>>> >>>>>>>> One limitation here is we can have only one auth type active at a >>>>>>>> time. >>>>>>>> >>>>>>>> Hi Sanjeewa, >>>>>>>> >>>>>>>> Shall we continue with this approach until we get a proper fix from >>>>>>>> msf4j? >>>>>>>> >>>>>>> >>>>>>> It's ok to use above approach as a temporary workaround till we get >>>>>>> proper solution from MSF4J, but please make sure to implement only >>>>>>> required >>>>>>> features in a simple manner because you have to discard this and have to >>>>>>> use proper MSF4J approach before any release. >>>>>>> >>>>>>> By looking at issues faced by API-M and IS teams we have few issues >>>>>>> to solve, >>>>>>> >>>>>>> >>>>>>> 1. Ability to apply/skip Interceptors in global and per-service >>>>>>> levels >>>>>>> 2. Ability to define the order of Interceptors >>>>>>> 3. Ability to intercept response messages >>>>>>> >>>>>> Ability to build security and user context in a way we can access it >>>>>> from service implementation. >>>>>> Most of the other platforms allowed to do that and people who work on >>>>>> service implementation can get real advantage of that. >>>>>> >>>>>>> >>>>>>> The good news is JAX-RS 2.0 spec is already solved these issues and >>>>>>> we can adopt their concepts easily to MSF4J programming model. Please >>>>>>> refer >>>>>>> solution for each issue below. >>>>>>> >>>>>>> >>>>>>> *1. Ability to intercept response messages * >>>>>>> >>>>>>> JAX-RS defines 2 interfaces as ContainerRequestFilter[1] and >>>>>>> ContainerResponseFilter[2] to intercept request and response messages, >>>>>>> IMO >>>>>>> these 2 interfaces are much clean and standard then current MSF4J >>>>>>> Interceptor[3] concept where response intercepting is not simple. >>>>>>> >>>>>>> >>>>>>> *2. Ability to apply/skip Interceptors in global and per-service >>>>>>> levels * >>>>>>> >>>>>>> Annotation driven NameBinding[4] concept defined for JAX-RS Filters >>>>>>> is very flexible and easy to use as well. This NameBinding[4] feature >>>>>>> enables to apply JAX-RS Filters at global, per-Resource or even >>>>>>> per-sub-Resource level. >>>>>>> >>>>>>> *3. Define the order of Interceptors * >>>>>>> >>>>>>> JAX-RS defines several message processing extension points such as >>>>>>> Pre, PreMatch, Post, it's possible to apply Filters during some of these >>>>>>> message processing stages, as an example refer PreMatching[5] >>>>>>> annotation. >>>>>>> >>>>>>> Further, to define fine grained order of Filters JAX-RS reuse Java's >>>>>>> standard Priority[1] annotation, through this annotation numeric >>>>>>> priority >>>>>>> value can be define per Filters basis. JAX-RS already provide set of >>>>>>> pre-defined Priories here[6] >>>>>>> >>>>>> Ability to engage in different phases is definitely a good feature. >>>>>> But there can be situations where we need to engage multiple interceptors >>>>>> at same phase with order of execution. As example i need to engage both >>>>>> authenticate and authorization interceptors in pre invoke phase but >>>>>> authenticator first and then authorizer as 2nd interceptor. In that case >>>>>> we >>>>>> need to mention phase and order within phase in some way. It seems CXF >>>>>> and >>>>>> other run times already handled this in different ways. >>>>>> >>>>> >>>>> This requirement is well handled by the JAX-RS concept I described >>>>> above. >>>>> >>>>> Thanks ! >>>>> >>>>>> >>>>>> >>>>>> [1]http://cxf.apache.org/docs/interceptors.html >>>>>> >>>>>> Thanks, >>>>>> sanjeewa. >>>>>> >>>>>>> >>>>>>> >>>>>>> I have setup a meeting in next Wednesday, if we can cater current >>>>>>> requirements using above concepts let's go ahead with JAX-RS Filters. >>>>>>> >>>>>>> >>>>>>> [1] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/in >>>>>>> dex.html?javax/ws/rs/container/ContainerRequestFilter.html >>>>>>> [2] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/ja >>>>>>> vax/ws/rs/container/ContainerResponseFilter.html >>>>>>> [3] - https://github.com/wso2/msf4j/blob/master/core/src/main/ja >>>>>>> va/org/wso2/msf4j/Interceptor.java >>>>>>> [4] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/in >>>>>>> dex.html?javax/ws/rs/NameBinding.html >>>>>>> [5] - https://jax-rs-spec.java.net/nonav/2.0-SNAPSHOT/apidocs/in >>>>>>> dex.html?javax/ws/rs/container/PreMatching.html >>>>>>> [6] - https://jax-rs-spec.java.net/nonav/2.0/apidocs/javax/ws/rs >>>>>>> /Priorities.html >>>>>>> >>>>>>> Thanks ! >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Thanks & Regards, >>>>>>>> Ishara Cooray >>>>>>>> Senior Software Engineer >>>>>>>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>>> Lean . Enterprise . Middleware >>>>>>>> >>>>>>>> On Thu, Dec 8, 2016 at 11:23 AM, Ishara Cooray <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Thilina, >>>>>>>>>> >>>>>>>>>> And also if there are multiple interceptors and one interceptor >>>>>>>>>> returns false from its' preCaall then the invocation chain will not >>>>>>>>>> continue further. >>>>>>>>>> >>>>>>>>>> So Is this implies if preCall returns 'true' then the invocation >>>>>>>>>> chain will continue further? >>>>>>>>>> >>>>>>>>> >>>>>>>>> Yes >>>>>>>>> >>>>>>>>> I was thinking to return 'true' if particular auth header >>>>>>>>> type(Basic, Bearer) is not found in an interceptor, so that it will >>>>>>>>> check >>>>>>>>> the other available interceptors. >>>>>>>>> But i guess this approach may also fail if the request header type >>>>>>>>> is not provided may be by mistake. >>>>>>>>> Because all the interceptors will return true and will it be taken >>>>>>>>> as a valid authorization? >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks & Regards, >>>>>>>>> Ishara Cooray >>>>>>>>> Senior Software Engineer >>>>>>>>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>>>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>>> On Wed, Dec 7, 2016 at 5:25 PM, Afkham Azeez <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Wed, Dec 7, 2016 at 5:17 PM, Ishara Cooray <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Thilina, >>>>>>>>>>> >>>>>>>>>>> And also if there are multiple interceptors and one interceptor >>>>>>>>>>> returns false from its' preCaall then the invocation chain will not >>>>>>>>>>> continue further. >>>>>>>>>>> >>>>>>>>>>> So Is this implies if preCall returns 'true' then the invocation >>>>>>>>>>> chain will continue further? >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Yes >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> If that is the case we can return true in our overridden preCall >>>>>>>>>>> method so that it goes to next Interceptor. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Thanks & Regards, >>>>>>>>>>> Ishara Cooray >>>>>>>>>>> Senior Software Engineer >>>>>>>>>>> Mobile : +9477 262 9512 <077%20262%209512> >>>>>>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>> >>>>>>>>>>> On Wed, Dec 7, 2016 at 2:33 PM, Afkham Azeez <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> How about supporting JAXRS filters? >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Dec 7, 2016 at 12:52 PM, Thusitha Thilina Dayaratne < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Ishara, >>>>>>>>>>>>> >>>>>>>>>>>>> As you have mentioned, with the current architecture we can't >>>>>>>>>>>>> set the specific interceptor for a particular service but rather >>>>>>>>>>>>> to all >>>>>>>>>>>>> services in the registry. And also if there are multiple >>>>>>>>>>>>> interceptors and >>>>>>>>>>>>> one interceptor returns false from its' preCaall then the >>>>>>>>>>>>> invocation chain >>>>>>>>>>>>> will not continue further. >>>>>>>>>>>>> >>>>>>>>>>>>> IMHO we have few options >>>>>>>>>>>>> >>>>>>>>>>>>> - We can implement a way to register specific interceptors >>>>>>>>>>>>> to specific services >>>>>>>>>>>>> - We can support JAX-RS Filters >>>>>>>>>>>>> - We can provide a way to skip some interceptors for >>>>>>>>>>>>> specific services >>>>>>>>>>>>> >>>>>>>>>>>>> @Azeez WDYT? >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks >>>>>>>>>>>>> Thusitha >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, Dec 7, 2016 at 10:56 AM, Ishara Cooray < >>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> HI, >>>>>>>>>>>>>> >>>>>>>>>>>>>> We are using MSF4J interceptor for securing REST APIs in API >>>>>>>>>>>>>> Manager. [1] As for now Interceptor registration happens at the >>>>>>>>>>>>>> class level >>>>>>>>>>>>>> @Component annotation as below. >>>>>>>>>>>>>> >>>>>>>>>>>>>> @Component( >>>>>>>>>>>>>> name = "org.wso2.carbon.apimgt.rest.a >>>>>>>>>>>>>> pi.common.interceptors.OAUTH2SecurityInterceptor", >>>>>>>>>>>>>> service = Interceptor.class, >>>>>>>>>>>>>> immediate = true >>>>>>>>>>>>>> ) >>>>>>>>>>>>>> The limitations here are >>>>>>>>>>>>>> >>>>>>>>>>>>>> 1. it is not possible to have more than one interceptor >>>>>>>>>>>>>> that will dynamically pick when an api call is >>>>>>>>>>>>>> received(Because the order >>>>>>>>>>>>>> matters and we are not certain which interceptor will take >>>>>>>>>>>>>> into effect ). >>>>>>>>>>>>>> 2. We cannot explicitly configure to use Custom >>>>>>>>>>>>>> interceptors because of the above[1] reason. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Do we have any plans for these limitations? >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks & Regards, >>>>>>>>>>>>>> Ishara Cooray >>>>>>>>>>>>>> Senior Software Engineer >>>>>>>>>>>>>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>>>>>>>>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Thusitha Dayaratne >>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>>>>>>> >>>>>>>>>>>>> Mobile +94712756809 <071%20275%206809> >>>>>>>>>>>>> Blog alokayasoya.blogspot.com >>>>>>>>>>>>> About http://about.me/thusithathilina >>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> *Afkham Azeez* >>>>>>>>>>>> Senior Director, Platform Architecture; WSO2, Inc.; >>>>>>>>>>>> http://wso2.com >>>>>>>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>>>>>>> * <http://www.apache.org/>* >>>>>>>>>>>> *email: **[email protected]* <[email protected]> >>>>>>>>>>>> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: * >>>>>>>>>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>>>>>>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>>>>>>>>> <http://twitter.com/afkham_azeez> >>>>>>>>>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>>>>>>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>>>>>>>>> >>>>>>>>>>>> *Lean . Enterprise . Middleware* >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> *Afkham Azeez* >>>>>>>>>> Senior Director, Platform Architecture; WSO2, Inc.; >>>>>>>>>> http://wso2.com >>>>>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>>>>> * <http://www.apache.org/>* >>>>>>>>>> *email: **[email protected]* <[email protected]> >>>>>>>>>> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: * >>>>>>>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>>>>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>>>>>>> <http://twitter.com/afkham_azeez> >>>>>>>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>>>>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>>>>>>> >>>>>>>>>> *Lean . Enterprise . Middleware* >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Sagara Gunathunga >>>>>>> >>>>>>> Associate Director / Architect; WSO2, Inc.; http://wso2.com >>>>>>> V.P Apache Web Services; http://ws.apache.org/ >>>>>>> Linkedin; http://www.linkedin.com/in/ssagara >>>>>>> Blog ; http://ssagara.blogspot.com >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Sanjeewa Malalgoda* >>>>>> WSO2 Inc. >>>>>> Mobile : +94713068779 <+94%2071%20306%208779> >>>>>> >>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>> :http://sanjeewamalalgoda.blogspot.com/ >>>>>> <http://sanjeewamalalgoda.blogspot.com/> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Sagara Gunathunga >>>>> >>>>> Associate Director / Architect; WSO2, Inc.; http://wso2.com >>>>> V.P Apache Web Services; http://ws.apache.org/ >>>>> Linkedin; http://www.linkedin.com/in/ssagara >>>>> Blog ; http://ssagara.blogspot.com >>>>> >>>>> >>>> >>> >>> >>> -- >>> *Kishanthan Thangarajah* >>> Technical Lead, >>> Platform Technologies Team, >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - +94773426635 <+94%2077%20342%206635> >>> Blog - *http://kishanthan.wordpress.com >>> <http://kishanthan.wordpress.com>* >>> Twitter - *http://twitter.com/kishanthan >>> <http://twitter.com/kishanthan>* >>> >> >> > > > -- > Sagara Gunathunga > > Associate Director / Architect; WSO2, Inc.; http://wso2.com > V.P Apache Web Services; http://ws.apache.org/ > Linkedin; http://www.linkedin.com/in/ssagara > Blog ; http://ssagara.blogspot.com > > -- Thusitha Dayaratne Software Engineer WSO2 Inc. - lean . enterprise . middleware | wso2.com Mobile +94712756809 Blog alokayasoya.blogspot.com About http://about.me/thusithathilina <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
