When we return a 404, it implies that the URL (or the resource) does not exist. Here the URL/resource is */validate-role *(a controller resource) which always exists so it is wrong to return a 404 at any case.
Thanks! On Thu, Aug 8, 2019 at 7:12 PM Menaka Jayawardena <men...@wso2.com> wrote: > Hi Naduni, > > Wh the GET request always returns 200? > Can't we set the status code 404 if the role is not found? So we can check > the response status from the UI. We do not want to read the body then. > > > > On Thu, Aug 8, 2019 at 6:05 PM Naduni Pamudika <nad...@wso2.com> wrote: > >> Hi All, >> >> Thanks all for the suggestions. With the GET method @Bhathiya Jayasekara >> <bhath...@wso2.com> suggested, we have the following 2 options now. >> >> 1. *HEAD /roles/{roleName}* >> 2. *GET /validate-role?role=rolename* >> >> >> If we go with the option 1, it will simplify the work in the UI side >> while doing the role validations by using the Rest API since we can do the >> validation by looking at the status code (If the role exists it is a 200 >> and if not it is a 404). If we go with the option 2, it will always return >> a 200 status code and we need to check the response body to validate a >> particular role name (We can send *isRoleExist=true* and >> *isRoleExist=false* in the response body depending on the existence of a >> role name). >> >> Since most of us are +1 with the option 2, shall we move forward with the >> GET method? >> >> Thanks, >> Naduni >> >> On Wed, Aug 7, 2019 at 7:27 PM Bhathiya Jayasekara <bhath...@wso2.com> >> wrote: >> >>> >>> >>> On Wed, Aug 7, 2019 at 6:24 PM Malintha Amarasinghe <malint...@wso2.com> >>> wrote: >>> >>>> >>>> >>>> On Wed, Aug 7, 2019 at 3:39 PM Harsha Kumara <hars...@wso2.com> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Aug 7, 2019 at 3:37 PM Malintha Amarasinghe < >>>>> malint...@wso2.com> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Wed, Aug 7, 2019 at 3:35 PM Harsha Kumara <hars...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Let's say if someone wants to check existence of role foo in user >>>>>>> store TEST. He will do a call /roke/TEST/foo which isn't valid request >>>>>>> right? >>>>>>> >>>>>> @Harsha Kumara <hars...@wso2.com> we need to URL encode the role >>>>>> name. The request will become /roles/TEST%2Ffoo >>>>>> >>>>> Yes that's true. Again some customers might have different letters in >>>>> their role names. Might note be a good idea to include as a path >>>>> parameter. >>>>> >>>> Even if we add as a query param, that will go as part of the URL which >>>> might lead to similar issues? We may need to test this for query parameters >>>> as well. >>>> >>>> I preferred the HEAD method due to the simpleness ( only need to >>>> respond with 204 or 404 without any payload based on the availability of >>>> the role) and RESTfulness (consider a role as a resource and do a fetch on >>>> it in the usual way). HEAD is the usual way for checking the existence of a >>>> resource. However, we do not have the need for implementing a GET here for >>>> now. >>>> >>> >>> This is actually my worry is. I don't think we'll ever have to give a >>> /roles/{role} in the publisher APIs. So having a HEAD without a GET feels >>> strange to me. Maybe it's just me. >>> >>> Thanks, >>> Bhathiya >>> >>> >>>> >>>> >>>> >>>>>> >>>>>>> >>>>>>> On Wed, Aug 7, 2019 at 3:33 PM Mushthaq Rumy <musht...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Adding [Architecture] >>>>>>>> >>>>>>>> On Wed, Aug 7, 2019 at 3:30 PM Mushthaq Rumy <musht...@wso2.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Since we will be UserStoreManager, this should cover the secondary >>>>>>>>> user stores as well. >>>>>>>>> >>>>>>>>> Thanks & Regards, >>>>>>>>> Mushthaq >>>>>>>>> >>>>>>>>> On Wed, Aug 7, 2019 at 3:28 PM Harsha Kumara <hars...@wso2.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> What happen if the role is from secondary user store? >>>>>>>>>> >>>>>>>>>> On Wed, Aug 7, 2019 at 3:24 PM Naduni Pamudika <nad...@wso2.com> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Hi All, >>>>>>>>>>> >>>>>>>>>>> We are planning to add a REST API endpoint to APIM 3.0 Publisher >>>>>>>>>>> Rest APIs and the intention is to check the existence of a >>>>>>>>>>> particular role >>>>>>>>>>> name. This will be used in order to manage roles when enabling >>>>>>>>>>> Publisher >>>>>>>>>>> Access Control and Store Visibility and when adding Scopes. >>>>>>>>>>> >>>>>>>>>>> The swagger definition for the new endpoint would be as follows. >>>>>>>>>>> >>>>>>>>>>> ###################################################### >>>>>>>>>>> # The Role Name Existence >>>>>>>>>>> ###################################################### >>>>>>>>>>> /roles/{roleName}: >>>>>>>>>>> #----------------------------------------------------- >>>>>>>>>>> # The role name existence check resource >>>>>>>>>>> #----------------------------------------------------- >>>>>>>>>>> head: >>>>>>>>>>> security: >>>>>>>>>>> - OAuth2Security: >>>>>>>>>>> - apim:api_view >>>>>>>>>>> summary: | >>>>>>>>>>> Check given role name is already exist >>>>>>>>>>> description: | >>>>>>>>>>> Using this operation, you can check a given role >>>>>>>>>>> name is already used. You need to provide the role name you want to >>>>>>>>>>> check. >>>>>>>>>>> parameters: >>>>>>>>>>> - $ref : '#/parameters/roleName' >>>>>>>>>>> responses: >>>>>>>>>>> 200: >>>>>>>>>>> description: | >>>>>>>>>>> OK. >>>>>>>>>>> Requested role name is returned. >>>>>>>>>>> 404: >>>>>>>>>>> description: | >>>>>>>>>>> Not Found. >>>>>>>>>>> Requested role name does not exist. >>>>>>>>>>> ###################################################### >>>>>>>>>>> # Role Name >>>>>>>>>>> roleName: >>>>>>>>>>> name: roleName >>>>>>>>>>> in: path >>>>>>>>>>> description: | >>>>>>>>>>> The role name >>>>>>>>>>> required: true >>>>>>>>>>> type: string >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> It is a HEAD method (*/roles/{roleName}*) which will return a >>>>>>>>>>> 200 status code if the given role name exists and a 404 status code >>>>>>>>>>> if the >>>>>>>>>>> give role name is not found. Sample requests and responses are >>>>>>>>>>> given below. >>>>>>>>>>> >>>>>>>>>>> Request: >>>>>>>>>>> HEAD >>>>>>>>>>> https://localhost:9443/api/am/publisher/v1.0/roles/valid-role >>>>>>>>>>> HTTP/1.1 >>>>>>>>>>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8 >>>>>>>>>>> >>>>>>>>>>> Response: >>>>>>>>>>> HTTP/1.1 200 OK >>>>>>>>>>> Connection: keep-alive >>>>>>>>>>> Content-Length: 0 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Request: >>>>>>>>>>> HEAD >>>>>>>>>>> https://localhost:9443/api/am/publisher/v1.0/roles/invalid-role >>>>>>>>>>> HTTP/1.1 >>>>>>>>>>> Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8 >>>>>>>>>>> >>>>>>>>>>> Response: >>>>>>>>>>> HTTP/1.1 404 Not Found >>>>>>>>>>> Connection: keep-alive >>>>>>>>>>> Content-Length: 0 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Are we good to have the endpoint definition as this? Appreciate >>>>>>>>>>> your inputs to proceed further. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Naduni >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> *Naduni Pamudika* | Senior Software Engineer | WSO2 Inc. >>>>>>>>>>> (m) +94 (71) 9143658 | (w) +94 (11) 2145345 | (e) >>>>>>>>>>> nad...@wso2.com >>>>>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> *Harsha Kumara* >>>>>>>>>> >>>>>>>>>> Technical Lead, WSO2 Inc. >>>>>>>>>> Mobile: +94775505618 >>>>>>>>>> Email: hars...@wso2.coim >>>>>>>>>> Blog: harshcreationz.blogspot.com >>>>>>>>>> >>>>>>>>>> GET INTEGRATION AGILE >>>>>>>>>> Integration Agility for Digitally Driven Business >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Mushthaq Rumy >>>>>>>>> *Senior Software Engineer* >>>>>>>>> Mobile : +94 (0) 779 492140 >>>>>>>>> Email : musht...@wso2.com >>>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>>> lean . enterprise . middleware. >>>>>>>>> >>>>>>>>> <http://wso2.com/signature> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Mushthaq Rumy >>>>>>>> *Senior Software Engineer* >>>>>>>> Mobile : +94 (0) 779 492140 >>>>>>>> Email : musht...@wso2.com >>>>>>>> WSO2, Inc.; http://wso2.com/ >>>>>>>> lean . enterprise . middleware. >>>>>>>> >>>>>>>> <http://wso2.com/signature> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Harsha Kumara* >>>>>>> >>>>>>> Technical Lead, WSO2 Inc. >>>>>>> Mobile: +94775505618 >>>>>>> Email: hars...@wso2.coim >>>>>>> Blog: harshcreationz.blogspot.com >>>>>>> >>>>>>> GET INTEGRATION AGILE >>>>>>> Integration Agility for Digitally Driven Business >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Malintha Amarasinghe >>>>>> *WSO2, Inc. - lean | enterprise | middleware* >>>>>> http://wso2.com/ >>>>>> >>>>>> Mobile : +94 712383306 >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Harsha Kumara* >>>>> >>>>> Technical Lead, WSO2 Inc. >>>>> Mobile: +94775505618 >>>>> Email: hars...@wso2.coim >>>>> Blog: harshcreationz.blogspot.com >>>>> >>>>> GET INTEGRATION AGILE >>>>> Integration Agility for Digitally Driven Business >>>>> >>>> >>>> >>>> -- >>>> Malintha Amarasinghe >>>> *WSO2, Inc. - lean | enterprise | middleware* >>>> http://wso2.com/ >>>> >>>> Mobile : +94 712383306 >>>> >>> >>> >>> -- >>> *Bhathiya Jayasekara* | Technical Lead | WSO2 Inc. >>> (m) +94 71 547 8185 | (e) bhathiya-@t-wso2-d0t-com >>> >>> >>> >> >> -- >> *Naduni Pamudika* | Senior Software Engineer | WSO2 Inc. >> (m) +94 (71) 9143658 | (w) +94 (11) 2145345 | (e) nad...@wso2.com >> [image: http://wso2.com/signature] <http://wso2.com/signature> >> >> > > -- > > *Menaka Jayawardena* > Senior Software Engineer | WSO2 Inc. > +94 71 350 5470 | +94 76 717 2511 | men...@wso2.com > > <https://wso2.com/signature> > > -- Malintha Amarasinghe *WSO2, Inc. - lean | enterprise | middleware* http://wso2.com/ Mobile : +94 712383306
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture