On Mon, May 19, 2014 at 11:57 AM, Nirdesha Munasinghe <[email protected]>wrote:
> Thanks for reporting. Doc JIRA created: > https://wso2.org/jira/browse/DOCUMENTATION-842. > > > On Sat, May 17, 2014 at 8:49 PM, Sanjeewa Malalgoda <[email protected]>wrote: > >> Hi All, >> We found following issues in gateway cache when we regenerate application >> tokens from API store user interface(or calling revoke API). >> >> 01. If we generate new application access token from ui old tokens remain >> as active in gateway cache. >> 02. If we use revoke API deployed in gateway it will clear only super >> tenants cache. >> >> hi Nirdesha, Please note following change in this configurations. > To address these issues recently we introduced new parameter named >> RevokeAPIURL. In distributed deployment we need to configure this parameter >> in API key manager node. Then it will call API pointed by RevokeAPIURL >> parameter. RevokeAPIURL parameter should be pointed to revoke API deployed >> API gateway nodes. If it is gateway cluster we can point to one node. So >> from this release on wards all revoke requests will route to oauth service >> through revoke API deployed in API manager. When revoke response route >> through revoke API cache clear handler will invoke. Then it will extract >> relevant information form transport headers and clear associated cache >> entries. In distributed deployment we should configure followings. >> >> 01. In key manager node, point gateway API revoke end point as follows. >> <!-- This the API URL for revoke API. When we revoke tokens revoke >> requests should go through this >> API deployed in API gateway. Then it will do cache >> invalidations related to revoked tokens. >> In distributed deployment we should configure this property in key >> manager node by pointing >> gateway https url. Also please note that we should point gateway >> revoke service to key manager--> >> <RevokeAPIURL>https:// >> ${carbon.local.ip}:${https.nio.port}/revoke</RevokeAPIURL> >> >> 02. In API gateway revoke API should be pointed to oauth application >> deployed in key manager node. >> <api name="_WSO2AMRevokeAPI_" context="/revoke"> >> <resource methods="POST" url-mapping="/*" >> faultSequence="_token_fault_"> >> <inSequence> >> <send> >> <endpoint> >> <address uri=" >> https://keymgt.wso2.com:9445/oauth2/revoke"/> >> </endpoint> >> </send> >> </inSequence> >> <outSequence> >> <send/> >> </outSequence> >> </resource> >> <handlers> >> <handler >> class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/> >> </handlers> >> </api> >> >> We need to add this to our product documents as well. >> >> >> Thanks, >> sanjeewa. >> -- >> >> *Sanjeewa Malalgoda* >> WSO2 Inc. >> Mobile : +94713068779 >> >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >> >> >> > > > -- > > Thanks, > > Nirdesha Munasinghe, > WSO2 Inc. > Web:http://wso2.com > > Mobile: +94 776321920 > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
