Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0

[Ayyoob Hamza]

Hi Senthalan,

For api publishing you have suggested that the api creator needs to create
an OAuth app and configure that with the server. Cant we make it more
 seamless integration by only configuring a user and call the dynamic
client registration endpoint to create an app.

In addition I am having a doubt cant we implement above capability to the
already existing code(Publishing the api through the rest api). Since in
[1][2] we already have the support for api scanning using annotation,
publishing and support for using Integrated gateway or api manager as
gateway. The only difference I see from your architecture is the creator
part. It would be great if we could maintain only one feature for this.

[1]  https://github.com/wso2/carbon-device-mgt/tree/master/compo
nents/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher
[2] https://github.com/wso2/carbon-device-mgt/tree/master/compon
ents/webapp-authenticator-framework/org.wso2.carbon.
webapp.authenticator.framework.

*Ayyoob Hamza*
*Software Engineer*
WSO2 Inc.; http://wso2.com
email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0

[Senthalan Kanagalingam]

In Publisher the API developers creates APIs and and publish them into
Store.
In Store the end users can subscribe those APIs and use them.

According to this scenario, there is no use case for API Store. Because we
are going to automatically create APIs of the deployed web apps in API
publisher. Then the user can publish that API into API Store. Because we
have to give chance to user to set-up/ edit specializations before
publishing it to the Store.

On Wed, Sep 21, 2016 at 3:30 PM, Nuwan Dias  wrote:

> Can you explain the role of the Publisher and Store? Why do we push the
> API to the publisher? Are we going to use the Store in any use-case?
>
> On Wed, Sep 21, 2016 at 3:15 PM, Senthalan Kanagalingam <
> sentha...@wso2.com> wrote:
>
>> Yes, When the end user using APIs from the Application server the
>> integrated gateway will take care of authorization. It will only use the
>> key manager of API Manager to validate.
>>
>> On Wed, Sep 21, 2016 at 3:04 PM, Nuwan Dias  wrote:
>>
>>> But in that case the Gateway component in the API Manager is not
>>> required isn't it?
>>>
>>> On Wed, Sep 21, 2016 at 2:37 PM, Senthalan Kanagalingam <
>>> sentha...@wso2.com> wrote:
>>>
 Hi Ajanthan,

 The integrated API gateway is doing only the OAuth authorization. But
 the idea of the integrated API gateway is to provide API Management
 capabilities without another network hop.

 Thanks and regards,
 Senthalan

 On Tue, Sep 20, 2016 at 11:36 PM, Ajanthan Balachandran <
 ajant...@wso2.com> wrote:

> What is the value of using integrated API gateway  instead of the APIM
> gateway ?
> Is the Integrated API gateway doing more than OAuth authorization (Eg:
> throttling)?
>
> On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam <
> sentha...@wso2.com> wrote:
>
>> Hi Ayyoob,
>>
>> Thanks for your feedback.
>>
>> We have a working PoC[1] for API Scanner and Creator. I will go
>> through this extension and try to improve my implementation.
>> For the Gateway part we have planed to use tomcat valve. But we can
>> look into the possible options and come with a better solution.
>>
>> We are using reflections[2] library to scan annotation. This library
>> provide facility to scan custom annotations, param annotations and return
>> type. So creating documentation can be supported.
>>
>> [1] https://github.com/senthalan/product-as/tree/api-everywhere-as
>> [2] https://github.com/ronmamo/reflections
>>
>> Thanks and regards
>> K.Senthalan
>>
>> On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza 
>> wrote:
>>
>>> Hi Senthalan,
>>>
>>> We currently have this capability in EMM/IoTS. However API creator
>>> part is tightly coupled with api manager features.
>>>
>>> [1] API Scanner and Creator : https://github.com/wso2/carb
>>> on-device-mgt/tree/master/components/apimgt-extensions/org.w
>>> so2.carbon.apimgt.webapp.publisher
>>> [2] Gateway: This either can use api manager gateway and do a JWT
>>> validation or Use the tomcat valve and do the authorization as you
>>> described - https://github.com/wso2/carbon
>>> -device-mgt/tree/master/components/webapp-authenticator-fram
>>> ework/org.wso2.carbon.webapp.authenticator.framework.
>>>
>>> Just wanted to add some other features that we can support as a
>>> future requirement is to support swagger annotation. Which is to read 
>>> and
>>> publish along with the api. This way we could create the documentation 
>>> in
>>> store.
>>>
>>> Thanks,
>>> Ayyoob
>>>
>>> *Ayyoob Hamza*
>>> *Software Engineer*
>>> WSO2 Inc.; http://wso2.com
>>> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>>>
>>> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam <
>>> sentha...@wso2.com> wrote:
>>>
 Hi all,

 Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture

 The idea of the above is to automatically create APIs from the
 deployed web apps in AS and publish them into the API Publisher. 
 Publishing
 APIs automatically makes it easier for webapp developers on Tomcat to 
 use
 APIM easier. Right now, the users has to manually create Managed APIs 
 for
 their REST-ful web apps.

 As part of this effort, the API gateway will be included within
 Tomcat based AS itself. This is used to validate whether the request 
 from
 that end user have permission to access that API. So the AS will have 
 an
 integrated API gateway to validate.

 The api everywhere for AS 6.0 have 3 main components,

1.

API Scanner
2.

   

Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0

[Nuwan Dias]

Can you explain the role of the Publisher and Store? Why do we push the API
to the publisher? Are we going to use the Store in any use-case?

On Wed, Sep 21, 2016 at 3:15 PM, Senthalan Kanagalingam 
wrote:

> Yes, When the end user using APIs from the Application server the
> integrated gateway will take care of authorization. It will only use the
> key manager of API Manager to validate.
>
> On Wed, Sep 21, 2016 at 3:04 PM, Nuwan Dias  wrote:
>
>> But in that case the Gateway component in the API Manager is not required
>> isn't it?
>>
>> On Wed, Sep 21, 2016 at 2:37 PM, Senthalan Kanagalingam <
>> sentha...@wso2.com> wrote:
>>
>>> Hi Ajanthan,
>>>
>>> The integrated API gateway is doing only the OAuth authorization. But
>>> the idea of the integrated API gateway is to provide API Management
>>> capabilities without another network hop.
>>>
>>> Thanks and regards,
>>> Senthalan
>>>
>>> On Tue, Sep 20, 2016 at 11:36 PM, Ajanthan Balachandran <
>>> ajant...@wso2.com> wrote:
>>>
 What is the value of using integrated API gateway  instead of the APIM
 gateway ?
 Is the Integrated API gateway doing more than OAuth authorization (Eg:
 throttling)?

 On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam <
 sentha...@wso2.com> wrote:

> Hi Ayyoob,
>
> Thanks for your feedback.
>
> We have a working PoC[1] for API Scanner and Creator. I will go
> through this extension and try to improve my implementation.
> For the Gateway part we have planed to use tomcat valve. But we can
> look into the possible options and come with a better solution.
>
> We are using reflections[2] library to scan annotation. This library
> provide facility to scan custom annotations, param annotations and return
> type. So creating documentation can be supported.
>
> [1] https://github.com/senthalan/product-as/tree/api-everywhere-as
> [2] https://github.com/ronmamo/reflections
>
> Thanks and regards
> K.Senthalan
>
> On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza 
> wrote:
>
>> Hi Senthalan,
>>
>> We currently have this capability in EMM/IoTS. However API creator
>> part is tightly coupled with api manager features.
>>
>> [1] API Scanner and Creator : https://github.com/wso2/carb
>> on-device-mgt/tree/master/components/apimgt-extensions/org.w
>> so2.carbon.apimgt.webapp.publisher
>> [2] Gateway: This either can use api manager gateway and do a JWT
>> validation or Use the tomcat valve and do the authorization as you
>> described - https://github.com/wso2/carbon
>> -device-mgt/tree/master/components/webapp-authenticator-fram
>> ework/org.wso2.carbon.webapp.authenticator.framework.
>>
>> Just wanted to add some other features that we can support as a
>> future requirement is to support swagger annotation. Which is to read and
>> publish along with the api. This way we could create the documentation in
>> store.
>>
>> Thanks,
>> Ayyoob
>>
>> *Ayyoob Hamza*
>> *Software Engineer*
>> WSO2 Inc.; http://wso2.com
>> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>>
>> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam <
>> sentha...@wso2.com> wrote:
>>
>>> Hi all,
>>>
>>> Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture
>>>
>>> The idea of the above is to automatically create APIs from the
>>> deployed web apps in AS and publish them into the API Publisher. 
>>> Publishing
>>> APIs automatically makes it easier for webapp developers on Tomcat to 
>>> use
>>> APIM easier. Right now, the users has to manually create Managed APIs 
>>> for
>>> their REST-ful web apps.
>>>
>>> As part of this effort, the API gateway will be included within
>>> Tomcat based AS itself. This is used to validate whether the request 
>>> from
>>> that end user have permission to access that API. So the AS will have an
>>> integrated API gateway to validate.
>>>
>>> The api everywhere for AS 6.0 have 3 main components,
>>>
>>>1.
>>>
>>>API Scanner
>>>2.
>>>
>>>API Creator
>>>3.
>>>
>>>Integrated API gateway
>>>
>>>
>>> API Scanner component will scan the deployed web app and create
>>> APIs. In web app deployment time the API scanner will scan the 
>>> annotations
>>> and configurations and generate APIs and API informations.
>>>
>>> API Creator will publish the APIs into API Publisher. For that user
>>> have to provide the “clientId” and “clientSecret” of OAuth 2.0. Access
>>> token will be request from the APIM Key manager. Then using that access
>>> token the generated APIs will be published into APIM. The API will be in
>>> the “CREATED” state, the 

Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0

[Senthalan Kanagalingam]

Yes, When the end user using APIs from the Application server the
integrated gateway will take care of authorization. It will only use the
key manager of API Manager to validate.

On Wed, Sep 21, 2016 at 3:04 PM, Nuwan Dias  wrote:

> But in that case the Gateway component in the API Manager is not required
> isn't it?
>
> On Wed, Sep 21, 2016 at 2:37 PM, Senthalan Kanagalingam <
> sentha...@wso2.com> wrote:
>
>> Hi Ajanthan,
>>
>> The integrated API gateway is doing only the OAuth authorization. But the
>> idea of the integrated API gateway is to provide API Management
>> capabilities without another network hop.
>>
>> Thanks and regards,
>> Senthalan
>>
>> On Tue, Sep 20, 2016 at 11:36 PM, Ajanthan Balachandran <
>> ajant...@wso2.com> wrote:
>>
>>> What is the value of using integrated API gateway  instead of the APIM
>>> gateway ?
>>> Is the Integrated API gateway doing more than OAuth authorization (Eg:
>>> throttling)?
>>>
>>> On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam <
>>> sentha...@wso2.com> wrote:
>>>
 Hi Ayyoob,

 Thanks for your feedback.

 We have a working PoC[1] for API Scanner and Creator. I will go
 through this extension and try to improve my implementation.
 For the Gateway part we have planed to use tomcat valve. But we can
 look into the possible options and come with a better solution.

 We are using reflections[2] library to scan annotation. This library
 provide facility to scan custom annotations, param annotations and return
 type. So creating documentation can be supported.

 [1] https://github.com/senthalan/product-as/tree/api-everywhere-as
 [2] https://github.com/ronmamo/reflections

 Thanks and regards
 K.Senthalan

 On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza  wrote:

> Hi Senthalan,
>
> We currently have this capability in EMM/IoTS. However API creator
> part is tightly coupled with api manager features.
>
> [1] API Scanner and Creator : https://github.com/wso2/carb
> on-device-mgt/tree/master/components/apimgt-extensions/org.w
> so2.carbon.apimgt.webapp.publisher
> [2] Gateway: This either can use api manager gateway and do a JWT
> validation or Use the tomcat valve and do the authorization as you
> described - https://github.com/wso2/carbon
> -device-mgt/tree/master/components/webapp-authenticator-fram
> ework/org.wso2.carbon.webapp.authenticator.framework.
>
> Just wanted to add some other features that we can support as a future
> requirement is to support swagger annotation. Which is to read and publish
> along with the api. This way we could create the documentation in store.
>
> Thanks,
> Ayyoob
>
> *Ayyoob Hamza*
> *Software Engineer*
> WSO2 Inc.; http://wso2.com
> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>
> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam <
> sentha...@wso2.com> wrote:
>
>> Hi all,
>>
>> Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture
>>
>> The idea of the above is to automatically create APIs from the
>> deployed web apps in AS and publish them into the API Publisher. 
>> Publishing
>> APIs automatically makes it easier for webapp developers on Tomcat to use
>> APIM easier. Right now, the users has to manually create Managed APIs for
>> their REST-ful web apps.
>>
>> As part of this effort, the API gateway will be included within
>> Tomcat based AS itself. This is used to validate whether the request from
>> that end user have permission to access that API. So the AS will have an
>> integrated API gateway to validate.
>>
>> The api everywhere for AS 6.0 have 3 main components,
>>
>>1.
>>
>>API Scanner
>>2.
>>
>>API Creator
>>3.
>>
>>Integrated API gateway
>>
>>
>> API Scanner component will scan the deployed web app and create APIs.
>> In web app deployment time the API scanner will scan the annotations and
>> configurations and generate APIs and API informations.
>>
>> API Creator will publish the APIs into API Publisher. For that user
>> have to provide the “clientId” and “clientSecret” of OAuth 2.0. Access
>> token will be request from the APIM Key manager. Then using that access
>> token the generated APIs will be published into APIM. The API will be in
>> the “CREATED” state, the webapp developers can edit and publish as their
>> wish. API Creator will be a running on new thread to reduce the web app
>> startup time.
>>
>> Integrated API gateway will intercept the request into AS. The access
>> token of the request will be validated with APIM key manager. If the 
>> token
>> have the right to access the web app, the request will be passed or

Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0

[Nuwan Dias]

But in that case the Gateway component in the API Manager is not required
isn't it?

On Wed, Sep 21, 2016 at 2:37 PM, Senthalan Kanagalingam 
wrote:

> Hi Ajanthan,
>
> The integrated API gateway is doing only the OAuth authorization. But the
> idea of the integrated API gateway is to provide API Management
> capabilities without another network hop.
>
> Thanks and regards,
> Senthalan
>
> On Tue, Sep 20, 2016 at 11:36 PM, Ajanthan Balachandran  > wrote:
>
>> What is the value of using integrated API gateway  instead of the APIM
>> gateway ?
>> Is the Integrated API gateway doing more than OAuth authorization (Eg:
>> throttling)?
>>
>> On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam <
>> sentha...@wso2.com> wrote:
>>
>>> Hi Ayyoob,
>>>
>>> Thanks for your feedback.
>>>
>>> We have a working PoC[1] for API Scanner and Creator. I will go through
>>> this extension and try to improve my implementation.
>>> For the Gateway part we have planed to use tomcat valve. But we can look
>>> into the possible options and come with a better solution.
>>>
>>> We are using reflections[2] library to scan annotation. This library
>>> provide facility to scan custom annotations, param annotations and return
>>> type. So creating documentation can be supported.
>>>
>>> [1] https://github.com/senthalan/product-as/tree/api-everywhere-as
>>> [2] https://github.com/ronmamo/reflections
>>>
>>> Thanks and regards
>>> K.Senthalan
>>>
>>> On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza  wrote:
>>>
 Hi Senthalan,

 We currently have this capability in EMM/IoTS. However API creator part
 is tightly coupled with api manager features.

 [1] API Scanner and Creator : https://github.com/wso2/carb
 on-device-mgt/tree/master/components/apimgt-extensions/org.w
 so2.carbon.apimgt.webapp.publisher
 [2] Gateway: This either can use api manager gateway and do a JWT
 validation or Use the tomcat valve and do the authorization as you
 described - https://github.com/wso2/carbon
 -device-mgt/tree/master/components/webapp-authenticator-fram
 ework/org.wso2.carbon.webapp.authenticator.framework.

 Just wanted to add some other features that we can support as a future
 requirement is to support swagger annotation. Which is to read and publish
 along with the api. This way we could create the documentation in store.

 Thanks,
 Ayyoob

 *Ayyoob Hamza*
 *Software Engineer*
 WSO2 Inc.; http://wso2.com
 email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>

 On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam <
 sentha...@wso2.com> wrote:

> Hi all,
>
> Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture
>
> The idea of the above is to automatically create APIs from the
> deployed web apps in AS and publish them into the API Publisher. 
> Publishing
> APIs automatically makes it easier for webapp developers on Tomcat to use
> APIM easier. Right now, the users has to manually create Managed APIs for
> their REST-ful web apps.
>
> As part of this effort, the API gateway will be included within Tomcat
> based AS itself. This is used to validate whether the request from that 
> end
> user have permission to access that API. So the AS will have an integrated
> API gateway to validate.
>
> The api everywhere for AS 6.0 have 3 main components,
>
>1.
>
>API Scanner
>2.
>
>API Creator
>3.
>
>Integrated API gateway
>
>
> API Scanner component will scan the deployed web app and create APIs.
> In web app deployment time the API scanner will scan the annotations and
> configurations and generate APIs and API informations.
>
> API Creator will publish the APIs into API Publisher. For that user
> have to provide the “clientId” and “clientSecret” of OAuth 2.0. Access
> token will be request from the APIM Key manager. Then using that access
> token the generated APIs will be published into APIM. The API will be in
> the “CREATED” state, the webapp developers can edit and publish as their
> wish. API Creator will be a running on new thread to reduce the web app
> startup time.
>
> Integrated API gateway will intercept the request into AS. The access
> token of the request will be validated with APIM key manager. If the token
> have the right to access the web app, the request will be passed or
> otherwise an exception will be thrown to the end user.
>
>
> Until now implementation of API Scanner and API Creator are completed
> and working PoC is available.
>
> We have to decide which information we are going to publish into the
> API publisher. There are some items like tags, business information and 
> etc
>  which are not 

Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0

[Senthalan Kanagalingam]

Hi Ajanthan,

The integrated API gateway is doing only the OAuth authorization. But the
idea of the integrated API gateway is to provide API Management
capabilities without another network hop.

Thanks and regards,
Senthalan

On Tue, Sep 20, 2016 at 11:36 PM, Ajanthan Balachandran 
wrote:

> What is the value of using integrated API gateway  instead of the APIM
> gateway ?
> Is the Integrated API gateway doing more than OAuth authorization (Eg:
> throttling)?
>
> On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam <
> sentha...@wso2.com> wrote:
>
>> Hi Ayyoob,
>>
>> Thanks for your feedback.
>>
>> We have a working PoC[1] for API Scanner and Creator. I will go through
>> this extension and try to improve my implementation.
>> For the Gateway part we have planed to use tomcat valve. But we can look
>> into the possible options and come with a better solution.
>>
>> We are using reflections[2] library to scan annotation. This library
>> provide facility to scan custom annotations, param annotations and return
>> type. So creating documentation can be supported.
>>
>> [1] https://github.com/senthalan/product-as/tree/api-everywhere-as
>> [2] https://github.com/ronmamo/reflections
>>
>> Thanks and regards
>> K.Senthalan
>>
>> On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza  wrote:
>>
>>> Hi Senthalan,
>>>
>>> We currently have this capability in EMM/IoTS. However API creator part
>>> is tightly coupled with api manager features.
>>>
>>> [1] API Scanner and Creator : https://github.com/wso2/carb
>>> on-device-mgt/tree/master/components/apimgt-extensions/org.w
>>> so2.carbon.apimgt.webapp.publisher
>>> [2] Gateway: This either can use api manager gateway and do a JWT
>>> validation or Use the tomcat valve and do the authorization as you
>>> described - https://github.com/wso2/carbon-device-mgt/tree/master/compon
>>> ents/webapp-authenticator-framework/org.wso2.carbon.webapp.
>>> authenticator.framework.
>>>
>>> Just wanted to add some other features that we can support as a future
>>> requirement is to support swagger annotation. Which is to read and publish
>>> along with the api. This way we could create the documentation in store.
>>>
>>> Thanks,
>>> Ayyoob
>>>
>>> *Ayyoob Hamza*
>>> *Software Engineer*
>>> WSO2 Inc.; http://wso2.com
>>> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>>>
>>> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam <
>>> sentha...@wso2.com> wrote:
>>>
 Hi all,

 Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture

 The idea of the above is to automatically create APIs from the deployed
 web apps in AS and publish them into the API Publisher. Publishing APIs
 automatically makes it easier for webapp developers on Tomcat to use APIM
 easier. Right now, the users has to manually create Managed APIs for their
 REST-ful web apps.

 As part of this effort, the API gateway will be included within Tomcat
 based AS itself. This is used to validate whether the request from that end
 user have permission to access that API. So the AS will have an integrated
 API gateway to validate.

 The api everywhere for AS 6.0 have 3 main components,

1.

API Scanner
2.

API Creator
3.

Integrated API gateway


 API Scanner component will scan the deployed web app and create APIs.
 In web app deployment time the API scanner will scan the annotations and
 configurations and generate APIs and API informations.

 API Creator will publish the APIs into API Publisher. For that user
 have to provide the “clientId” and “clientSecret” of OAuth 2.0. Access
 token will be request from the APIM Key manager. Then using that access
 token the generated APIs will be published into APIM. The API will be in
 the “CREATED” state, the webapp developers can edit and publish as their
 wish. API Creator will be a running on new thread to reduce the web app
 startup time.

 Integrated API gateway will intercept the request into AS. The access
 token of the request will be validated with APIM key manager. If the token
 have the right to access the web app, the request will be passed or
 otherwise an exception will be thrown to the end user.


 Until now implementation of API Scanner and API Creator are completed
 and working PoC is available.

 We have to decide which information we are going to publish into the
 API publisher. There are some items like tags, business information and etc
  which are not compulsory when creating APIs.


 [image: Inline image 1]

 --
 K.Senthalan,
 Software Engineering Intern,
 WSO2 Inc.
 Tel: +94771877466
 Email: senthalank...@cse.mrt.ac.lk

 ___
 Architecture mailing list
 

Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0

[Ajanthan Balachandran]

What is the value of using integrated API gateway  instead of the APIM
gateway ?
Is the Integrated API gateway doing more than OAuth authorization (Eg:
throttling)?

On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam 
wrote:

> Hi Ayyoob,
>
> Thanks for your feedback.
>
> We have a working PoC[1] for API Scanner and Creator. I will go through
> this extension and try to improve my implementation.
> For the Gateway part we have planed to use tomcat valve. But we can look
> into the possible options and come with a better solution.
>
> We are using reflections[2] library to scan annotation. This library
> provide facility to scan custom annotations, param annotations and return
> type. So creating documentation can be supported.
>
> [1] https://github.com/senthalan/product-as/tree/api-everywhere-as
> [2] https://github.com/ronmamo/reflections
>
> Thanks and regards
> K.Senthalan
>
> On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza  wrote:
>
>> Hi Senthalan,
>>
>> We currently have this capability in EMM/IoTS. However API creator part
>> is tightly coupled with api manager features.
>>
>> [1] API Scanner and Creator : https://github.com/wso2/carb
>> on-device-mgt/tree/master/components/apimgt-extensions/org.
>> wso2.carbon.apimgt.webapp.publisher
>> [2] Gateway: This either can use api manager gateway and do a JWT
>> validation or Use the tomcat valve and do the authorization as you
>> described - https://github.com/wso2/carbon-device-mgt/tree/master/compon
>> ents/webapp-authenticator-framework/org.wso2.carbon.
>> webapp.authenticator.framework.
>>
>> Just wanted to add some other features that we can support as a future
>> requirement is to support swagger annotation. Which is to read and publish
>> along with the api. This way we could create the documentation in store.
>>
>> Thanks,
>> Ayyoob
>>
>> *Ayyoob Hamza*
>> *Software Engineer*
>> WSO2 Inc.; http://wso2.com
>> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>>
>> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam <
>> sentha...@wso2.com> wrote:
>>
>>> Hi all,
>>>
>>> Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture
>>>
>>> The idea of the above is to automatically create APIs from the deployed
>>> web apps in AS and publish them into the API Publisher. Publishing APIs
>>> automatically makes it easier for webapp developers on Tomcat to use APIM
>>> easier. Right now, the users has to manually create Managed APIs for their
>>> REST-ful web apps.
>>>
>>> As part of this effort, the API gateway will be included within Tomcat
>>> based AS itself. This is used to validate whether the request from that end
>>> user have permission to access that API. So the AS will have an integrated
>>> API gateway to validate.
>>>
>>> The api everywhere for AS 6.0 have 3 main components,
>>>
>>>1.
>>>
>>>API Scanner
>>>2.
>>>
>>>API Creator
>>>3.
>>>
>>>Integrated API gateway
>>>
>>>
>>> API Scanner component will scan the deployed web app and create APIs. In
>>> web app deployment time the API scanner will scan the annotations and
>>> configurations and generate APIs and API informations.
>>>
>>> API Creator will publish the APIs into API Publisher. For that user have
>>> to provide the “clientId” and “clientSecret” of OAuth 2.0. Access token
>>> will be request from the APIM Key manager. Then using that access token the
>>> generated APIs will be published into APIM. The API will be in the
>>> “CREATED” state, the webapp developers can edit and publish as their wish.
>>> API Creator will be a running on new thread to reduce the web app startup
>>> time.
>>>
>>> Integrated API gateway will intercept the request into AS. The access
>>> token of the request will be validated with APIM key manager. If the token
>>> have the right to access the web app, the request will be passed or
>>> otherwise an exception will be thrown to the end user.
>>>
>>>
>>> Until now implementation of API Scanner and API Creator are completed
>>> and working PoC is available.
>>>
>>> We have to decide which information we are going to publish into the API
>>> publisher. There are some items like tags, business information and etc
>>>  which are not compulsory when creating APIs.
>>>
>>>
>>> [image: Inline image 1]
>>>
>>> --
>>> K.Senthalan,
>>> Software Engineering Intern,
>>> WSO2 Inc.
>>> Tel: +94771877466
>>> Email: senthalank...@cse.mrt.ac.lk
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> K.Senthalan,
> Software Engineering Intern,
> WSO2 Inc.
> Tel: +94771877466
> Email: senthalank...@cse.mrt.ac.lk
>
> ___
> Architecture 

Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0

[Senthalan Kanagalingam]

Hi Ayyoob,

Thanks for your feedback.

We have a working PoC[1] for API Scanner and Creator. I will go through
this extension and try to improve my implementation.
For the Gateway part we have planed to use tomcat valve. But we can look
into the possible options and come with a better solution.

We are using reflections[2] library to scan annotation. This library
provide facility to scan custom annotations, param annotations and return
type. So creating documentation can be supported.

[1] https://github.com/senthalan/product-as/tree/api-everywhere-as
[2] https://github.com/ronmamo/reflections

Thanks and regards
K.Senthalan

On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza  wrote:

> Hi Senthalan,
>
> We currently have this capability in EMM/IoTS. However API creator part is
> tightly coupled with api manager features.
>
> [1] API Scanner and Creator : https://github.com/wso2/
> carbon-device-mgt/tree/master/components/apimgt-extensions/
> org.wso2.carbon.apimgt.webapp.publisher
> [2] Gateway: This either can use api manager gateway and do a JWT
> validation or Use the tomcat valve and do the authorization as you
> described - https://github.com/wso2/carbon-device-mgt/tree/master/
> components/webapp-authenticator-framework/org.wso2.carbon.webapp.
> authenticator.framework.
>
> Just wanted to add some other features that we can support as a future
> requirement is to support swagger annotation. Which is to read and publish
> along with the api. This way we could create the documentation in store.
>
> Thanks,
> Ayyoob
>
> *Ayyoob Hamza*
> *Software Engineer*
> WSO2 Inc.; http://wso2.com
> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>
> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam <
> sentha...@wso2.com> wrote:
>
>> Hi all,
>>
>> Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture
>>
>> The idea of the above is to automatically create APIs from the deployed
>> web apps in AS and publish them into the API Publisher. Publishing APIs
>> automatically makes it easier for webapp developers on Tomcat to use APIM
>> easier. Right now, the users has to manually create Managed APIs for their
>> REST-ful web apps.
>>
>> As part of this effort, the API gateway will be included within Tomcat
>> based AS itself. This is used to validate whether the request from that end
>> user have permission to access that API. So the AS will have an integrated
>> API gateway to validate.
>>
>> The api everywhere for AS 6.0 have 3 main components,
>>
>>1.
>>
>>API Scanner
>>2.
>>
>>API Creator
>>3.
>>
>>Integrated API gateway
>>
>>
>> API Scanner component will scan the deployed web app and create APIs. In
>> web app deployment time the API scanner will scan the annotations and
>> configurations and generate APIs and API informations.
>>
>> API Creator will publish the APIs into API Publisher. For that user have
>> to provide the “clientId” and “clientSecret” of OAuth 2.0. Access token
>> will be request from the APIM Key manager. Then using that access token the
>> generated APIs will be published into APIM. The API will be in the
>> “CREATED” state, the webapp developers can edit and publish as their wish.
>> API Creator will be a running on new thread to reduce the web app startup
>> time.
>>
>> Integrated API gateway will intercept the request into AS. The access
>> token of the request will be validated with APIM key manager. If the token
>> have the right to access the web app, the request will be passed or
>> otherwise an exception will be thrown to the end user.
>>
>>
>> Until now implementation of API Scanner and API Creator are completed and
>> working PoC is available.
>>
>> We have to decide which information we are going to publish into the API
>> publisher. There are some items like tags, business information and etc
>>  which are not compulsory when creating APIs.
>>
>>
>> [image: Inline image 1]
>>
>> --
>> K.Senthalan,
>> Software Engineering Intern,
>> WSO2 Inc.
>> Tel: +94771877466
>> Email: senthalank...@cse.mrt.ac.lk
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
K.Senthalan,
Software Engineering Intern,
WSO2 Inc.
Tel: +94771877466
Email: senthalank...@cse.mrt.ac.lk
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0

[Ayyoob Hamza]

Hi Senthalan,

We currently have this capability in EMM/IoTS. However API creator part is
tightly coupled with api manager features.

[1] API Scanner and Creator :
https://github.com/wso2/carbon-device-mgt/tree/master/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher
[2] Gateway: This either can use api manager gateway and do a JWT
validation or Use the tomcat valve and do the authorization as you
described -
https://github.com/wso2/carbon-device-mgt/tree/master/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework
.

Just wanted to add some other features that we can support as a future
requirement is to support swagger annotation. Which is to read and publish
along with the api. This way we could create the documentation in store.

Thanks,
Ayyoob

*Ayyoob Hamza*
*Software Engineer*
WSO2 Inc.; http://wso2.com
email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>

On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam 
wrote:

> Hi all,
>
> Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture
>
> The idea of the above is to automatically create APIs from the deployed
> web apps in AS and publish them into the API Publisher. Publishing APIs
> automatically makes it easier for webapp developers on Tomcat to use APIM
> easier. Right now, the users has to manually create Managed APIs for their
> REST-ful web apps.
>
> As part of this effort, the API gateway will be included within Tomcat
> based AS itself. This is used to validate whether the request from that end
> user have permission to access that API. So the AS will have an integrated
> API gateway to validate.
>
> The api everywhere for AS 6.0 have 3 main components,
>
>1.
>
>API Scanner
>2.
>
>API Creator
>3.
>
>Integrated API gateway
>
>
> API Scanner component will scan the deployed web app and create APIs. In
> web app deployment time the API scanner will scan the annotations and
> configurations and generate APIs and API informations.
>
> API Creator will publish the APIs into API Publisher. For that user have
> to provide the “clientId” and “clientSecret” of OAuth 2.0. Access token
> will be request from the APIM Key manager. Then using that access token the
> generated APIs will be published into APIM. The API will be in the
> “CREATED” state, the webapp developers can edit and publish as their wish.
> API Creator will be a running on new thread to reduce the web app startup
> time.
>
> Integrated API gateway will intercept the request into AS. The access
> token of the request will be validated with APIM key manager. If the token
> have the right to access the web app, the request will be passed or
> otherwise an exception will be thrown to the end user.
>
>
> Until now implementation of API Scanner and API Creator are completed and
> working PoC is available.
>
> We have to decide which information we are going to publish into the API
> publisher. There are some items like tags, business information and etc
>  which are not compulsory when creating APIs.
>
>
> [image: Inline image 1]
>
> --
> K.Senthalan,
> Software Engineering Intern,
> WSO2 Inc.
> Tel: +94771877466
> Email: senthalank...@cse.mrt.ac.lk
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture