Yes for the moment lets use this approach. Lets have 2 interceptors for authenticate and authorization. From that lets provide way to add pluggable authenticators and authorizers. Also we may be able to route request through multiple authenticators according to predefined order(when we need to support multiple auth types at once). Also its better both identity and APIM can use same approach as we all are doing same thing.
Thanks, sanjeewa. On Thu, Dec 8, 2016 at 6:59 PM, Ishara Cooray <isha...@wso2.com> wrote: > To overcome the above limitation where we cannot plug custom > authentication, i came up with the below approach. > > Having one interceptor and delegate authentication to an interface. > Implementation of the interface is configurable so that we can plug custom > authentication as well. > > [image: Inline image 1] > > One limitation here is we can have only one auth type active at a time. > > Hi Sanjeewa, > > Shall we continue with this approach until we get a proper fix from msf4j? > > > > Thanks & Regards, > Ishara Cooray > Senior Software Engineer > Mobile : +9477 262 9512 <077%20262%209512> > WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > > On Thu, Dec 8, 2016 at 11:23 AM, Ishara Cooray <isha...@wso2.com> wrote: > >> Hi Thilina, >>> >>> And also if there are multiple interceptors and one interceptor returns >>> false from its' preCaall then the invocation chain will not continue >>> further. >>> >>> So Is this implies if preCall returns 'true' then the invocation chain >>> will continue further? >>> >> >> Yes >> >> I was thinking to return 'true' if particular auth header type(Basic, >> Bearer) is not found in an interceptor, so that it will check the other >> available interceptors. >> But i guess this approach may also fail if the request header type is not >> provided may be by mistake. >> Because all the interceptors will return true and will it be taken as a >> valid authorization? >> >> >> Thanks & Regards, >> Ishara Cooray >> Senior Software Engineer >> Mobile : +9477 262 9512 <+94%2077%20262%209512> >> WSO2, Inc. | http://wso2.com/ >> Lean . Enterprise . Middleware >> >> On Wed, Dec 7, 2016 at 5:25 PM, Afkham Azeez <az...@wso2.com> wrote: >> >>> >>> >>> On Wed, Dec 7, 2016 at 5:17 PM, Ishara Cooray <isha...@wso2.com> wrote: >>> >>>> Hi Thilina, >>>> >>>> And also if there are multiple interceptors and one interceptor returns >>>> false from its' preCaall then the invocation chain will not continue >>>> further. >>>> >>>> So Is this implies if preCall returns 'true' then the invocation chain >>>> will continue further? >>>> >>> >>> Yes >>> >>> >>>> If that is the case we can return true in our overridden preCall method >>>> so that it goes to next Interceptor. >>>> >>>> >>>> Thanks & Regards, >>>> Ishara Cooray >>>> Senior Software Engineer >>>> Mobile : +9477 262 9512 <077%20262%209512> >>>> WSO2, Inc. | http://wso2.com/ >>>> Lean . Enterprise . Middleware >>>> >>>> On Wed, Dec 7, 2016 at 2:33 PM, Afkham Azeez <az...@wso2.com> wrote: >>>> >>>>> How about supporting JAXRS filters? >>>>> >>>>> On Wed, Dec 7, 2016 at 12:52 PM, Thusitha Thilina Dayaratne < >>>>> thusit...@wso2.com> wrote: >>>>> >>>>>> Hi Ishara, >>>>>> >>>>>> As you have mentioned, with the current architecture we can't set the >>>>>> specific interceptor for a particular service but rather to all services >>>>>> in >>>>>> the registry. And also if there are multiple interceptors and one >>>>>> interceptor returns false from its' preCaall then the invocation chain >>>>>> will >>>>>> not continue further. >>>>>> >>>>>> IMHO we have few options >>>>>> >>>>>> - We can implement a way to register specific interceptors to >>>>>> specific services >>>>>> - We can support JAX-RS Filters >>>>>> - We can provide a way to skip some interceptors for specific >>>>>> services >>>>>> >>>>>> @Azeez WDYT? >>>>>> >>>>>> Thanks >>>>>> Thusitha >>>>>> >>>>>> >>>>>> On Wed, Dec 7, 2016 at 10:56 AM, Ishara Cooray <isha...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> HI, >>>>>>> >>>>>>> We are using MSF4J interceptor for securing REST APIs in API >>>>>>> Manager. [1] As for now Interceptor registration happens at the class >>>>>>> level >>>>>>> @Component annotation as below. >>>>>>> >>>>>>> @Component( >>>>>>> name = "org.wso2.carbon.apimgt.rest.a >>>>>>> pi.common.interceptors.OAUTH2SecurityInterceptor", >>>>>>> service = Interceptor.class, >>>>>>> immediate = true >>>>>>> ) >>>>>>> The limitations here are >>>>>>> >>>>>>> 1. it is not possible to have more than one interceptor that >>>>>>> will dynamically pick when an api call is received(Because the order >>>>>>> matters and we are not certain which interceptor will take into >>>>>>> effect ). >>>>>>> 2. We cannot explicitly configure to use Custom interceptors >>>>>>> because of the above[1] reason. >>>>>>> >>>>>>> Do we have any plans for these limitations? >>>>>>> >>>>>>> Thanks & Regards, >>>>>>> Ishara Cooray >>>>>>> Senior Software Engineer >>>>>>> Mobile : +9477 262 9512 <+94%2077%20262%209512> >>>>>>> WSO2, Inc. | http://wso2.com/ >>>>>>> Lean . Enterprise . Middleware >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> Dev@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thusitha Dayaratne >>>>>> Software Engineer >>>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>> >>>>>> Mobile +94712756809 <071%20275%206809> >>>>>> Blog alokayasoya.blogspot.com >>>>>> About http://about.me/thusithathilina >>>>>> <http://wso2.com/signature> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> architect...@wso2.org >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Afkham Azeez* >>>>> Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com >>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>> * <http://www.apache.org/>* >>>>> *email: **az...@wso2.com* <az...@wso2.com> >>>>> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: * >>>>> *http://blog.afkham.org* <http://blog.afkham.org> >>>>> *twitter: **http://twitter.com/afkham_azeez* >>>>> <http://twitter.com/afkham_azeez> >>>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>>>> <http://lk.linkedin.com/in/afkhamazeez>* >>>>> >>>>> *Lean . Enterprise . Middleware* >>>>> >>>> >>>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com >>> Member; Apache Software Foundation; http://www.apache.org/ >>> * <http://www.apache.org/>* >>> *email: **az...@wso2.com* <az...@wso2.com> >>> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: * >>> *http://blog.afkham.org* <http://blog.afkham.org> >>> *twitter: **http://twitter.com/afkham_azeez* >>> <http://twitter.com/afkham_azeez> >>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >>> <http://lk.linkedin.com/in/afkhamazeez>* >>> >>> *Lean . Enterprise . Middleware* >>> >> >> > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
