Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0
Hi Senthalan, For api publishing you have suggested that the api creator needs to create an OAuth app and configure that with the server. Cant we make it more seamless integration by only configuring a user and call the dynamic client registration endpoint to create an app. In addition I am having a doubt cant we implement above capability to the already existing code(Publishing the api through the rest api). Since in [1][2] we already have the support for api scanning using annotation, publishing and support for using Integrated gateway or api manager as gateway. The only difference I see from your architecture is the creator part. It would be great if we could maintain only one feature for this. [1] https://github.com/wso2/carbon-device-mgt/tree/master/compo nents/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher [2] https://github.com/wso2/carbon-device-mgt/tree/master/compon ents/webapp-authenticator-framework/org.wso2.carbon. webapp.authenticator.framework. *Ayyoob Hamza* *Software Engineer* WSO2 Inc.; http://wso2.com email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0
In Publisher the API developers creates APIs and and publish them into Store. In Store the end users can subscribe those APIs and use them. According to this scenario, there is no use case for API Store. Because we are going to automatically create APIs of the deployed web apps in API publisher. Then the user can publish that API into API Store. Because we have to give chance to user to set-up/ edit specializations before publishing it to the Store. On Wed, Sep 21, 2016 at 3:30 PM, Nuwan Diaswrote: > Can you explain the role of the Publisher and Store? Why do we push the > API to the publisher? Are we going to use the Store in any use-case? > > On Wed, Sep 21, 2016 at 3:15 PM, Senthalan Kanagalingam < > sentha...@wso2.com> wrote: > >> Yes, When the end user using APIs from the Application server the >> integrated gateway will take care of authorization. It will only use the >> key manager of API Manager to validate. >> >> On Wed, Sep 21, 2016 at 3:04 PM, Nuwan Dias wrote: >> >>> But in that case the Gateway component in the API Manager is not >>> required isn't it? >>> >>> On Wed, Sep 21, 2016 at 2:37 PM, Senthalan Kanagalingam < >>> sentha...@wso2.com> wrote: >>> Hi Ajanthan, The integrated API gateway is doing only the OAuth authorization. But the idea of the integrated API gateway is to provide API Management capabilities without another network hop. Thanks and regards, Senthalan On Tue, Sep 20, 2016 at 11:36 PM, Ajanthan Balachandran < ajant...@wso2.com> wrote: > What is the value of using integrated API gateway instead of the APIM > gateway ? > Is the Integrated API gateway doing more than OAuth authorization (Eg: > throttling)? > > On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam < > sentha...@wso2.com> wrote: > >> Hi Ayyoob, >> >> Thanks for your feedback. >> >> We have a working PoC[1] for API Scanner and Creator. I will go >> through this extension and try to improve my implementation. >> For the Gateway part we have planed to use tomcat valve. But we can >> look into the possible options and come with a better solution. >> >> We are using reflections[2] library to scan annotation. This library >> provide facility to scan custom annotations, param annotations and return >> type. So creating documentation can be supported. >> >> [1] https://github.com/senthalan/product-as/tree/api-everywhere-as >> [2] https://github.com/ronmamo/reflections >> >> Thanks and regards >> K.Senthalan >> >> On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza >> wrote: >> >>> Hi Senthalan, >>> >>> We currently have this capability in EMM/IoTS. However API creator >>> part is tightly coupled with api manager features. >>> >>> [1] API Scanner and Creator : https://github.com/wso2/carb >>> on-device-mgt/tree/master/components/apimgt-extensions/org.w >>> so2.carbon.apimgt.webapp.publisher >>> [2] Gateway: This either can use api manager gateway and do a JWT >>> validation or Use the tomcat valve and do the authorization as you >>> described - https://github.com/wso2/carbon >>> -device-mgt/tree/master/components/webapp-authenticator-fram >>> ework/org.wso2.carbon.webapp.authenticator.framework. >>> >>> Just wanted to add some other features that we can support as a >>> future requirement is to support swagger annotation. Which is to read >>> and >>> publish along with the api. This way we could create the documentation >>> in >>> store. >>> >>> Thanks, >>> Ayyoob >>> >>> *Ayyoob Hamza* >>> *Software Engineer* >>> WSO2 Inc.; http://wso2.com >>> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> >>> >>> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam < >>> sentha...@wso2.com> wrote: >>> Hi all, Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture The idea of the above is to automatically create APIs from the deployed web apps in AS and publish them into the API Publisher. Publishing APIs automatically makes it easier for webapp developers on Tomcat to use APIM easier. Right now, the users has to manually create Managed APIs for their REST-ful web apps. As part of this effort, the API gateway will be included within Tomcat based AS itself. This is used to validate whether the request from that end user have permission to access that API. So the AS will have an integrated API gateway to validate. The api everywhere for AS 6.0 have 3 main components, 1. API Scanner 2.
Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0
Can you explain the role of the Publisher and Store? Why do we push the API to the publisher? Are we going to use the Store in any use-case? On Wed, Sep 21, 2016 at 3:15 PM, Senthalan Kanagalingamwrote: > Yes, When the end user using APIs from the Application server the > integrated gateway will take care of authorization. It will only use the > key manager of API Manager to validate. > > On Wed, Sep 21, 2016 at 3:04 PM, Nuwan Dias wrote: > >> But in that case the Gateway component in the API Manager is not required >> isn't it? >> >> On Wed, Sep 21, 2016 at 2:37 PM, Senthalan Kanagalingam < >> sentha...@wso2.com> wrote: >> >>> Hi Ajanthan, >>> >>> The integrated API gateway is doing only the OAuth authorization. But >>> the idea of the integrated API gateway is to provide API Management >>> capabilities without another network hop. >>> >>> Thanks and regards, >>> Senthalan >>> >>> On Tue, Sep 20, 2016 at 11:36 PM, Ajanthan Balachandran < >>> ajant...@wso2.com> wrote: >>> What is the value of using integrated API gateway instead of the APIM gateway ? Is the Integrated API gateway doing more than OAuth authorization (Eg: throttling)? On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam < sentha...@wso2.com> wrote: > Hi Ayyoob, > > Thanks for your feedback. > > We have a working PoC[1] for API Scanner and Creator. I will go > through this extension and try to improve my implementation. > For the Gateway part we have planed to use tomcat valve. But we can > look into the possible options and come with a better solution. > > We are using reflections[2] library to scan annotation. This library > provide facility to scan custom annotations, param annotations and return > type. So creating documentation can be supported. > > [1] https://github.com/senthalan/product-as/tree/api-everywhere-as > [2] https://github.com/ronmamo/reflections > > Thanks and regards > K.Senthalan > > On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza > wrote: > >> Hi Senthalan, >> >> We currently have this capability in EMM/IoTS. However API creator >> part is tightly coupled with api manager features. >> >> [1] API Scanner and Creator : https://github.com/wso2/carb >> on-device-mgt/tree/master/components/apimgt-extensions/org.w >> so2.carbon.apimgt.webapp.publisher >> [2] Gateway: This either can use api manager gateway and do a JWT >> validation or Use the tomcat valve and do the authorization as you >> described - https://github.com/wso2/carbon >> -device-mgt/tree/master/components/webapp-authenticator-fram >> ework/org.wso2.carbon.webapp.authenticator.framework. >> >> Just wanted to add some other features that we can support as a >> future requirement is to support swagger annotation. Which is to read and >> publish along with the api. This way we could create the documentation in >> store. >> >> Thanks, >> Ayyoob >> >> *Ayyoob Hamza* >> *Software Engineer* >> WSO2 Inc.; http://wso2.com >> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> >> >> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam < >> sentha...@wso2.com> wrote: >> >>> Hi all, >>> >>> Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture >>> >>> The idea of the above is to automatically create APIs from the >>> deployed web apps in AS and publish them into the API Publisher. >>> Publishing >>> APIs automatically makes it easier for webapp developers on Tomcat to >>> use >>> APIM easier. Right now, the users has to manually create Managed APIs >>> for >>> their REST-ful web apps. >>> >>> As part of this effort, the API gateway will be included within >>> Tomcat based AS itself. This is used to validate whether the request >>> from >>> that end user have permission to access that API. So the AS will have an >>> integrated API gateway to validate. >>> >>> The api everywhere for AS 6.0 have 3 main components, >>> >>>1. >>> >>>API Scanner >>>2. >>> >>>API Creator >>>3. >>> >>>Integrated API gateway >>> >>> >>> API Scanner component will scan the deployed web app and create >>> APIs. In web app deployment time the API scanner will scan the >>> annotations >>> and configurations and generate APIs and API informations. >>> >>> API Creator will publish the APIs into API Publisher. For that user >>> have to provide the “clientId” and “clientSecret” of OAuth 2.0. Access >>> token will be request from the APIM Key manager. Then using that access >>> token the generated APIs will be published into APIM. The API will be in >>> the “CREATED” state, the
Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0
Yes, When the end user using APIs from the Application server the integrated gateway will take care of authorization. It will only use the key manager of API Manager to validate. On Wed, Sep 21, 2016 at 3:04 PM, Nuwan Diaswrote: > But in that case the Gateway component in the API Manager is not required > isn't it? > > On Wed, Sep 21, 2016 at 2:37 PM, Senthalan Kanagalingam < > sentha...@wso2.com> wrote: > >> Hi Ajanthan, >> >> The integrated API gateway is doing only the OAuth authorization. But the >> idea of the integrated API gateway is to provide API Management >> capabilities without another network hop. >> >> Thanks and regards, >> Senthalan >> >> On Tue, Sep 20, 2016 at 11:36 PM, Ajanthan Balachandran < >> ajant...@wso2.com> wrote: >> >>> What is the value of using integrated API gateway instead of the APIM >>> gateway ? >>> Is the Integrated API gateway doing more than OAuth authorization (Eg: >>> throttling)? >>> >>> On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam < >>> sentha...@wso2.com> wrote: >>> Hi Ayyoob, Thanks for your feedback. We have a working PoC[1] for API Scanner and Creator. I will go through this extension and try to improve my implementation. For the Gateway part we have planed to use tomcat valve. But we can look into the possible options and come with a better solution. We are using reflections[2] library to scan annotation. This library provide facility to scan custom annotations, param annotations and return type. So creating documentation can be supported. [1] https://github.com/senthalan/product-as/tree/api-everywhere-as [2] https://github.com/ronmamo/reflections Thanks and regards K.Senthalan On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza wrote: > Hi Senthalan, > > We currently have this capability in EMM/IoTS. However API creator > part is tightly coupled with api manager features. > > [1] API Scanner and Creator : https://github.com/wso2/carb > on-device-mgt/tree/master/components/apimgt-extensions/org.w > so2.carbon.apimgt.webapp.publisher > [2] Gateway: This either can use api manager gateway and do a JWT > validation or Use the tomcat valve and do the authorization as you > described - https://github.com/wso2/carbon > -device-mgt/tree/master/components/webapp-authenticator-fram > ework/org.wso2.carbon.webapp.authenticator.framework. > > Just wanted to add some other features that we can support as a future > requirement is to support swagger annotation. Which is to read and publish > along with the api. This way we could create the documentation in store. > > Thanks, > Ayyoob > > *Ayyoob Hamza* > *Software Engineer* > WSO2 Inc.; http://wso2.com > email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> > > On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam < > sentha...@wso2.com> wrote: > >> Hi all, >> >> Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture >> >> The idea of the above is to automatically create APIs from the >> deployed web apps in AS and publish them into the API Publisher. >> Publishing >> APIs automatically makes it easier for webapp developers on Tomcat to use >> APIM easier. Right now, the users has to manually create Managed APIs for >> their REST-ful web apps. >> >> As part of this effort, the API gateway will be included within >> Tomcat based AS itself. This is used to validate whether the request from >> that end user have permission to access that API. So the AS will have an >> integrated API gateway to validate. >> >> The api everywhere for AS 6.0 have 3 main components, >> >>1. >> >>API Scanner >>2. >> >>API Creator >>3. >> >>Integrated API gateway >> >> >> API Scanner component will scan the deployed web app and create APIs. >> In web app deployment time the API scanner will scan the annotations and >> configurations and generate APIs and API informations. >> >> API Creator will publish the APIs into API Publisher. For that user >> have to provide the “clientId” and “clientSecret” of OAuth 2.0. Access >> token will be request from the APIM Key manager. Then using that access >> token the generated APIs will be published into APIM. The API will be in >> the “CREATED” state, the webapp developers can edit and publish as their >> wish. API Creator will be a running on new thread to reduce the web app >> startup time. >> >> Integrated API gateway will intercept the request into AS. The access >> token of the request will be validated with APIM key manager. If the >> token >> have the right to access the web app, the request will be passed or
Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0
But in that case the Gateway component in the API Manager is not required isn't it? On Wed, Sep 21, 2016 at 2:37 PM, Senthalan Kanagalingamwrote: > Hi Ajanthan, > > The integrated API gateway is doing only the OAuth authorization. But the > idea of the integrated API gateway is to provide API Management > capabilities without another network hop. > > Thanks and regards, > Senthalan > > On Tue, Sep 20, 2016 at 11:36 PM, Ajanthan Balachandran > wrote: > >> What is the value of using integrated API gateway instead of the APIM >> gateway ? >> Is the Integrated API gateway doing more than OAuth authorization (Eg: >> throttling)? >> >> On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam < >> sentha...@wso2.com> wrote: >> >>> Hi Ayyoob, >>> >>> Thanks for your feedback. >>> >>> We have a working PoC[1] for API Scanner and Creator. I will go through >>> this extension and try to improve my implementation. >>> For the Gateway part we have planed to use tomcat valve. But we can look >>> into the possible options and come with a better solution. >>> >>> We are using reflections[2] library to scan annotation. This library >>> provide facility to scan custom annotations, param annotations and return >>> type. So creating documentation can be supported. >>> >>> [1] https://github.com/senthalan/product-as/tree/api-everywhere-as >>> [2] https://github.com/ronmamo/reflections >>> >>> Thanks and regards >>> K.Senthalan >>> >>> On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza wrote: >>> Hi Senthalan, We currently have this capability in EMM/IoTS. However API creator part is tightly coupled with api manager features. [1] API Scanner and Creator : https://github.com/wso2/carb on-device-mgt/tree/master/components/apimgt-extensions/org.w so2.carbon.apimgt.webapp.publisher [2] Gateway: This either can use api manager gateway and do a JWT validation or Use the tomcat valve and do the authorization as you described - https://github.com/wso2/carbon -device-mgt/tree/master/components/webapp-authenticator-fram ework/org.wso2.carbon.webapp.authenticator.framework. Just wanted to add some other features that we can support as a future requirement is to support swagger annotation. Which is to read and publish along with the api. This way we could create the documentation in store. Thanks, Ayyoob *Ayyoob Hamza* *Software Engineer* WSO2 Inc.; http://wso2.com email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam < sentha...@wso2.com> wrote: > Hi all, > > Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture > > The idea of the above is to automatically create APIs from the > deployed web apps in AS and publish them into the API Publisher. > Publishing > APIs automatically makes it easier for webapp developers on Tomcat to use > APIM easier. Right now, the users has to manually create Managed APIs for > their REST-ful web apps. > > As part of this effort, the API gateway will be included within Tomcat > based AS itself. This is used to validate whether the request from that > end > user have permission to access that API. So the AS will have an integrated > API gateway to validate. > > The api everywhere for AS 6.0 have 3 main components, > >1. > >API Scanner >2. > >API Creator >3. > >Integrated API gateway > > > API Scanner component will scan the deployed web app and create APIs. > In web app deployment time the API scanner will scan the annotations and > configurations and generate APIs and API informations. > > API Creator will publish the APIs into API Publisher. For that user > have to provide the “clientId” and “clientSecret” of OAuth 2.0. Access > token will be request from the APIM Key manager. Then using that access > token the generated APIs will be published into APIM. The API will be in > the “CREATED” state, the webapp developers can edit and publish as their > wish. API Creator will be a running on new thread to reduce the web app > startup time. > > Integrated API gateway will intercept the request into AS. The access > token of the request will be validated with APIM key manager. If the token > have the right to access the web app, the request will be passed or > otherwise an exception will be thrown to the end user. > > > Until now implementation of API Scanner and API Creator are completed > and working PoC is available. > > We have to decide which information we are going to publish into the > API publisher. There are some items like tags, business information and > etc > which are not
Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0
Hi Ajanthan, The integrated API gateway is doing only the OAuth authorization. But the idea of the integrated API gateway is to provide API Management capabilities without another network hop. Thanks and regards, Senthalan On Tue, Sep 20, 2016 at 11:36 PM, Ajanthan Balachandranwrote: > What is the value of using integrated API gateway instead of the APIM > gateway ? > Is the Integrated API gateway doing more than OAuth authorization (Eg: > throttling)? > > On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam < > sentha...@wso2.com> wrote: > >> Hi Ayyoob, >> >> Thanks for your feedback. >> >> We have a working PoC[1] for API Scanner and Creator. I will go through >> this extension and try to improve my implementation. >> For the Gateway part we have planed to use tomcat valve. But we can look >> into the possible options and come with a better solution. >> >> We are using reflections[2] library to scan annotation. This library >> provide facility to scan custom annotations, param annotations and return >> type. So creating documentation can be supported. >> >> [1] https://github.com/senthalan/product-as/tree/api-everywhere-as >> [2] https://github.com/ronmamo/reflections >> >> Thanks and regards >> K.Senthalan >> >> On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza wrote: >> >>> Hi Senthalan, >>> >>> We currently have this capability in EMM/IoTS. However API creator part >>> is tightly coupled with api manager features. >>> >>> [1] API Scanner and Creator : https://github.com/wso2/carb >>> on-device-mgt/tree/master/components/apimgt-extensions/org.w >>> so2.carbon.apimgt.webapp.publisher >>> [2] Gateway: This either can use api manager gateway and do a JWT >>> validation or Use the tomcat valve and do the authorization as you >>> described - https://github.com/wso2/carbon-device-mgt/tree/master/compon >>> ents/webapp-authenticator-framework/org.wso2.carbon.webapp. >>> authenticator.framework. >>> >>> Just wanted to add some other features that we can support as a future >>> requirement is to support swagger annotation. Which is to read and publish >>> along with the api. This way we could create the documentation in store. >>> >>> Thanks, >>> Ayyoob >>> >>> *Ayyoob Hamza* >>> *Software Engineer* >>> WSO2 Inc.; http://wso2.com >>> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> >>> >>> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam < >>> sentha...@wso2.com> wrote: >>> Hi all, Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture The idea of the above is to automatically create APIs from the deployed web apps in AS and publish them into the API Publisher. Publishing APIs automatically makes it easier for webapp developers on Tomcat to use APIM easier. Right now, the users has to manually create Managed APIs for their REST-ful web apps. As part of this effort, the API gateway will be included within Tomcat based AS itself. This is used to validate whether the request from that end user have permission to access that API. So the AS will have an integrated API gateway to validate. The api everywhere for AS 6.0 have 3 main components, 1. API Scanner 2. API Creator 3. Integrated API gateway API Scanner component will scan the deployed web app and create APIs. In web app deployment time the API scanner will scan the annotations and configurations and generate APIs and API informations. API Creator will publish the APIs into API Publisher. For that user have to provide the “clientId” and “clientSecret” of OAuth 2.0. Access token will be request from the APIM Key manager. Then using that access token the generated APIs will be published into APIM. The API will be in the “CREATED” state, the webapp developers can edit and publish as their wish. API Creator will be a running on new thread to reduce the web app startup time. Integrated API gateway will intercept the request into AS. The access token of the request will be validated with APIM key manager. If the token have the right to access the web app, the request will be passed or otherwise an exception will be thrown to the end user. Until now implementation of API Scanner and API Creator are completed and working PoC is available. We have to decide which information we are going to publish into the API publisher. There are some items like tags, business information and etc which are not compulsory when creating APIs. [image: Inline image 1] -- K.Senthalan, Software Engineering Intern, WSO2 Inc. Tel: +94771877466 Email: senthalank...@cse.mrt.ac.lk ___ Architecture mailing list
Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0
What is the value of using integrated API gateway instead of the APIM gateway ? Is the Integrated API gateway doing more than OAuth authorization (Eg: throttling)? On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingamwrote: > Hi Ayyoob, > > Thanks for your feedback. > > We have a working PoC[1] for API Scanner and Creator. I will go through > this extension and try to improve my implementation. > For the Gateway part we have planed to use tomcat valve. But we can look > into the possible options and come with a better solution. > > We are using reflections[2] library to scan annotation. This library > provide facility to scan custom annotations, param annotations and return > type. So creating documentation can be supported. > > [1] https://github.com/senthalan/product-as/tree/api-everywhere-as > [2] https://github.com/ronmamo/reflections > > Thanks and regards > K.Senthalan > > On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza wrote: > >> Hi Senthalan, >> >> We currently have this capability in EMM/IoTS. However API creator part >> is tightly coupled with api manager features. >> >> [1] API Scanner and Creator : https://github.com/wso2/carb >> on-device-mgt/tree/master/components/apimgt-extensions/org. >> wso2.carbon.apimgt.webapp.publisher >> [2] Gateway: This either can use api manager gateway and do a JWT >> validation or Use the tomcat valve and do the authorization as you >> described - https://github.com/wso2/carbon-device-mgt/tree/master/compon >> ents/webapp-authenticator-framework/org.wso2.carbon. >> webapp.authenticator.framework. >> >> Just wanted to add some other features that we can support as a future >> requirement is to support swagger annotation. Which is to read and publish >> along with the api. This way we could create the documentation in store. >> >> Thanks, >> Ayyoob >> >> *Ayyoob Hamza* >> *Software Engineer* >> WSO2 Inc.; http://wso2.com >> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> >> >> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam < >> sentha...@wso2.com> wrote: >> >>> Hi all, >>> >>> Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture >>> >>> The idea of the above is to automatically create APIs from the deployed >>> web apps in AS and publish them into the API Publisher. Publishing APIs >>> automatically makes it easier for webapp developers on Tomcat to use APIM >>> easier. Right now, the users has to manually create Managed APIs for their >>> REST-ful web apps. >>> >>> As part of this effort, the API gateway will be included within Tomcat >>> based AS itself. This is used to validate whether the request from that end >>> user have permission to access that API. So the AS will have an integrated >>> API gateway to validate. >>> >>> The api everywhere for AS 6.0 have 3 main components, >>> >>>1. >>> >>>API Scanner >>>2. >>> >>>API Creator >>>3. >>> >>>Integrated API gateway >>> >>> >>> API Scanner component will scan the deployed web app and create APIs. In >>> web app deployment time the API scanner will scan the annotations and >>> configurations and generate APIs and API informations. >>> >>> API Creator will publish the APIs into API Publisher. For that user have >>> to provide the “clientId” and “clientSecret” of OAuth 2.0. Access token >>> will be request from the APIM Key manager. Then using that access token the >>> generated APIs will be published into APIM. The API will be in the >>> “CREATED” state, the webapp developers can edit and publish as their wish. >>> API Creator will be a running on new thread to reduce the web app startup >>> time. >>> >>> Integrated API gateway will intercept the request into AS. The access >>> token of the request will be validated with APIM key manager. If the token >>> have the right to access the web app, the request will be passed or >>> otherwise an exception will be thrown to the end user. >>> >>> >>> Until now implementation of API Scanner and API Creator are completed >>> and working PoC is available. >>> >>> We have to decide which information we are going to publish into the API >>> publisher. There are some items like tags, business information and etc >>> which are not compulsory when creating APIs. >>> >>> >>> [image: Inline image 1] >>> >>> -- >>> K.Senthalan, >>> Software Engineering Intern, >>> WSO2 Inc. >>> Tel: +94771877466 >>> Email: senthalank...@cse.mrt.ac.lk >>> >>> ___ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> ___ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > K.Senthalan, > Software Engineering Intern, > WSO2 Inc. > Tel: +94771877466 > Email: senthalank...@cse.mrt.ac.lk > > ___ > Architecture
Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0
Hi Ayyoob, Thanks for your feedback. We have a working PoC[1] for API Scanner and Creator. I will go through this extension and try to improve my implementation. For the Gateway part we have planed to use tomcat valve. But we can look into the possible options and come with a better solution. We are using reflections[2] library to scan annotation. This library provide facility to scan custom annotations, param annotations and return type. So creating documentation can be supported. [1] https://github.com/senthalan/product-as/tree/api-everywhere-as [2] https://github.com/ronmamo/reflections Thanks and regards K.Senthalan On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamzawrote: > Hi Senthalan, > > We currently have this capability in EMM/IoTS. However API creator part is > tightly coupled with api manager features. > > [1] API Scanner and Creator : https://github.com/wso2/ > carbon-device-mgt/tree/master/components/apimgt-extensions/ > org.wso2.carbon.apimgt.webapp.publisher > [2] Gateway: This either can use api manager gateway and do a JWT > validation or Use the tomcat valve and do the authorization as you > described - https://github.com/wso2/carbon-device-mgt/tree/master/ > components/webapp-authenticator-framework/org.wso2.carbon.webapp. > authenticator.framework. > > Just wanted to add some other features that we can support as a future > requirement is to support swagger annotation. Which is to read and publish > along with the api. This way we could create the documentation in store. > > Thanks, > Ayyoob > > *Ayyoob Hamza* > *Software Engineer* > WSO2 Inc.; http://wso2.com > email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> > > On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam < > sentha...@wso2.com> wrote: > >> Hi all, >> >> Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture >> >> The idea of the above is to automatically create APIs from the deployed >> web apps in AS and publish them into the API Publisher. Publishing APIs >> automatically makes it easier for webapp developers on Tomcat to use APIM >> easier. Right now, the users has to manually create Managed APIs for their >> REST-ful web apps. >> >> As part of this effort, the API gateway will be included within Tomcat >> based AS itself. This is used to validate whether the request from that end >> user have permission to access that API. So the AS will have an integrated >> API gateway to validate. >> >> The api everywhere for AS 6.0 have 3 main components, >> >>1. >> >>API Scanner >>2. >> >>API Creator >>3. >> >>Integrated API gateway >> >> >> API Scanner component will scan the deployed web app and create APIs. In >> web app deployment time the API scanner will scan the annotations and >> configurations and generate APIs and API informations. >> >> API Creator will publish the APIs into API Publisher. For that user have >> to provide the “clientId” and “clientSecret” of OAuth 2.0. Access token >> will be request from the APIM Key manager. Then using that access token the >> generated APIs will be published into APIM. The API will be in the >> “CREATED” state, the webapp developers can edit and publish as their wish. >> API Creator will be a running on new thread to reduce the web app startup >> time. >> >> Integrated API gateway will intercept the request into AS. The access >> token of the request will be validated with APIM key manager. If the token >> have the right to access the web app, the request will be passed or >> otherwise an exception will be thrown to the end user. >> >> >> Until now implementation of API Scanner and API Creator are completed and >> working PoC is available. >> >> We have to decide which information we are going to publish into the API >> publisher. There are some items like tags, business information and etc >> which are not compulsory when creating APIs. >> >> >> [image: Inline image 1] >> >> -- >> K.Senthalan, >> Software Engineering Intern, >> WSO2 Inc. >> Tel: +94771877466 >> Email: senthalank...@cse.mrt.ac.lk >> >> ___ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > ___ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- K.Senthalan, Software Engineering Intern, WSO2 Inc. Tel: +94771877466 Email: senthalank...@cse.mrt.ac.lk ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0
Hi Senthalan, We currently have this capability in EMM/IoTS. However API creator part is tightly coupled with api manager features. [1] API Scanner and Creator : https://github.com/wso2/carbon-device-mgt/tree/master/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher [2] Gateway: This either can use api manager gateway and do a JWT validation or Use the tomcat valve and do the authorization as you described - https://github.com/wso2/carbon-device-mgt/tree/master/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework . Just wanted to add some other features that we can support as a future requirement is to support swagger annotation. Which is to read and publish along with the api. This way we could create the documentation in store. Thanks, Ayyoob *Ayyoob Hamza* *Software Engineer* WSO2 Inc.; http://wso2.com email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingamwrote: > Hi all, > > Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture > > The idea of the above is to automatically create APIs from the deployed > web apps in AS and publish them into the API Publisher. Publishing APIs > automatically makes it easier for webapp developers on Tomcat to use APIM > easier. Right now, the users has to manually create Managed APIs for their > REST-ful web apps. > > As part of this effort, the API gateway will be included within Tomcat > based AS itself. This is used to validate whether the request from that end > user have permission to access that API. So the AS will have an integrated > API gateway to validate. > > The api everywhere for AS 6.0 have 3 main components, > >1. > >API Scanner >2. > >API Creator >3. > >Integrated API gateway > > > API Scanner component will scan the deployed web app and create APIs. In > web app deployment time the API scanner will scan the annotations and > configurations and generate APIs and API informations. > > API Creator will publish the APIs into API Publisher. For that user have > to provide the “clientId” and “clientSecret” of OAuth 2.0. Access token > will be request from the APIM Key manager. Then using that access token the > generated APIs will be published into APIM. The API will be in the > “CREATED” state, the webapp developers can edit and publish as their wish. > API Creator will be a running on new thread to reduce the web app startup > time. > > Integrated API gateway will intercept the request into AS. The access > token of the request will be validated with APIM key manager. If the token > have the right to access the web app, the request will be passed or > otherwise an exception will be thrown to the end user. > > > Until now implementation of API Scanner and API Creator are completed and > working PoC is available. > > We have to decide which information we are going to publish into the API > publisher. There are some items like tags, business information and etc > which are not compulsory when creating APIs. > > > [image: Inline image 1] > > -- > K.Senthalan, > Software Engineering Intern, > WSO2 Inc. > Tel: +94771877466 > Email: senthalank...@cse.mrt.ac.lk > > ___ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture