Re: [Dev] [New Feature][APIM] Monetization Per Frame on websocket

[Nuwan Dias]

I would really appreciate a concrete use case on this. I'm struggling to
figure out a scenario where someone would monetize the number of frames of
an application. WebSockets are usually used for server side push events.

We have a number of high priority items to deliver which are critical to
the market we want to win. Unless there is a clear demand and clear
use-case for this, it's hard to justify deprioritization of such a feature
for WS monetization over frames. So it would be really helpful if you can
describe the business need for this or even show an existing example of
such.

On Fri, Sep 25, 2020 at 12:35 PM Vanjikumaran Sivajothy 
wrote:

> @Nuwan Dias  @Arshardh Ifthikar ,
> Any comment on this and plan to adopt into the product?
>
> On Tue, Sep 8, 2020 at 11:42 AM Vanjikumaran Sivajothy 
> wrote:
>
>> @Nuwan Dias  there are multiple opportunities there for
>> the API producers who use the WebSocket as their protocol.
>> Few examples I see;
>> 1) Gaming API
>> 2) Documentation APIs
>>
>> On Sat, Sep 5, 2020 at 5:41 AM Nuwan Dias  wrote:
>>
>>> Monetizing websocket APIs for data bandwidth usage would make sense. But
>>> why would one want to set a price per frame?
>>>
>>> On Sat, Sep 5, 2020 at 5:57 PM Vanjikumaran Sivajothy 
>>> wrote:
>>>
>>>> Since the Product has a nessary component to put this together, Can you
>>>> consider this in upcoming version and implement it?
>>>>
>>>> On Tue, Sep 1, 2020 at 10:41 PM Arshardh Ifthikar 
>>>> wrote:
>>>>
>>>>> Yes, events are published to analytics per frame
>>>>>
>>>>> On Wed, Sep 2, 2020 at 11:08 AM Fazlan Nazeem 
>>>>> wrote:
>>>>>
>>>>>> AFAIK we publish an event to Analytics Server per incoming WebSocket
>>>>>> frame. This can be verified by a simple test.
>>>>>>
>>>>>> On Wed, Sep 2, 2020 at 10:53 AM Silmy Hasan  wrote:
>>>>>>
>>>>>>> Hi vanjikumaran,
>>>>>>>
>>>>>>> We make use of analytics to  summarize and persist the request count
>>>>>>> for a certain period of time for an API, as we need an internal storage 
>>>>>>> to
>>>>>>> persist the request counts in order to publish it to the Billing engine
>>>>>>> time to time . So If the data(Request stream) is published to analytics 
>>>>>>> per
>>>>>>> frame for websocket APIs , achieving this should not be a problem. I 
>>>>>>> think
>>>>>>> for web socket APIs,  request stream is published for each frame and if 
>>>>>>> so
>>>>>>> the same peristing and publishing logic could  be used for websocket 
>>>>>>> apis
>>>>>>> and this should be a minimal effort. if not we should find a way to
>>>>>>> internally persist the frame count  for webscoket APIs and write the 
>>>>>>> logic
>>>>>>> and publish it to the billing engine.
>>>>>>> @Fazlan Nazeem  @Rukshan Premathunga
>>>>>>>  @Arshardh Ifthikar   please
>>>>>>> confirm whether streams are published to analytics per frame for 
>>>>>>> Websocket
>>>>>>> APIS.
>>>>>>>
>>>>>>> Also we have had discussions on  whether frame or bandwidth based
>>>>>>> pricing fits web socket apis better. So I think we can check the
>>>>>>> feasibility of implementing it bandwidth wise as well and decide on the
>>>>>>> better option
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Sep 1, 2020 at 9:45 AM Vanjikumaran Sivajothy <
>>>>>>> va...@wso2.com> wrote:
>>>>>>>
>>>>>>>> Any update on this?
>>>>>>>>
>>>>>>>> On Tue, Aug 25, 2020 at 7:10 PM Vanjikumaran Sivajothy <
>>>>>>>> va...@wso2.com> wrote:
>>>>>>>>
>>>>>>>>> Hi Team,
>>>>>>>>>
>>>>>>>>> WSO2 API Manager offers a monetization functionality in the
>>>>>>>>> product and It is working perfectly with HTTP Request-Response for the
>>>>>>>>> dynamic pricing. However, WebSocket endpoints do not work like a 

Re: [Dev] [New Feature][APIM] Monetization Per Frame on websocket

[Nuwan Dias]

Monetizing websocket APIs for data bandwidth usage would make sense. But
why would one want to set a price per frame?

On Sat, Sep 5, 2020 at 5:57 PM Vanjikumaran Sivajothy 
wrote:

> Since the Product has a nessary component to put this together, Can you
> consider this in upcoming version and implement it?
>
> On Tue, Sep 1, 2020 at 10:41 PM Arshardh Ifthikar 
> wrote:
>
>> Yes, events are published to analytics per frame
>>
>> On Wed, Sep 2, 2020 at 11:08 AM Fazlan Nazeem  wrote:
>>
>>> AFAIK we publish an event to Analytics Server per incoming WebSocket
>>> frame. This can be verified by a simple test.
>>>
>>> On Wed, Sep 2, 2020 at 10:53 AM Silmy Hasan  wrote:
>>>
>>>> Hi vanjikumaran,
>>>>
>>>> We make use of analytics to  summarize and persist the request count
>>>> for a certain period of time for an API, as we need an internal storage to
>>>> persist the request counts in order to publish it to the Billing engine
>>>> time to time . So If the data(Request stream) is published to analytics per
>>>> frame for websocket APIs , achieving this should not be a problem. I think
>>>> for web socket APIs,  request stream is published for each frame and if so
>>>> the same peristing and publishing logic could  be used for websocket apis
>>>> and this should be a minimal effort. if not we should find a way to
>>>> internally persist the frame count  for webscoket APIs and write the logic
>>>> and publish it to the billing engine.
>>>> @Fazlan Nazeem  @Rukshan Premathunga
>>>>  @Arshardh Ifthikar   please
>>>> confirm whether streams are published to analytics per frame for Websocket
>>>> APIS.
>>>>
>>>> Also we have had discussions on  whether frame or bandwidth based
>>>> pricing fits web socket apis better. So I think we can check the
>>>> feasibility of implementing it bandwidth wise as well and decide on the
>>>> better option
>>>>
>>>>
>>>>
>>>> On Tue, Sep 1, 2020 at 9:45 AM Vanjikumaran Sivajothy 
>>>> wrote:
>>>>
>>>>> Any update on this?
>>>>>
>>>>> On Tue, Aug 25, 2020 at 7:10 PM Vanjikumaran Sivajothy 
>>>>> wrote:
>>>>>
>>>>>> Hi Team,
>>>>>>
>>>>>> WSO2 API Manager offers a monetization functionality in the product
>>>>>> and It is working perfectly with HTTP Request-Response for the dynamic
>>>>>> pricing. However, WebSocket endpoints do not work like a typical HTTP
>>>>>> request-Response as once the connection is made the
>>>>>> communication happens via frames.
>>>>>>
>>>>>> Therefore, It is ideal to consider to implement the dynamic
>>>>>> pricing option for frame count rather than request count.
>>>>>>
>>>>>>
>>>>>>
>>>>>> https://github.com/wso2/product-apim/issues/9185
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> *Vanjikumaran Sivajothy | Solution Engineer |WSO2 Inc. (m) +1 925 464
>>>>>> 6816 | (e) vanji AT wso2.com <http://wso2.com>*
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Vanjikumaran Sivajothy | Solution Engineer |WSO2 Inc. (m) +1 925 464
>>>>> 6816 | (e) vanji AT wso2.com <http://wso2.com>*
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> Shilmy Hasan
>>>> Software Engineer | WSO2
>>>>
>>>> E-mail :si...@wso2.com
>>>> Phone :0779188653
>>>> web : http://www.wso2.com
>>>>
>>>> [image: https://wso2.com/signature] <https://wso2.com/signature>
>>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Fazlan Nazeem | *Associate Technical Lead | WSO2 Inc
>>> Mobile : +94772338839 | fazl...@wso2.com
>>>
>>>
>>>
>>
>> --
>> *Arshardh Ifthikar*
>> Senior Software Engineer | WSO2 Inc.
>>
>> Email: arsha...@wso2.com
>> Mobile: +94777218551
>> Web: http://wso2.com
>>
>> <http://wso2.com/signature>
>>
>
>
> --
>
> *Vanjikumaran Sivajothy | Solution Engineer |WSO2 Inc. (m) +1 925 464 6816
> | (e) vanji AT wso2.com <http://wso2.com>*
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
*Nuwan Dias* | VP and deputy CTO - API Management and Integration | WSO2
Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [Vote] Release of WSO2 API Manager 3.2.0 RC5

[Nuwan Dias]

I Product
>>>>  - Export an API Product
>>>>  - Generate keys for an API Product
>>>>  - Delete an API Product
>>>>  - List API Products
>>>>
>>>> Testing environment - Ubuntu 20.04 LTS, JDK 1.8.0_251
>>>>
>>>> No blockers found.
>>>>
>>>> *[+] Stable - Go ahead and release.*
>>>>
>>>> Thanks,
>>>> Wasura
>>>>
>>>> On Sat, Aug 15, 2020 at 10:23 AM Mushthaq Rumy 
>>>> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> We are pleased to announce the fifth release candidate of WSO2 API
>>>>> Manager 3.2.0.
>>>>>
>>>>> This release fixes the following issues.
>>>>>
>>>>>- Fixes : product-apim
>>>>>
>>>>> <https://github.com/wso2/product-apim/issues?q=is%3Aissue+is%3Aclosed+closed%3A2020-03-20..2020-08-15>
>>>>>- Fixes : analytics-apim
>>>>><https://github.com/wso2/analytics-apim/milestone/28?closed=1>
>>>>>
>>>>> Source and distribution,
>>>>> Runtime :
>>>>> https://github.com/wso2/product-apim/releases/tag/v3.2.0-rc5
>>>>> Analytics :
>>>>> https://github.com/wso2/analytics-apim/releases/tag/v3.2.0-rc3
>>>>>
>>>>> Documentation : https://apim.docs.wso2.com/en/3.2.0/
>>>>> Migration docs :
>>>>> https://apim.docs.wso2.com/en/3.2.0/install-and-setup/upgrading-wso2-api-manager/upgrading-process/
>>>>>
>>>>> Please download, test the product and vote.
>>>>>
>>>>> [+] Stable - go ahead and release
>>>>> [-] Broken - do not release (explain why)
>>>>>
>>>>> Thanks,
>>>>> WSO2 API Manager Team
>>>>>
>>>>>
>>>>> --
>>>>> Mushthaq Rumy
>>>>> *Associate Technical Lead*
>>>>> Mobile : +94 (0) 779 492140
>>>>> Email : musht...@wso2.com
>>>>> WSO2, Inc.; http://wso2.com/
>>>>> lean . enterprise . middleware.
>>>>>
>>>>> <http://wso2.com/signature>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Wasura Wattearachchi* | Software Engineer | WSO2 Inc.
>>>> (m) +94775396038 | (e) was...@wso2.com | (b) Medium
>>>> <https://medium.com/@wasuradananjith>
>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>
>>>
>>> --
>>> Thanks & Regards
>>>
>>> *Chaminda Jayawardena*
>>> WSO2 Inc. - http://wso2.com
>>> +94-77-7725234
>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>> ___
>>> Architecture mailing list
>>> architect...@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>> ___
>> Architecture mailing list
>> architect...@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>
>
> --
> Saranki Magenthirarajah | Software Engineer | WSO2 Inc.
> (m) +94 770403900 | (e) sara...@wso2.com
> blog: https://medium.com/@m.saranki
> <http://wso2.com/signature>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
*Nuwan Dias* | Senior Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [Vote] Release of WSO2 API Manager 3.2.0 RC2

[Nuwan Dias]

Tested the basic flows for super tenant and tenant users. Tested API test
console on Publisher. No issues identified.

+1 to proceed with release.

On Sat, Aug 8, 2020, 12:25 Arshardh Ifthikar  wrote:

> Hi all,
>
> We are pleased to announce the second release candidate of WSO2 API
> Manager 3.2.0.
>
> This release fixes the following issues.
>
>- Fixes : product-apim
>
> 
>- Fixes : analytics-apim
>
>
> Source and distribution,
> Runtime : https://github.com/wso2/product-apim/releases/tag/v3.2.0-rc2
> Analytics :
> https://github.com/wso2/analytics-apim/releases/tag/v3.2.0-rc2
>
> Documentation : https://apim.docs.wso2.com/en/3.2.0/
> Migration docs :
> https://apim.docs.wso2.com/en/3.2.0/install-and-setup/upgrading-wso2-api-manager/upgrading-process/
>
> Please download, test the product and vote.
>
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> WSO2 API Manager Team
>
> --
> *Arshardh Ifthikar*
> Senior Software Engineer | WSO2 Inc.
>
> Email: arsha...@wso2.com
> Mobile: +94777218551
> Web: http://wso2.com
>
> 
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [Vote] Release of WSO2 API Manager 3.1.0 RC3

[Nuwan Dias]

Tested the basic flows with custom users and the api import functionality
using CTL.

[+] Stable - go ahead and release



On Sun, Mar 22, 2020 at 4:45 PM Sanjula Madurapperuma 
wrote:

> Hi all,
>
> I have tested the following:
>
>- API Security Audit
>- AWS Lambda functions
>- Working with Observability
>
> No blocking issues found.
>
> +1 - Stable - Go ahead and release
>
> Thanks,
> Sanjula
>
> On Sun, Mar 22, 2020 at 4:36 PM Tharindu Dharmarathna 
> wrote:
>
>> Hi All,
>>
>> I have tested the following Databases.
>>
>> 1. Oracle
>> 2. Mysql 5.7
>> 3. Mysql 8
>> 4. Postgresql
>> 5. Oracle
>> 6. MSSQL
>>
>> No issues found.
>> +1 go ahead and Release
>>
>> Thanks
>>
>> On Sat, Mar 21, 2020 at 12:56 AM Krishan Wijesena 
>> wrote:
>>
>>> Hi all,
>>>
>>> We are pleased to announce the third release candidate of WSO2 API
>>> Manager 3.1.0.
>>>
>>> This release fixes the following issues.
>>>
>>>- Fixes : product-apim
>>>
>>> <https://github.com/wso2/product-apim/issues?q=is%3Aissue+is%3Aclosed+closed%3A2019-11-01..2020-03-20+label%3A3.1.0+>
>>>- Fixes : analytics-apim
>>><https://github.com/wso2/analytics-apim/milestone/20?closed=1>
>>>
>>> Source and distribution,
>>> Runtime :
>>> https://github.com/wso2/product-apim/releases/tag/v3.1.0-rc3
>>> Analytics :
>>> https://github.com/wso2/analytics-apim/releases/tag/v3.1.0-rc3
>>>
>>> Please download, test the product and vote.
>>>
>>> [+] Stable - go ahead and release
>>> [-] Broken - do not release (explain why)
>>>
>>> Thanks,
>>> WSO2 API Manager Team
>>>
>>> --
>>>
>>> *Krishan Wijesena*
>>> Senior Software Engineer | WSO2
>>>
>>> Email : krish...@wso2.com
>>> Mobile : +94776219923
>>> WSO2 Inc : http://wso2.com
>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>
>>
>>
>> --
>>
>> *Tharindu Dharmarathna*Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94779109091*
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
> *Sanjula Madurapperuma* | Software Engineering Intern | WSO2 Inc.
> (m) +94 768877766 | (e) sanj...@wso2.com
> <http://wso2.com/signature>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>


-- 
*Nuwan Dias* | Senior Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM] API Categories

[Nuwan Dias]

  
>>> \"**description**\"**:**\"**Finance related APIS**\"\r\n*  *}**\r\n*   
>>> *]**\r\n**}"*,*"summary"*: *"Add a Category"*,*"description"*: 
>>> *"Add a new API Category**\n**"*,*"parameters"*: [  {
>>> *"in"*: *"body"*,*"name"*: *"body"*,*"description"*: 
>>> *"Category object that should to be added**\n**"*,*"required"*: 
>>> *true*,*"schema"*: {  *"$ref"*: *"#/definitions/Category"*  
>>>   }  }],*"tags"*: [  *"Category"*],
>>> *"responses"*: {  *"201"*: {*"description"*: 
>>> *"Created.**\n**Successful response with the newly created object as entity 
>>> in the body.**\n**"*,*"schema"*: {  *"$ref"*: 
>>> *"#/definitions/Category"*}  },  *"400"*: {
>>> *"description"*: *"Bad Request.**\n**Invalid request or validation 
>>> error**\n**"*,*"schema"*: {  *"$ref"*: 
>>> *"#/definitions/Error"*}  }}  }}
>>>
>>> And category and categoryList would be defined as below.
>>>
>>> *"Category"*: {*"title"*: *"Category"*,*"required"*: [  
>>> *"name"*],*"properties"*: {  *"id"*: {*"type"*: 
>>> *"string"*,*"example"*: *"01234567-0123-0123-0123-012345678901"*
>>>   },  *"name"*: {*"type"*: *"string"*,*"example"*: 
>>> *"Finance"*  },  *"description"*: {*"type"*: *"string"*,
>>> *"example"*: *"Finance related APIs"*  }}  },  
>>> *"CategoryList"*: {*"title"*: *"Category List"*,*"properties"*: {   
>>>*"count"*: {*"type"*: *"integer"*,*"description"*: 
>>> *"Number of categories returned.**\n**"*,*"example"*: 1  }, 
>>>  *"list"*: {*"type"*: *"array"*,*"items"*: {  
>>> *"$ref"*: *"#/definitions/Category"*}  }}  }}
>>>
>>> 2. Define a new AM_CATEGORIES table to hold category related details.
>>>
>>> *CREATE TABLE *IF *NOT EXISTS *AM_CATEGORIES (  CATEGORY_ID *VARCHAR*(50),  
>>> NAME *VARCHAR*(255),  DESCRIPTION *VARCHAR*(1024),  TENANT_DOMAIN 
>>> *VARCHAR*(255),  *UNIQUE *(NAME,TENANT_DOMAIN),  *PRIMARY KEY 
>>> *(CATEGORY_ID));
>>>
>>> 3. Publisher UI overview tab(or a suitable place as it fits) will have a
>>> new UI element to select categories for the API. And selecting categories
>>> for an API would be optional.
>>>
>>> 4. API to category mapping will be stored in registry API artifact and
>>> for that following table field would have to be added to api.rxt. (I assume
>>> we are going to support associating a single API with multiple categories)
>>> 
>>> 
>>> Category Name
>>> 
>>> 
>>> categoryName
>>> 
>>>  
>>>
>>> 5. And from store viewing POV, I assume API categories are a
>>> substitution for existing tag-wise grouping feature and that both tag-wise
>>> groups and categories won’t co-exist in the store. Please do correct if my
>>> understanding is wrong.
>>> Once a developer visits the store, he will be presented with the list of
>>> API categories and upon selecting a category out of those, associated APIs
>>> will be listed.
>>> APIs that are not associated with any category will be listed under
>>> other APIs or a similar heading.
>>>
>>> Please feel free to add your suggestions.
>>>
>>> Thanks,
>>> Sachini
>>>
>>> --
>>>
>>> *Sachini De Silva*
>>> Senior Software Engineer - WSO2
>>>
>>> Email : sachi...@wso2.com
>>> Mobile : +94714765495
>>>
>>>
>>
>> --
>> *Bhathiya Jayasekara* | Technical Lead | WSO2 Inc.
>> (m) +94 71 547 8185  | (e) bhathiya-@t-wso2-d0t-com
>>
>>
>>
>
> --
>
> *Sachini De Silva*
> Senior Software Engineer - WSO2
>
> Email : sachi...@wso2.com
> Mobile : +94714765495
>
>

-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [VOTE] Release of WSO2 API Manager 3.0.0 RC3

[Nuwan Dias]

Tried out the API controller (CLI) to import an API and the subscription
and invocation process of it. Works as expected.

[+] Stable - go ahead and release

On Fri, Oct 25, 2019 at 3:52 AM Samitha Chathuranga 
wrote:

> Hi All,
>
> We are pleased to announce the second release candidate of WSO2 API
> Manager 3.0.0.
>
> This release fixes the following issues.
>
>- Fixes : product-apim
>
> <https://github.com/wso2/product-apim/issues?utf8=%E2%9C%93=is%3Aissue+is%3Aclosed+closed%3A2018-09-16..2019-10-24>
>- Fixes : carbon-apimgt
>
> <https://github.com/wso2/carbon-apimgt/issues?utf8=%E2%9C%93=is%3Aissue+is%3Aclosed+closed%3A2018-09-16..2019-10-24+>
>- Fixes : analytics-apim
>
> <https://github.com/wso2/analytics-apim/issues?utf8=%E2%9C%93=is%3Aissue+is%3Aclosed+closed%3A2018-09-16..2019-10-24>
>
> Source and distribution,
> Runtime : https://github.com/wso2/product-apim/releases/tag/v3.0.0-rc3
> Analytics :
> https://github.com/wso2/analytics-apim/releases/tag/v3.0.0-rc3
> APIM Tooling :
> https://github.com/wso2/product-apim-tooling/releases/tag/v3.0.0-rc
>
> Please download, test the product and vote.
>
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> WSO2 API Manager Team
>
>
> --
> *Samitha Chathuranga*
> *Senior Software Engineer*, *WSO2 Inc.*
> lean.enterprise.middleware
> Mobile: +94715123761
>
> [image: http://wso2.com/signature] <http://wso2.com/signature>
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [IAM] Moving File Based Artifacts to Artifact Store

[Nuwan Dias]

; customer who has asked us to support multiple types of storage mechanisms
>>> for artifacts and/or configurations? Where is this requirement coming from?
>>> I've only seen such requirements for user stores. For configurations I feel
>>> this is just over engineering. May be it is a valid requirement for
>>> artifacts? Even if we agree that there are valid reasons to support this
>>> then it has to be supported for all configurations and/or artifacts.
>>>
>>>>
>>>>- There should be a way to identify the repository where the data
>>>>is loaded from. The repository can be the file system, database or any
>>>>other storage mechanism.
>>>>
>>>> It sounds like this can get too complicated.
>>>
>>>>
>>>>- In both the read write operations the enduser should have the
>>>>control to decide the storage mechanism.
>>>>
>>>> Hmm.. this sounds more like a requirement to optimize database read
>>> write performance. Doesn't sound right for artifacts.
>>>
>>>>
>>>>- If the user needs to migrate a userstore from one storage
>>>>mechanism (file system) to another then they can do it via UI.
>>>>
>>>> Again too many options for the user can make the product fragile.
>>>
>>>
>>>> When persisting the data in the database there are two options we can
>>>> use :
>>>>
>>>>- Persist data as a blob
>>>>
>>>> If we persist as blob then we lose the granular control over each
>>> property for validation, transformation, etc.
>>>
>>>>
>>>>- Persists data as key value pair
>>>>
>>>> +1 for this.
>>>
>>>
>>>> If we are to go with the option one then we can persist the file as a
>>>> blob and reuse most of the existing parsing logics.
>>>>
>>>
>>> Given the understanding I think I prefer option 1 with properties.
>>>
>>> Thanks & Regards,
>>> Johann.
>>>
>>>
>>>>
>>>> Highly appreciate your suggestions and feedbacks on the above approach.
>>>>
>>>> [1] [Architecture][IAM][JDBC based Configuration Store] Database Schema
>>>> [2] [Architecture] [IS] JDBC based Configuration Store for WSO2 IS
>>>>
>>>> Thanks,
>>>> Hasanthi
>>>>
>>>> --
>>>>
>>>> Hasanthi Dissanayake | Senior Software Engineer | WSO2 Inc.
>>>> (m) +94718407133 | (w) +94112145345  | Email: hasan...@wso2.com
>>>>
>>>>
>>>
>>> --
>>> *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect
>>> | WSO2 Inc.
>>> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com
>>> [image: Signature.jpg]
>>>
>>
>>
>> --
>> Ruwan Abeykoon | Director/Architect | WSO2 Inc.
>> (w) +947435800  | Email: ruw...@wso2.com
>>
>>
>
> --
> *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect |
> WSO2 Inc.
> (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com
> [image: Signature.jpg]
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] How does the cache expire in WSO2 products

[Nuwan Dias]

Hi,

I have heard about two mechanisms how the cache expires in WSO2 products.

1. Each cache entry has its individual lifespan specified in the cache
timeout config (15m by default).
2. A scheduled job that runs periodically (based on the cache timeout)
cleans the full cache on each run. This would mean that some cache entries
expire sooner than the others.

Which of the above is correct? Or is it completely different? Can we alter
between the two based on a config?

Thanks,
NuwanD.

-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV] [VOTE] Release WSO2 API Microgateway 3.0.1 RC3

[Nuwan Dias]

Tested the basic flows and the Docker runtime.

[+] - Stable - Go ahead and release.

Thanks,
NuwanD.

On Sun, Jun 9, 2019 at 10:25 AM Praminda Jayawardana 
wrote:

> Hi All,
>
> WSO2 Api Manager team is pleased to announce the third release candidate
> of WSO2 API Microgateway 3.0.1.
>
> The WSO2 API Microgateway is a lightweight, gateway distribution which can
> be used with single or multiple APIs.
>
> Please find the improvements and fixes related to this release in Fixed
> issues
> <https://github.com/wso2/product-microgateway/issues?utf8=%E2%9C%93=is%3Aissue+closed%3A2018-10-12..2019-06-09>
>
> Download the product from here
> <https://github.com/wso2/product-microgateway/releases/tag/v3.0.1-rc3>
>
> The Tag to be voted upon is
> https://github.com/wso2/product-microgateway/releases/tag/v3.0.1-rc3
>
> Please download, test the product and vote.
>
> *[+] Stable - Go ahead and release*
>
> *[-] Broken - Do not release *(explain why)
>
>
> Documentation: https://docs.wso2.com/display/MG301/
>
> Best Regards,
> WSO2 API Manager Team
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 API Microgateway 3.0.0-Beta Released

[Nuwan Dias]

I have some suggestions which I think are important to implement.

1. It looks like there's a lot of information being duplicated in the open
API file and the definitions.yaml.
2. A user needs to enter at least 6 fields to the definitions.yaml to
create a very basic API. This is a tad too much IMO.
3. When defining resource based endpoints and functions a user needs to
copy paste data from the open api file, which I think creates a sense of
redundancy.
4. Given the reasons above it would be best to introduce vendor extensions
to the open API file to capture the additional information we require.
5. The distribution size has increased to 224MB. I think we should host the
runtime and design time separately. Basically a gateway.zip and
gateway-sdk.zip. We should create a mode where we can run the compiled
source on the binary. Ex: gateway.sh --dir=/home/projects/foo/target.


On Tue, Apr 30, 2019 at 2:01 AM Praminda Jayawardana 
wrote:

> The WSO2 API Manager team is pleased to announce the release of WSO2 API
> Microgateway 3.0.0-Beta. It is now available to download.
> Download
>
>
> https://github.com/wso2/product-microgateway/releases/download/v3.0.0-beta/wso2am-micro-gw-3.0.0-beta.zip
> Documentation
>
> https://docs.wso2.com/display/MG300/
> Introduction
>
> The Microgateway provides the capability to create specialized gateway
> distribution (Microgateway distributions) where only a single API or a
> group of APIs are included. Once a Microgateway distribution is started, it
> will start serving those specific API(s) right away.
>
> In summary, a Microgateway is a specialized form of the WSO2 API Gateway
> with characteristics below:
>
>1. Its ability to execute in isolation without mandatory connections
>to other components (Secure Token Service, Rate limiting component ,
>Analytics).
>2. Expose micro services directly from Open API definitions
>3. Ability to host a subset of APIs of choice (defined on the WSO2 API
>Manager's API Publisher) instead of all.
>4. Immutability - The gateway runtime is immutable. If APIs or
>Policies change after the Microgateway has been built, a rebuild process is
>required to capture the changes.
>5. Seamless integration with deployment automation tools and
>techniques.
>6. Easy integration with CI/CD processes.
>
> Microgateway offers you a proxy that is capable of performing security
> validations (Signed JWT, OAuth), in-memory (local) rate limiting and
> Analytics.
> Architecture
>
> The following diagram illustrates an overview of how API Microgateway
> works.
>
> [image: Architecture]
> <https://raw.githubusercontent.com/wso2/product-microgateway/dev_first/architecture-new.png>
> Setting up Microgateway
>
> This product will include a CLI, the B7a platform distribution and a few
> B7a extensions (Endpoints and Filters). Running Microgateway has two main
> steps.
>
>- Setting up a Microgateway project.
>- Running the Microgateway project.
>
> These two steps will be treated as two phases. One will first complete the
> "setup" phase and move on to the "build" phase. The reason for treating
> them as phases is to make it possible for developers to take control of the
> runtime if and when required.
> Bug Fixes And Improvements in 3.0.0-Beta
>
> GitHub Fixed Issues
> <https://github.com/wso2/product-microgateway/milestone/18?closed=1>
> Known Issues
>
> All the open issues pertaining to WSO2 API Microgateway are reported at
> the following location:
>
> GitHub Open Issues
> <https://github.com/wso2/product-microgateway/issues?q=is%3Aissue+is%3Aopen>
> How You Can Contribute Mailing Lists
>
> Join our mailing list and correspond with the developers directly.
>
> Developer List: dev@wso2.org
> Reporting Issues
>
> We encourage you to report issues, documentation faults, and feature
> requests regarding WSO2 API Microgateway through the public (API
> Microgateway Git Repo
> <https://github.com/wso2/product-microgateway/issues>).
>
> *--WSO2 API Manager Team--*
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Committers += Arshardh Ifthikar

[Nuwan Dias]

Hi,

Its my pleasure to announce Arshardh Ifthikar as a WSO2 Committer. He has
been a valuable contributor to WSO2 API Manager, WSO2 Microgateway and
Ballerina.

Congratulations Arshardh and keep up the good work!!.

Thanks,
NuwanD.

-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Remove unused subscription throttle policies when creating Micro gw project

[Nuwan Dias]

Just thinking out loud, is there by any chance a possibility to run just 1
forever for any number of policies? Even if that means a redesign of the
policies?

On Thu, Mar 14, 2019 at 3:48 PM Rajith Roshan  wrote:

>
>
> On Thu, Mar 14, 2019 at 3:21 PM Nuwan Dias  wrote:
>
>>
>>
>> On Thu, Mar 14, 2019 at 3:20 PM Rajith Roshan  wrote:
>>
>>>
>>>
>>> On Thu, Mar 14, 2019 at 2:32 PM Nuwan Dias  wrote:
>>>
>>>> What about the developer first approach? In that case we pre load the
>>>> default policies to the gateway anyway since there is no indication of an
>>>> API being associated to a subs throttling policy.
>>>>
>>> I wonder in current implementation also how these subscription policies
>>> are used. Since with developer first approach any way are not using oauth2
>>> , I assume we are not using any of the subscription policies , @Arshardh
>>> Ifthikar  please correct me if I am wrong
>>>
>>
>> I believe we honor the tier that comes along with the JWT (if it does).
>>
> Yes,  For developer first approach we can ship the by default available
> policies. In the other approach we can limit the policies we are adding to
> micro gw. Because in APIM side there can be many subscription policies but
> not used in APIs which is exposed via micro-gw
>
>>
>>>> On Thu, Mar 14, 2019 at 2:23 PM Rajith Roshan  wrote:
>>>>
>>>>> Hi all,
>>>>> Currently in microgateway(MGW) when we create the project directory we
>>>>> fetch all the subscription and application policies and we generate the
>>>>> source for each policy. In each policy there is ever running loop
>>>>> (forever), in back ground to update the throttle counters. But the issue
>>>>> some of the subscription policies(tiers) might not be used in any of the
>>>>> APIS in MGW and these not used policies running in the background might be
>>>>> consuming some CPU cycles
>>>>>
>>>>> So we thought of filter out the subscription policies(tiers) which are
>>>>> attached to any of the APIs exposed via MGW.
>>>>> For ex if API Foo is attach with policy 100PerMin and API Bar is
>>>>> attached with policies 75PerMin and 50PerMin , then if we are only 
>>>>> exposing
>>>>> API "Foo" and "Bar" from MGW we will only create source files for those
>>>>> subscription policies only, even though there are many subscription
>>>>> policies defined in the admin portal of APIM.
>>>>> Do you find any issues with this approach
>>>>>
>>>>> --
>>>>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>>>>> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>>>>>
>>>>> <https://wso2.com/signature>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Nuwan Dias* | Director | WSO2 Inc.
>>>> (m) +94 777 775 729 | (e) nuw...@wso2.com
>>>> [image: Signature.jpg]
>>>>
>>>
>>>
>>> --
>>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>>> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>>>
>>> <https://wso2.com/signature>
>>>
>>
>>
>> --
>> *Nuwan Dias* | Director | WSO2 Inc.
>> (m) +94 777 775 729 | (e) nuw...@wso2.com
>> [image: Signature.jpg]
>>
>
>
> --
> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>
> <https://wso2.com/signature>
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Remove unused subscription throttle policies when creating Micro gw project

[Nuwan Dias]

On Thu, Mar 14, 2019 at 3:20 PM Rajith Roshan  wrote:

>
>
> On Thu, Mar 14, 2019 at 2:32 PM Nuwan Dias  wrote:
>
>> What about the developer first approach? In that case we pre load the
>> default policies to the gateway anyway since there is no indication of an
>> API being associated to a subs throttling policy.
>>
> I wonder in current implementation also how these subscription policies
> are used. Since with developer first approach any way are not using oauth2
> , I assume we are not using any of the subscription policies , @Arshardh
> Ifthikar  please correct me if I am wrong
>

I believe we honor the tier that comes along with the JWT (if it does).

>
>> On Thu, Mar 14, 2019 at 2:23 PM Rajith Roshan  wrote:
>>
>>> Hi all,
>>> Currently in microgateway(MGW) when we create the project directory we
>>> fetch all the subscription and application policies and we generate the
>>> source for each policy. In each policy there is ever running loop
>>> (forever), in back ground to update the throttle counters. But the issue
>>> some of the subscription policies(tiers) might not be used in any of the
>>> APIS in MGW and these not used policies running in the background might be
>>> consuming some CPU cycles
>>>
>>> So we thought of filter out the subscription policies(tiers) which are
>>> attached to any of the APIs exposed via MGW.
>>> For ex if API Foo is attach with policy 100PerMin and API Bar is
>>> attached with policies 75PerMin and 50PerMin , then if we are only exposing
>>> API "Foo" and "Bar" from MGW we will only create source files for those
>>> subscription policies only, even though there are many subscription
>>> policies defined in the admin portal of APIM.
>>> Do you find any issues with this approach
>>>
>>> --
>>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>>> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>>>
>>> <https://wso2.com/signature>
>>>
>>
>>
>> --
>> *Nuwan Dias* | Director | WSO2 Inc.
>> (m) +94 777 775 729 | (e) nuw...@wso2.com
>> [image: Signature.jpg]
>>
>
>
> --
> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>
> <https://wso2.com/signature>
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Remove unused subscription throttle policies when creating Micro gw project

[Nuwan Dias]

What about the developer first approach? In that case we pre load the
default policies to the gateway anyway since there is no indication of an
API being associated to a subs throttling policy.

On Thu, Mar 14, 2019 at 2:23 PM Rajith Roshan  wrote:

> Hi all,
> Currently in microgateway(MGW) when we create the project directory we
> fetch all the subscription and application policies and we generate the
> source for each policy. In each policy there is ever running loop
> (forever), in back ground to update the throttle counters. But the issue
> some of the subscription policies(tiers) might not be used in any of the
> APIS in MGW and these not used policies running in the background might be
> consuming some CPU cycles
>
> So we thought of filter out the subscription policies(tiers) which are
> attached to any of the APIs exposed via MGW.
> For ex if API Foo is attach with policy 100PerMin and API Bar is attached
> with policies 75PerMin and 50PerMin , then if we are only exposing API
> "Foo" and "Bar" from MGW we will only create source files for those
> subscription policies only, even though there are many subscription
> policies defined in the admin portal of APIM.
> Do you find any issues with this approach
>
> --
> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>
> <https://wso2.com/signature>
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [API M] Micro Gateway 2.6 allows requests to go through with a JWT that doesnt have any subscribed APIs

[Nuwan Dias]

On Tue, Nov 27, 2018 at 4:37 PM Nadeesha Gamage  wrote:

> Hi Nuwan,
> My concern is based on the following two scenarios
>
> *Scenario 1 (for security)*
> - An API Publisher publish the API "xyz" to which the visibility is
> restricted only to a given set of roles. The API would be deployed on MG.
> - User A would not be in the correct role to see the "xyz"API (in API
> store), but has general access to the store and other APIs available. User
> A can now generated a JWT that is trusted by MG.
> - User A simply generates a token without any APIs subscribed under the
> application so that JWT would have an empty claim under "SubscribedAPIs"
> - User A gets hold of the url of API "xyz" and would now be able to invoke
> the API even though he has no subscription or visibility to that particular
> API.
>
> If you want to restrict the access to an API, restricting it just by
subscriptions is not sufficient. This is why there are scopes to be able to
protect resources of API at the runtime. Things like scopes are supported
on the API definition itself and therefore these are applied on the API
runtime irrespective of the subscriptions.

>
>
> *Scenario 2 (for throttling)*
> - An API Publisher wants to control access to an API based on different
> HTTP verbs, resources or even based on different roles.
> - Even after enforcing these limits at different levels (via the
> publisher) a subscriber who has a valid JWT generated from the store can
> still access the API without been confined to App, API or resource level
> throttling limits set by the publisher.
>

What you are describing here are API level rate limiting options. Which are
again supported irrespective of subscriptions. The only rate limit
dependent on the subscription is the subscription tier.

>
> Nadeesha
>
>
> On Tue, Nov 27, 2018 at 2:56 PM Nuwan Dias  wrote:
>
>> It doesn't by pass the security Nadeesha. You are mandated to send a
>> valid security token to the Gateway, without which you cannot access any
>> secured resources.
>>
>> The only thing you get with a subscription is the rate at which you are
>> allowed to access an API. In the default behavior of the product we default
>> that rate limit to a certain limit which is lower than all other defaults.
>> If someone is not ok with that limit, then can further reduce or increase
>> it.
>>
>> On Tue, Nov 27, 2018 at 10:16 AM Nadeesha Gamage 
>> wrote:
>>
>>> Hi Nuwan,
>>> In my option API Microgateway should honor the throttling limits and
>>> access limitations set by the API Manager product irrespective of the fact
>>> that we are planning to make it interoperable with 3rd party products and
>>> open standards. If we allow any request that has a valid JWT to access APIs
>>> in the micro gateway then there should be an option for API
>>> creators/publishers to consent this behaviour for their APIs. Otherwise we
>>> are creating a back channel to bypass the security and throttling (which
>>> API creator/publisher enforces through the API Publisher).
>>>
>>>
>>> Nadeesha
>>>
>>> On Sun, Nov 18, 2018 at 6:16 PM Harsha Kumara  wrote:
>>>
>>>>
>>>>
>>>> On Sun, Nov 18, 2018 at 5:27 AM Nuwan Dias  wrote:
>>>>
>>>>>
>>>>>
>>>>> On Sun, 18 Nov 2018 at 9:48 am, Nadeesha Gamage 
>>>>> wrote:
>>>>>
>>>>>> Hi Nuwan,
>>>>>>
>>>>>>
>>>>>> On Sun, Nov 18, 2018 at 5:43 AM Nuwan Dias  wrote:
>>>>>>
>>>>>>> In the Microgateway the concept of a subscription is optional. This
>>>>>>> is because the Microgateway is designed as an independent gateway that 
>>>>>>> can
>>>>>>> run with or without a full API Management system in place. Therefore as
>>>>>>> long as the Microgateway receives a valid JWT it trusts, it allows the
>>>>>>> request to pass through. If the JWT contains details of a subscription 
>>>>>>> it
>>>>>>> will honour it, otherwise it will default to predefined limits for other
>>>>>>> policies.
>>>>>>>
>>>>>>> The idea of micro-* products is to provide developer first
>>>>>>> experiences for better agility. Hence the motivation for decoupling the
>>>>>>> gateway runtime as much as possible from the API Management. This way
>>>>>>> developers can use the MG w

Re: [Dev] [APIM 2.5.0] API Gateways not showing in store console

[Nuwan Dias]

Valid types are "production", "sandbox" and "hybrid". Are you using one of
these or something called "production and sandbox"?

On Fri, Oct 19, 2018 at 9:11 PM Harsha Kumara  wrote:

> @Thilini Shanika 
>
> On Fri, Oct 19, 2018 at 3:20 PM Godwin Shrimal  wrote:
>
>> Hi APIM Team,
>>
>> We can't see gateways in API Store Console when we use type as production
>> and sandbox. If we use both gateways as hybrid then I can see the API
>> Gateways in the swagger console.
>> Is it a known issue?
>>
>> Thanks
>> Godwin
>> --
>> *Godwin Amila Shrimal*
>> Associate Technical Lead
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94761124419*
>> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/
>> <https://www.linkedin.com/in/godwin-amila-2ba26844/>*
>> twitter: https://twitter.com/godwinamila
>> <http://wso2.com/signature>
>>
>
>
> --
>
> *Harsha Kumara*
>
> Associate Technical Lead, WSO2 Inc.
> Mobile: +94775505618
> Email: hars...@wso2.coim
> Blog: harshcreationz.blogspot.com
>
> GET INTEGRATION AGILE
> Integration Agility for Digitally Driven Business
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Announce] [Architecture] WSO2 Product Installation Resources Released!!!

[Nuwan Dias]

On Wed, Oct 10, 2018 at 10:22 AM Vimukthi Perera  wrote:

> Hi Nuwan,
>
> On Wed, Oct 10, 2018 at 7:36 AM Nuwan Dias  wrote:
>
>> Hi Vimukthi,
>>
>> Why is it that the API Manager artifacts have a 4 digit versioning and
>> the others have the standard 3 digit versioning?
>>
>> All the producs have the 4 digit versioning. Please see the link. It was
> my mistake that I have added the release tag to the Name in API Manager.
> Extremely sorry.
>

Yup, I missed the tag name and only noticed the label.

>
> Regards,
>
>
>> Thanks,
>> NuwanD.
>>
>> On Wed, Oct 10, 2018 at 1:42 AM Vimukthi Perera 
>> wrote:
>>
>>> WSO2 Installation Experience team is pleased to announce the release of
>>> Ansible, AWS, Docker, Kubernetes, Puppet and Vagrant resources for WSO2
>>> products.
>>> Ansible
>>>
>>> Related artifacts:
>>>
>>>-
>>>
>>>WSO2 API Manager v2.6.0.1 -
>>>https://github.com/wso2/ansible-apim/releases/tag/v2.6.0.1
>>>-
>>>
>>>WSO2 Identity Server v5.7.0 -
>>>https://github.com/wso2/ansible-is/releases/tag/v5.7.0.1
>>>-
>>>
>>>WSO2 Stream Processor v4.3.0 -
>>>https://github.com/wso2/ansible-sp/releases/tag/v4.3.0.1
>>>-
>>>
>>>WSO2 Enterprise Integrator v6.4.0 -
>>>https://github.com/wso2/ansible-ei/releases/tag/v6.4.0.1
>>>
>>>
>>> Issues:
>>>
>>>-
>>>
>>>WSO2 API Manager - https://github.com/wso2/ansible-apim/issues
>>>-
>>>
>>>WSO2 Identity Server - https://github.com/wso2/ansible-is/issues
>>>-
>>>
>>>WSO2 Stream Processor - https://github.com/wso2/ansible-sp/issues
>>>-
>>>
>>>WSO2 Enterprise Integrator -
>>>https://github.com/wso2/ansible-ei/issues
>>>
>>> AWS
>>>
>>> Related artifacts:
>>>
>>>-
>>>
>>>WSO2 API Manager v2.6.0.1 -
>>>https://github.com/wso2/aws-apim/releases/tag/v2.6.0.1
>>>-
>>>
>>>WSO2 Identity Server v5.7.0 -
>>>https://github.com/wso2/aws-is/releases/tag/v5.7.0.1
>>>-
>>>
>>>WSO2 Stream Processor v4.3.0 -
>>>https://github.com/wso2/aws-sp/releases/tag/v4.3.0.1
>>>-
>>>
>>>WSO2 Enterprise Integrator v6.4.0 -
>>>https://github.com/wso2/aws-ei/releases/tag/v6.4.0.1
>>>
>>>
>>> Issues:
>>>
>>>-
>>>
>>>WSO2 API Manager - https://github.com/wso2/aws-apim/issues
>>>-
>>>
>>>WSO2 Identity Server - https://github.com/wso2/aws-is/issues
>>>-
>>>
>>>WSO2 Stream Processor - https://github.com/wso2/aws-sp/issues
>>>-
>>>
>>>WSO2 Enterprise Integrator - https://github.com/wso2/aws-ei/issues
>>>
>>> Docker
>>>
>>> Related artifacts:
>>>
>>>-
>>>
>>>WSO2 API Manager v2.6.0.1 -
>>>https://github.com/wso2/docker-apim/releases/tag/v2.6.0.1
>>>-
>>>
>>>WSO2 Identity Server v5.7.0 -
>>>https://github.com/wso2/docker-is/releases/tag/v5.7.0.1
>>>-
>>>
>>>WSO2 Stream Processor v4.3.0 -
>>>https://github.com/wso2/docker-sp/releases/tag/v4.3.0.1
>>>-
>>>
>>>WSO2 Enterprise Integrator v6.4.0 -
>>>https://github.com/wso2/docker-ei/releases/tag/v6.4.0.1
>>>
>>>
>>> Issues:
>>>
>>>-
>>>
>>>WSO2 API Manager - https://github.com/wso2/docker-apim/issues
>>>-
>>>
>>>WSO2 Identity Server - https://github.com/wso2/docker-is/issues
>>>-
>>>
>>>WSO2 Stream Processor - https://github.com/wso2/docker-sp/issues
>>>-
>>>
>>>WSO2 Enterprise Integrator - https://github.com/wso2/docker-ei/issues
>>>
>>> Kubernetes
>>>
>>> Related artifacts:
>>>
>>>-
>>>
>>>WSO2 API Manager v2.6.0.1 -
>>>https://github.com/wso2/kubernetes-apim/releases/tag/v2.6.0.1
>>>-
>>>
>>>WSO2 Identity Server v5.7.0 -
>>>https://github.com/wso2/kubernetes-is/releases/tag/v5.7.0.1
>>>-
>>>
>>>WSO2 Stream Processor v4.3.0

Re: [Dev] [Architecture] [Announce] WSO2 Product Installation Resources Released!!!

[Nuwan Dias]

   -
>
>WSO2 API Manager v2.6.0.1 -
>https://github.com/wso2/vagrant-apim/releases/tag/v2.6.0.1
>-
>
>WSO2 Identity Server v5.7.0 -
>https://github.com/wso2/vagrant-is/releases/tag/v5.7.0.1
>-
>
>WSO2 Stream Processor v4.3.0 -
>https://github.com/wso2/vagrant-sp/releases/tag/v4.3.0.1
>-
>
>WSO2 Enterprise Integrator v6.4.0 -
>https://github.com/wso2/vagrant-ei/releases/tag/v6.4.0.1
>
>
> Issues:
>
>-
>
>WSO2 API Manager - https://github.com/wso2/vagrant-apim/issues
>-
>
>WSO2 Identity Server - https://github.com/wso2/vagrant-is/issues
>-
>
>WSO2 Stream Processor - https://github.com/wso2/vagrant-sp/issues
>-
>
>WSO2 Enterprise Integrator - https://github.com/wso2/vagrant-ei/issues
>
>
> How You Can Contribute
>
> Join our mailing list and correspond with the developers directly.
>
> Developer List: dev@wso2.org
>
> User List: u...@wso2.org
>
> Reporting Issues
>
> We encourage you to report issues and documentation faults regarding WSO2 
> Ansible,
> AWS, Docker, Kubernetes, Puppet and Vagrant resource through respective
> repositories by creating issues.
>
> Thank you!
>
> WSO2 Installation Experience Team
>
> Vimukthi Perera
> Software Engineer
> WSO2 Inc.
>
> Mobile: +94771153999
> Blog: https://medium.com/@vimukthiperera
> Web: http://wso2.com
>
> [image: http://wso2.com/signature] <http://wso2.com/signature>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM 2.5.0] WSO2 API Manager Scopes for Federated Users

[Nuwan Dias]

You should be able to achieve this by having AD as secondary user store.

On Mon, 8 Oct 2018 at 9:59 pm, Waqas Ali Razzaq 
wrote:

> Hi Nuwan,
>
> Basically, the scenario is we have configured WSO2 API store SSO with
> Azure AD. But Publisher and Carbon console are using default JDBC user
> store. Now we want to define
> API resource scope validation in Publisher.
>
> Is it mandatory to have Azure AD as the primary user store or we can
> achieve this using Azure AD as secondary user store?
>
> Thanks & Kind regards,
> *Waqas Ali Razzaq*
>
>
>
>
> On Mon, Oct 8, 2018 at 5:23 PM Nuwan Dias  wrote:
>
>> Hi Hasitha,
>>
>> Have you connected Azure AD as a user store in the API Manager?
>>
>> If yes, this should just work OOTB. Do you see the user to role mapping
>> when you try to view the users via the Management Console of API Manager?
>>
>> If no, can you explain the user login flow? Basically what you mean
>> exactly by federation.
>>
>> Thanks,
>> NuwanD.
>>
>> On Mon, Oct 8, 2018 at 8:31 PM Hasitha De Silva 
>> wrote:
>>
>>> We have WSO2 API Manager federated setup with Azure AD. I can use the
>>> implicit and code grant type to generate the access tokens.
>>>
>>> Now I want to use the WSO2 API Manager scope functionality to limit the
>>> access on certain API resources. I have created the role in API manager and
>>> added the scope on API publisher for the API resource. But when I generate
>>> the access token using scope value, it doesn't return the token with
>>> correct scope. But if I assign the local user to that role and generate the
>>> access token it works fine.
>>>
>>> I wonder if WSO2 API manager support scope management for Federated
>>> users.
>>>
>>> Any help would be appreciated.
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>
>>
>> --
>> *Nuwan Dias* | Director | WSO2 Inc.
>> (m) +94 777 775 729 | (e) nuw...@wso2.com
>> [image: Signature.jpg]
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
> --
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM 2.5.0] WSO2 API Manager Scopes for Federated Users

[Nuwan Dias]

Hi Hasitha,

Have you connected Azure AD as a user store in the API Manager?

If yes, this should just work OOTB. Do you see the user to role mapping
when you try to view the users via the Management Console of API Manager?

If no, can you explain the user login flow? Basically what you mean exactly
by federation.

Thanks,
NuwanD.

On Mon, Oct 8, 2018 at 8:31 PM Hasitha De Silva 
wrote:

> We have WSO2 API Manager federated setup with Azure AD. I can use the
> implicit and code grant type to generate the access tokens.
>
> Now I want to use the WSO2 API Manager scope functionality to limit the
> access on certain API resources. I have created the role in API manager and
> added the scope on API publisher for the API resource. But when I generate
> the access token using scope value, it doesn't return the token with
> correct scope. But if I assign the local user to that role and generate the
> access token it works fine.
>
> I wonder if WSO2 API manager support scope management for Federated users.
>
> Any help would be appreciated.
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] API Manager - Retrieving JSON Payload During Mediation

[Nuwan Dias]

Hi Amitha,

Maybe this document [1] would help you understand how to deal with JSON
payloads better.

[1] - https://docs.wso2.com/display/EI630/Working+with+JSON+Message+Payloads

Thanks,
NuwanD.

On Wed, Sep 26, 2018 at 10:01 AM Amitha Dissanayake 
wrote:

> Hi,
>
> I'm a developer who's exploring API Manager. When I was attempting to
> retrieve the JSON payload form a Context Message during mediation (out
> sequence), I observed that the payload it attached in a SOAP Envelope
> inside the Axis2 Context Message. However, I'm receiving the response from
> a REST endpoint.
>
> In that case I had to convert the SOAP Evelope XML to JSON, then modify
> the changes and again convert it to XML and attach to Axis2 Context
> Message. In that operation, 4 conversions happen. That is,
>
>1. Between the endpoint and mediation point. JSON to XML
>2. During mediation, I convert XML to JSON and do the operation,
>3. I again convert the JSON to XML and attach to the axis2 message.
>4. Postman receives a JSON; means XML has again been converted inside
>the API Manager.
>
>
> When I ran the mediation on debug mode, I observed that the content is
> received as SOAPAction to the mediation point.
>
> I feel that this adds an unnecessary latency overhead or I am doing
> something wrong in the process. Is there a way to overcome this issue/
> directly access the JSON payload or what is the correct way to access the
> JSON payload without too many conversions?
>
> Thanks in Advance.
>
> Regards,
>
> Amitha Dissanayake
> Senior Software Engineer [image: Logo] <https://www.yaalalabs.com/>
>
> Yaala Labs
> 14 Sir Baron Jayathilake Mawatha
> Colombo 1, Sri Lanka
> m: + 94 77 548 1350
> e: ami...@yaalalabs.com
>
> www.yaalalabs.com [image: LinkedIn icon]
> <https://www.linkedin.com/company/yaalalabs/>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Dev][VOTE] Release of WSO2 API Manager 2.6.0 RC3

[Nuwan Dias]

Tested the following.

Basic API creation by creator role
Publishing by publisher role
User sign up
Creation and invocation of SOAP APIs
Microgateway VM mode
Microgateway docker mode

[+] Stable - go ahead and release

Thanks,
NuwanD.

On Sat, Sep 15, 2018 at 10:34 AM Chamila Adhikarinayake 
wrote:

> Microgateway RC3 can be found in
> https://github.com/wso2/product-microgateway/releases/tag/v2.6.0-rc3
>
> Thanks
> Chamila
>
> On Sat, Sep 15, 2018 at 7:04 AM, Chamila Adhikarinayake  > wrote:
>
>> Hi All,
>>
>> We are pleased to announce the third release candidate of WSO2 API
>> Manager 2.6.0.
>>
>> This release fixes the following issues.
>>
>> Fixes : carbon-apimgt
>> <https://github.com/wso2/carbon-apimgt/issues?utf8=%E2%9C%93=is%3Aclosed+closed%3A2018-07-16..2018-09-15+-label%3A%22APIM+3.0.0%22>
>> Fixes : product-apim
>> <https://github.com/wso2/product-apim/issues?utf8=%E2%9C%93=is%3Aclosed+closed%3A2018-07-16..2018-09-15+-label%3A%223.0.0%22>
>> Fixes : analytics-apim
>> <https://github.com/wso2/analytics-apim/issues?utf8=%E2%9C%93=is%3Aclosed+closed%3A2018-07-16..2018-09-15>
>> Fixes : product-microgateway
>> <https://github.com/wso2/product-microgateway/issues?utf8=%E2%9C%93=is%3Aclosed+closed%3A2018-07-16..2018-09-15>
>>
>> Source and Distribution,
>>- Runtime :
>> https://github.com/wso2/product-apim/releases/tag/v2.6.0-rc3
>>- Analytics :
>> https://github.com/wso2/analytics-apim/releases/tag/v2.6.0-rc3
>>- Tooling :
>> https://github.com/wso2/devstudio-tooling-apim/releases/tag/v2.6.0-rc1
>>- Microgateway :
>> https://github.com/wso2/product-microgateway/releases/tag/v2.6.0-rc2
>>
>> Please download, test the product and vote.
>>
>>   [+] Stable - go ahead and release
>>   [-] Broken - do not release (explain why)
>>
>> Thanks,
>> ~ WSO2 API Manager Team ~
>>
>>
>> --
>> Regards,
>> Chamila Adhikarinayake
>> Associate Technical Lead
>> WSO2, Inc.
>> Mobile - +94712346437
>> Email  - chami...@wso2.com
>> Blog  -  http://helpfromadhi.blogspot.com/
>>
>
>
>
> --
> Regards,
> Chamila Adhikarinayake
> Associate Technical Lead
> WSO2, Inc.
> Mobile - +94712346437
> Email  - chami...@wso2.com
> Blog  -  http://helpfromadhi.blogspot.com/
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM 2.x.y] Can I plug a Custom File System Provider ?

[Nuwan Dias]

The Deployment Synchronizer has an interface which could be implemented. We
could write an S3 implementation for the Deployment Synchronizer.

Can someone point to the Dep-Sync interface and one of the implementations
please? We had a Registry Based Dep-Sync implementation and a SVN based dep
sync implementation.

On Thu, Aug 16, 2018 at 10:55 AM Youcef HILEM 
wrote:

> Hi,
>
> I complete my question by specifying my need.
>
> As described here
> (
> http://sanjeewamalalgoda.blogspot.com/2015/06/deploy-wso2-api-manager-across-multiple.html
> ),
> we want to push API published in Master Datacenter to a shaared server and
> let Read Only nodes pick API config from there (we may not be able to use
> deployment synchronizer here).
>
> How to deposit and read this artifacts from the shared server?
>
> Thanks
> Youcef
>
>
>
> --
> Sent from:
> http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Development-f3.html
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
Nuwan Dias

Director - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM-2.6.0-alpha] Cannot generate tokens with scope apim:app_owner_change for non-admin user

[Nuwan Dias]

Its by design. By design we don't allows normal users to change the
ownerships of Applications.

On Wed, Aug 22, 2018 at 2:53 PM Samitha Chathuranga 
wrote:

> Thanks Malintha.
>
> That was the cause.
>
> On Wed, Aug 22, 2018 at 2:47 PM Malintha Amarasinghe 
> wrote:
>
>> Hi Samitha,
>>
>> Please check tenant-conf.json in the registry. apim:app_owner_change may
>> be added there with admin role.
>>
>> On Wed, Aug 22, 2018 at 2:44 PM, Samitha Chathuranga 
>> wrote:
>>
>>> Hi,
>>>
>>> I created a Dynamic client via DCR with a non-admin user credentials and
>>> used the resulting client ID and secret to generate a token. The token
>>> scope sent in body is "apim:api_view apim:subscribe
>>> apim:app_owner_change"
>>>
>>> *Curl Command sent is as below*
>>>
>>> curl -X POST \
>>>   https://localhost:8243/token \
>>>   -H 'authorization: Basic
>>> ME0zX1dmcGZvM2ZTaWlIR0JrWVo4OXNVdVNRYTpJUVpxc3d6RWl0elRhc3RKTVlGMUJXRnlwbzhh'
>>> \
>>>   -H 'cache-control: no-cache' \
>>>   -H 'content-type: application/x-www-form-urlencoded' \
>>>   -H 'postman-token: 2e9d6d96-f60b-e4be-7317-5b35c75f02b6' \
>>>   -d
>>> 'grant_type=password=samitha=12345=apim%3Aapi_view%20apim%3Asubscribe%20apim%3Aapp_owner_change'
>>>
>>> But the response doesn't include the scope *apim:app_owner_change*
>>>
>>> Response:
>>> {"access_token":"2145d80a-635f-3a7f-a980-e380e827bde0","refresh_token":"3472eaef-a1d0-3211-9ba7-ff95e738981f","scope":"apim:api_view
>>> apim:subscribe","token_type":"Bearer","expires_in":2289}
>>>
>>> There is no such issue for admin users. What I am understanding is that
>>> this scope is not allowed for non-admin users. Or what am I missing here?
>>> And if there is any such restriction, please give a reference.
>>>
>>> Regards,
>>> Samitha
>>> --
>>> *Samitha Chathuranga*
>>> *Senior Software Engineer*, *WSO2 Inc.*
>>> lean.enterprise.middleware
>>> Mobile: +94715123761
>>>
>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>> Malintha Amarasinghe
>> *WSO2, Inc. - lean | enterprise | middleware*
>> http://wso2.com/
>>
>> Mobile : +94 712383306
>>
>
>
> --
> *Samitha Chathuranga*
> *Senior Software Engineer*, *WSO2 Inc.*
> lean.enterprise.middleware
> Mobile: +94715123761
>
> [image: http://wso2.com/signature] <http://wso2.com/signature>
>


-- 
Nuwan Dias

Director - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM][Micro-GW] Retrieving the microgateway label in runtime

[Nuwan Dias]

I don't think using project name is a good idea. Because project is a
development time thing, decided by the developer setting up the
Microgateway development stage. The runtime of the Gateway may have no
relevance to the "project".

On Wed, Aug 8, 2018 at 11:33 PM Malintha Amarasinghe 
wrote:

>
> On Wed, Aug 8, 2018 at 7:58 PM, Rajith Roshan  wrote:
>
>>
>>
>> On Wed, Aug 8, 2018 at 7:33 PM Nuwan Dias  wrote:
>>
>>> How about introducing it as an annotation (custom of course) to the
>>> Ballerina code itself?
>>>
>> This seems to be the most easiest way, But one micro gw can have multiple
>> apis  , then annotation have to be copied for each api.
>> Other way is to add it to micro-gw conf (toml) while copying it to the
>> distribution when building the distribution.
>>
>>>
>>> On Wed, Aug 8, 2018 at 5:46 PM Fazlan Nazeem  wrote:
>>>
>>>> Hi,
>>>>
>>>> Is there a way to extract the microgateway label from the runtime? This
>>>> is because we need to publish this information to the Stream Processor for
>>>> analytics. Although we do not have any charts which filter statistics
>>>> depending on the label, this may come up as a requirement in the future.
>>>> Additionally, there should be some mechanism to know what label is
>>>> associated with each microgateway. Once the micro-gateway is generated,
>>>> this information doesn't seem to be retrievable.
>>>>
>>> And also micro gateway can be built without  label also. It can fetch an
>> api from name and version, so there won't be label at that time.  Then we
>> have only the project name. Can't we use project name for this.
>>
>
> Yes we need to think about both situations; micro-gw for a label and
> single API.
>
> I think we are basically trying to identify which microgateway the event
> is coming from.
> If we take the label approach, let's say if we generate two microgw 
> distributions
> using the label "accounts" and then make them work together using a LB,
> both of them will be having a same identifier "accounts". We will not be
> able to see how many requests each "accounts" microgws got individually.
>
> So I also think a mechanism using project name or any other way of setting
> a unique ID for each gateway would be better. And we need to have a
> seperate mechanism to identify which microgw with ID has which label (or
> the API).
>
>
>>
>>>> Currently, the value for the label field is predefined in the source
>>>> code. According to an offline chat with Malintha, we may have to burn the
>>>> label into the microgw-conf file during gateway building phase or persist
>>>> this info in some other means. Any suggestions?
>>>>
>>>
>>
>>>> --
>>>> Thanks & Regards,
>>>>
>>>> *Fazlan Nazeem*
>>>> Senior Software Engineer
>>>> WSO2 Inc
>>>> Mobile : +94772338839
>>>> fazl...@wso2.com
>>>>
>>>
>>>
>>> --
>>> Nuwan Dias
>>>
>>> Director - WSO2, Inc. http://wso2.com
>>> email : nuw...@wso2.com
>>> Phone : +94 777 775 729
>>>
>>
>>
>> --
>> Rajith Roshan
>> Senior Software Engineer, WSO2 Inc.
>> Mobile: +94-717-064-214
>>
>
>
>
> --
> Malintha Amarasinghe
> *WSO2, Inc. - lean | enterprise | middleware*
> http://wso2.com/
>
> Mobile : +94 712383306
>


-- 
Nuwan Dias

Director - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM][Micro-GW] Retrieving the microgateway label in runtime

[Nuwan Dias]

On Wed, Aug 8, 2018 at 7:59 PM Rajith Roshan  wrote:

>
>
> On Wed, Aug 8, 2018 at 7:33 PM Nuwan Dias  wrote:
>
>> How about introducing it as an annotation (custom of course) to the
>> Ballerina code itself?
>>
> This seems to be the most easiest way, But one micro gw can have multiple
> apis  , then annotation have to be copied for each api.
>

Yes, each API should be tagged with the same label anyway. So I don't think
adding the annotation to each API as a hard thing.


> Other way is to add it to micro-gw conf (toml) while copying it to the
> distribution when building the distribution.
>
>>
>> On Wed, Aug 8, 2018 at 5:46 PM Fazlan Nazeem  wrote:
>>
>>> Hi,
>>>
>>> Is there a way to extract the microgateway label from the runtime? This
>>> is because we need to publish this information to the Stream Processor for
>>> analytics. Although we do not have any charts which filter statistics
>>> depending on the label, this may come up as a requirement in the future.
>>> Additionally, there should be some mechanism to know what label is
>>> associated with each microgateway. Once the micro-gateway is generated,
>>> this information doesn't seem to be retrievable.
>>>
>> And also micro gateway can be built without  label also. It can fetch an
> api from name and version, so there won't be label at that time.  Then we
> have only the project name. Can't we use project name for this.
>
>>
>>> Currently, the value for the label field is predefined in the source
>>> code. According to an offline chat with Malintha, we may have to burn the
>>> label into the microgw-conf file during gateway building phase or persist
>>> this info in some other means. Any suggestions?
>>>
>>
>
>>> --
>>> Thanks & Regards,
>>>
>>> *Fazlan Nazeem*
>>> Senior Software Engineer
>>> WSO2 Inc
>>> Mobile : +94772338839
>>> fazl...@wso2.com
>>>
>>
>>
>> --
>> Nuwan Dias
>>
>> Director - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729
>>
>
>
> --
> Rajith Roshan
> Senior Software Engineer, WSO2 Inc.
> Mobile: +94-717-064-214
>


-- 
Nuwan Dias

Director - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM][Micro-GW] Retrieving the microgateway label in runtime

[Nuwan Dias]

How about introducing it as an annotation (custom of course) to the
Ballerina code itself?

On Wed, Aug 8, 2018 at 5:46 PM Fazlan Nazeem  wrote:

> Hi,
>
> Is there a way to extract the microgateway label from the runtime? This is
> because we need to publish this information to the Stream Processor for
> analytics. Although we do not have any charts which filter statistics
> depending on the label, this may come up as a requirement in the future.
> Additionally, there should be some mechanism to know what label is
> associated with each microgateway. Once the micro-gateway is generated,
> this information doesn't seem to be retrievable.
>
> Currently, the value for the label field is predefined in the source code.
> According to an offline chat with Malintha, we may have to burn the label
> into the microgw-conf file during gateway building phase or persist this
> info in some other means. Any suggestions?
>
> --
> Thanks & Regards,
>
> *Fazlan Nazeem*
> Senior Software Engineer
> WSO2 Inc
> Mobile : +94772338839
> fazl...@wso2.com
>


-- 
Nuwan Dias

Director - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Showing a custom URL for the API in the store

[Nuwan Dias]

On Wed, Jul 25, 2018 at 6:59 AM Shazni Nazeer  wrote:

> Is there a configuration that I can use to customize the endpoint URLs
> that are displayed in the API store?
>
> Currently, the URL is showing up with the prefix of whatever I have
> configured in the GatewayEndpoint in the api-manager.xml.
>
> Is there a way to override it without changing the api-manager.xml?
>

Why do you want to override it without changing the api-manager.xml?
Because the whole purpose of that config is to display the URL on the
Store, so there's nothing wrong in changing it.

>
> --
> Shazni Nazeer
>
> Mob : +94 37331
> LinkedIn : http://lk.linkedin.com/in/shazninazeer
>
> Blogs :
>
> https://medium.com/@mshazninazeer
> http://shazninazeer.blogspot.com
>
> <http://wso2.com/signature>
>


-- 
Nuwan Dias

Director - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] API Microgateway Ballerina Upgrade to 0.980

[Nuwan Dias]

Good Stuff!!

On Wed, 25 Jul 2018 at 8:38 am, Malintha Amarasinghe 
wrote:

> Nice work Sachini!
>
> Please make the above document accessible to public (if not done already)
>
> Thanks!
>
> On Wed, 25 Jul 2018, 17:21 Sachini De Silva,  wrote:
>
>> Hi all,
>>
>> This is to give an update on this task. I fixed the issues reported in
>> github[1] with following fixes.
>>
>>  Issue
>>
>>
>> Fix
>>
>> Verify Kubernetes related annotations (
>> https://github.com/wso2/product-microgateway/issues/195)
>>
>> https://github.com/wso2/product-microgateway/pull/205/files
>>
>> Enable copy file support for Kubernetes deployment (
>> https://github.com/wso2/product-microgateway/issues/194)
>>
>> https://github.com/wso2/product-microgateway/pull/208/files
>>
>> Configuration to disable SSL hostname verification for Key manager (
>> https://github.com/wso2/product-microgateway/issues/193)
>>
>> https://github.com/wso2/product-microgateway/pull/209/files
>> <https://github.com/wso2/product-microgateway/pull/209>
>>
>> Default CORS config in toolkit-config.toml is wrong (
>> https://github.com/wso2/product-microgateway/issues/206)
>>
>> https://github.com/wso2/product-microgateway/pull/207/files
>>
>> Document the usage of cli-config.toml config file (
>> https://github.com/wso2/product-microgateway/issues/97)
>>
>>
>> https://docs.google.com/document/d/1VUA675FUDsyvmQjnx4aQx14PuXwJOnH5xo6j0p9OQCI/edit
>>
>> [1]. https://github.com/wso2/product-microgateway/issues
>> <https://github.com/wso2/product-microgateway/issues/195>
>>
>> Thanks,
>> Sachini
>>
>> On Mon, Jul 23, 2018 at 9:38 PM, Nuwan Dias  wrote:
>>
>>> Let's go through the scenarios on the docs and verify everything. Ex:
>>> changing back-end url and credentials, etc.
>>>
>>> On Mon, Jul 23, 2018 at 7:55 AM Sachini De Silva 
>>> wrote:
>>>
>>>> Tested analytics. Will check rate limiting.
>>>>
>>>> On Mon, Jul 23, 2018 at 6:24 PM, Nuwan Dias  wrote:
>>>>
>>>>> How about Analytics, Rate Limiting?
>>>>>
>>>>> On Mon, Jul 23, 2018 at 5:44 AM Sachini De Silva 
>>>>> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> Adding to the list of tested scenarios,
>>>>>>
>>>>>> 8. Deploy microgateway in kubernetes with a single API and invoke
>>>>>> with JWT token.
>>>>>> 9. Tested same for a group of labeled APIs.
>>>>>>
>>>>>> Thanks,
>>>>>> Sachini
>>>>>>
>>>>>> On Mon, Jul 23, 2018 at 5:10 PM, Sanjeewa Malalgoda <
>>>>>> sanje...@wso2.com> wrote:
>>>>>>
>>>>>>> Tested 0.980.1 updated microgateway with single API mode for both
>>>>>>> JWT/OAuth token mode in docker and local mode. Didn't noticed any issues
>>>>>>> and its working as expected. If other scenarios also passed i think we 
>>>>>>> can
>>>>>>> go ahead and do release.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> sanjeewa.
>>>>>>>
>>>>>>> On Mon, Jul 23, 2018 at 1:43 PM Isuru Haththotuwa 
>>>>>>> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, Jul 23, 2018 at 1:36 PM, Bhathiya Jayasekara <
>>>>>>>> bhath...@wso2.com> wrote:
>>>>>>>>
>>>>>>>>> I think there was an issue with v0.980 and fixed in v0.980.1. Not
>>>>>>>>> sure if it will affect MG. Please check that.
>>>>>>>>>
>>>>>>>> This was a fix related to packerina. However since this is the only
>>>>>>>> change included, IMO we can bump the version and do the release.
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> Bhathiya
>>>>>>>>>
>>>>>>>>> On Mon, Jul 23, 2018 at 12:47 PM Sachini De Silva <
>>>>>>>>> sachi...@wso2.com> wrote:
>>>>>>>>>
>>>>>>>>

[Dev] WSO2 Committers += Sachini De Silva

[Nuwan Dias]

Hi,

Its my pleasure to announce Sachini De Silva as a WSO2 Committer. She has
been a valuable contributor to WSO2 API Manager and the platform.

Congratulations Sachini and keep up the good work!!.

Thanks,
NuwanD.

-- 
Nuwan Dias

Director - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0] JWT issuer value

[Nuwan Dias]

So this means that IS already has a special config for that, which also
means that we do not have to introduce yet another config and can reuse
what IS is already using right?

On Mon, Jul 23, 2018 at 11:20 PM Malintha Amarasinghe 
wrote:

> Looks like they are using the "IDTokenIssuerID" from identity.xml. If it
> is not specified, it uses the token API URL (
> https://localhost:9443/oauth2/token).
>
>
> ${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token
>
> [1]
> https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/v6.0.14/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/util/OAuth2Util.java#L966-L972
>
> On Tue, Jul 24, 2018 at 11:36 AM, Nuwan Dias  wrote:
>
>> Do we know how IS generates the "iss" when issuing JWT tokens? We should
>> try to leverage that so that we maintain consistency. Again, by making it
>> backwards compatible too.
>>
>> On Mon, Jul 23, 2018 at 11:01 PM Malintha Amarasinghe 
>> wrote:
>>
>>> Hi Nuwan,
>>>
>>> We can use a new config under . If it is not
>>> specified, we can use the config from . We can make that
>>> config commented out when shipping. Also, the shipped (default) value can
>>> be added as the token API URL (The same existing value). From these,
>>> existing customers using backend JWT (not doing any changes here) won't
>>> break.
>>>
>>> Do we allow using two different "iss" values for JWT access token and
>>> backend JWT? In both cases, the issuer is the same, so ideally we can use
>>> the same config. But anyone changing this value should be aware that it
>>> will change both "iss" values.
>>>
>>> Thanks!
>>>
>>> On Mon, Jul 23, 2018 at 6:45 PM, Nuwan Dias  wrote:
>>>
>>>> IMO the "iss" claim should be a configurable value. Reusing some other
>>>> config such as the Revoke URL is not correct.
>>>>
>>>> IINM, when I went through the code I noticed that we use the same code
>>>> to generate backend JWT's "iss" as well as /token API JWT's "iss". So
>>>> whatever change we do has to be made in a backwards compatible way so that
>>>> we don't break existing applications.
>>>>
>>>> On Mon, Jul 23, 2018 at 6:08 AM Malintha Amarasinghe <
>>>> malint...@wso2.com> wrote:
>>>>
>>>>> + Dev
>>>>>
>>>>> On Mon, Jul 23, 2018 at 6:32 PM, Chamin Dias  wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> 1. When testing JWT with APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0, we
>>>>>> faced an issue.
>>>>>>
>>>>>> *Setup details : Single node APIM Server (no port offset), ISKM (port
>>>>>> offset 1), Default Micro-GW*
>>>>>>
>>>>>> 2. The issuer (iss) is picked from the  of
>>>>>> api-manager.xml in ISKM pack after replacing "/revoke" -> "/token". The
>>>>>> default value in ISKM pack is : https://localhost:
>>>>>> ${https.nio.port}/revoke
>>>>>>
>>>>>> 3. However, when consuming an API with a JWT token, the Micro-GW
>>>>>> shows the below error.
>>>>>>
>>>>>> ERROR [ballerina/http] - Error while validating JWT token  :
>>>>>> {message:"No Registered IDP found for the JWT with issuer name :
>>>>>> https://localhost:${https.nio.port}/token
>>>>>>
>>>>>> 4. When we decode the JWT (using https://jwt.io/), we found the
>>>>>> "iss" as follows. (${https.nio.port} has not been resolved properly)
>>>>>>
>>>>>> "iss": "https://localhost:${https.nio.port}/token;
>>>>>>
>>>>>> 5. Then we edited the  of api-manager.xml in ISKM pack
>>>>>> as follows.
>>>>>>
>>>>>> https://localhost:8243/revoke
>>>>>>
>>>>>> *Note* : In micro-gw.conf of Micro-GW 2.5.0, we have the following.
>>>>>>
>>>>>> [jwtTokenConfig]
>>>>>> issuer="https://localhost:8243/token;
>>>>>> audience="http://org.wso2.apimgt/gateway;
>>>>>> certificateAlias="wso2apim"
>>>>>>
>>>>>> trustStore.path="${ballerina.home}/

Re: [Dev] [APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0] JWT issuer value

[Nuwan Dias]

Do we know how IS generates the "iss" when issuing JWT tokens? We should
try to leverage that so that we maintain consistency. Again, by making it
backwards compatible too.

On Mon, Jul 23, 2018 at 11:01 PM Malintha Amarasinghe 
wrote:

> Hi Nuwan,
>
> We can use a new config under . If it is not specified,
> we can use the config from . We can make that config
> commented out when shipping. Also, the shipped (default) value can be added
> as the token API URL (The same existing value). From these,
> existing customers using backend JWT (not doing any changes here) won't
> break.
>
> Do we allow using two different "iss" values for JWT access token and
> backend JWT? In both cases, the issuer is the same, so ideally we can use
> the same config. But anyone changing this value should be aware that it
> will change both "iss" values.
>
> Thanks!
>
> On Mon, Jul 23, 2018 at 6:45 PM, Nuwan Dias  wrote:
>
>> IMO the "iss" claim should be a configurable value. Reusing some other
>> config such as the Revoke URL is not correct.
>>
>> IINM, when I went through the code I noticed that we use the same code to
>> generate backend JWT's "iss" as well as /token API JWT's "iss". So whatever
>> change we do has to be made in a backwards compatible way so that we don't
>> break existing applications.
>>
>> On Mon, Jul 23, 2018 at 6:08 AM Malintha Amarasinghe 
>> wrote:
>>
>>> + Dev
>>>
>>> On Mon, Jul 23, 2018 at 6:32 PM, Chamin Dias  wrote:
>>>
>>>> Hi all,
>>>>
>>>> 1. When testing JWT with APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0, we
>>>> faced an issue.
>>>>
>>>> *Setup details : Single node APIM Server (no port offset), ISKM (port
>>>> offset 1), Default Micro-GW*
>>>>
>>>> 2. The issuer (iss) is picked from the  of
>>>> api-manager.xml in ISKM pack after replacing "/revoke" -> "/token". The
>>>> default value in ISKM pack is : https://localhost:
>>>> ${https.nio.port}/revoke
>>>>
>>>> 3. However, when consuming an API with a JWT token, the Micro-GW shows
>>>> the below error.
>>>>
>>>> ERROR [ballerina/http] - Error while validating JWT token  :
>>>> {message:"No Registered IDP found for the JWT with issuer name :
>>>> https://localhost:${https.nio.port}/token
>>>>
>>>> 4. When we decode the JWT (using https://jwt.io/), we found the "iss"
>>>> as follows. (${https.nio.port} has not been resolved properly)
>>>>
>>>> "iss": "https://localhost:${https.nio.port}/token;
>>>>
>>>> 5. Then we edited the  of api-manager.xml in ISKM pack
>>>> as follows.
>>>>
>>>> https://localhost:8243/revoke
>>>>
>>>> *Note* : In micro-gw.conf of Micro-GW 2.5.0, we have the following.
>>>>
>>>> [jwtTokenConfig]
>>>> issuer="https://localhost:8243/token;
>>>> audience="http://org.wso2.apimgt/gateway;
>>>> certificateAlias="wso2apim"
>>>> trustStore.path="${ballerina.home}/bre/security/ballerinaTruststore.p12"
>>>> trustStore.password="ballerina"
>>>>
>>>> 6. Then, after repeating the process, the API invocation was fine.
>>>>
>>>> According to the spec (
>>>> https://tools.ietf.org/html/rfc7519#section-4.1.1), "iss" claim
>>>> identifies the principal that issued the JWT. There is another option
>>>> for this, which is the URL from IS "https://localhost:9444/oauth2/token;.
>>>> But having this in the JWT token can expose the IS internal oauth2
>>>> token URL.
>>>>
>>>> So shall we go with the https://localhost:8243 approach?
>>>>
>>>> In both cases, we need to hardcode the  as the port
>>>> property is not resolved properly in non-synapse(IS) environment.
>>>>
>>>> Please share your thoughts.
>>>>
>>>> (Isuru/Malintha/Fazlan - Please add if I have missed anything.)
>>>>
>>>> Thanks.
>>>>
>>>> --
>>>> Chamin Dias
>>>> Mobile : 0716097455
>>>> Email : cham...@wso2.com
>>>> LinkedIn : https://www.linkedin.com/in/chamindias
>>>>
>>>>
>>>
>>>
>>> --
>>> Malintha Amarasinghe
>>> *WSO2, Inc. - lean | enterprise | middleware*
>>> http://wso2.com/
>>>
>>> Mobile : +94 712383306
>>>
>>
>>
>> --
>> Nuwan Dias
>>
>> Director - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729
>>
>
>
>
> --
> Malintha Amarasinghe
> *WSO2, Inc. - lean | enterprise | middleware*
> http://wso2.com/
>
> Mobile : +94 712383306
>


-- 
Nuwan Dias

Director - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] API Microgateway Ballerina Upgrade to 0.980

[Nuwan Dias]

Let's go through the scenarios on the docs and verify everything. Ex:
changing back-end url and credentials, etc.

On Mon, Jul 23, 2018 at 7:55 AM Sachini De Silva  wrote:

> Tested analytics. Will check rate limiting.
>
> On Mon, Jul 23, 2018 at 6:24 PM, Nuwan Dias  wrote:
>
>> How about Analytics, Rate Limiting?
>>
>> On Mon, Jul 23, 2018 at 5:44 AM Sachini De Silva 
>> wrote:
>>
>>> Hi all,
>>>
>>> Adding to the list of tested scenarios,
>>>
>>> 8. Deploy microgateway in kubernetes with a single API and invoke with
>>> JWT token.
>>> 9. Tested same for a group of labeled APIs.
>>>
>>> Thanks,
>>> Sachini
>>>
>>> On Mon, Jul 23, 2018 at 5:10 PM, Sanjeewa Malalgoda 
>>> wrote:
>>>
>>>> Tested 0.980.1 updated microgateway with single API mode for both
>>>> JWT/OAuth token mode in docker and local mode. Didn't noticed any issues
>>>> and its working as expected. If other scenarios also passed i think we can
>>>> go ahead and do release.
>>>>
>>>> Thanks,
>>>> sanjeewa.
>>>>
>>>> On Mon, Jul 23, 2018 at 1:43 PM Isuru Haththotuwa 
>>>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Mon, Jul 23, 2018 at 1:36 PM, Bhathiya Jayasekara <
>>>>> bhath...@wso2.com> wrote:
>>>>>
>>>>>> I think there was an issue with v0.980 and fixed in v0.980.1. Not
>>>>>> sure if it will affect MG. Please check that.
>>>>>>
>>>>> This was a fix related to packerina. However since this is the only
>>>>> change included, IMO we can bump the version and do the release.
>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Bhathiya
>>>>>>
>>>>>> On Mon, Jul 23, 2018 at 12:47 PM Sachini De Silva 
>>>>>> wrote:
>>>>>>
>>>>>>> + [dev]
>>>>>>>
>>>>>>> On Mon, Jul 23, 2018 at 12:12 PM, Sachini De Silva <
>>>>>>> sachi...@wso2.com> wrote:
>>>>>>>
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> This is to give an update on how API Microgateway ballerina upgrade
>>>>>>>> is going.
>>>>>>>>
>>>>>>>> RajithR came up with
>>>>>>>> https://github.com/wso2/product-microgateway/pull/202/files which
>>>>>>>> contains the syntax changes to support ballerina 0.980.
>>>>>>>>
>>>>>>>> I have tested API Microgateway with the above change and listed
>>>>>>>> below are the scenarios I tested.
>>>>>>>>
>>>>>>>> 1. Created gateway distribution for a single API and invoked
>>>>>>>> through JWT and Oauth tokens.
>>>>>>>> 2. Tested the same for labelled APIs
>>>>>>>> 3. Tested overriding endpoints using system variables.
>>>>>>>> 4. Microgateway analytics
>>>>>>>> 6. Deploy microgateway in docker and invoked API using JWT and
>>>>>>>> Oauth2.
>>>>>>>> 7. Deploy a group of labeled APIs in docker. (to verify
>>>>>>>> https://github.com/wso2/product-microgateway/issues/199 is fixed)
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Sachini
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> *Sachini De Silva*
>>>>>>>> Software Engineer - WSO2
>>>>>>>>
>>>>>>>> Email : sachi...@wso2.com
>>>>>>>> Mobile : +94714765495
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> *Sachini De Silva*
>>>>>>> Software Engineer - WSO2
>>>>>>>
>>>>>>> Email : sachi...@wso2.com
>>>>>>> Mobile : +94714765495
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Bhathiya Jayasekara*
>>>>>> *Associate Technical Lead,*
>>>>

Re: [Dev] [APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0] JWT issuer value

[Nuwan Dias]

IMO the "iss" claim should be a configurable value. Reusing some other
config such as the Revoke URL is not correct.

IINM, when I went through the code I noticed that we use the same code to
generate backend JWT's "iss" as well as /token API JWT's "iss". So whatever
change we do has to be made in a backwards compatible way so that we don't
break existing applications.

On Mon, Jul 23, 2018 at 6:08 AM Malintha Amarasinghe 
wrote:

> + Dev
>
> On Mon, Jul 23, 2018 at 6:32 PM, Chamin Dias  wrote:
>
>> Hi all,
>>
>> 1. When testing JWT with APIM 2.5.0 + ISKM 5.6.0 + Micro-GW 2.5.0, we
>> faced an issue.
>>
>> *Setup details : Single node APIM Server (no port offset), ISKM (port
>> offset 1), Default Micro-GW*
>>
>> 2. The issuer (iss) is picked from the  of api-manager.xml
>> in ISKM pack after replacing "/revoke" -> "/token". The default value in
>> ISKM pack is : https://localhost:${https.nio.port}/revoke
>>
>> 3. However, when consuming an API with a JWT token, the Micro-GW shows
>> the below error.
>>
>> ERROR [ballerina/http] - Error while validating JWT token  : {message:"No
>> Registered IDP found for the JWT with issuer name : https://localhost:
>> ${https.nio.port}/token
>>
>> 4. When we decode the JWT (using https://jwt.io/), we found the "iss" as
>> follows. (${https.nio.port} has not been resolved properly)
>>
>> "iss": "https://localhost:${https.nio.port}/token;
>>
>> 5. Then we edited the  of api-manager.xml in ISKM pack as
>> follows.
>>
>> https://localhost:8243/revoke
>>
>> *Note* : In micro-gw.conf of Micro-GW 2.5.0, we have the following.
>>
>> [jwtTokenConfig]
>> issuer="https://localhost:8243/token;
>> audience="http://org.wso2.apimgt/gateway;
>> certificateAlias="wso2apim"
>> trustStore.path="${ballerina.home}/bre/security/ballerinaTruststore.p12"
>> trustStore.password="ballerina"
>>
>> 6. Then, after repeating the process, the API invocation was fine.
>>
>> According to the spec (https://tools.ietf.org/html/rfc7519#section-4.1.1),
>> "iss" claim identifies the principal that issued the JWT. There is
>> another option for this, which is the URL from IS "
>> https://localhost:9444/oauth2/token;. But having this in the JWT token
>> can expose the IS internal oauth2 token URL.
>>
>> So shall we go with the https://localhost:8243 approach?
>>
>> In both cases, we need to hardcode the  as the port
>> property is not resolved properly in non-synapse(IS) environment.
>>
>> Please share your thoughts.
>>
>> (Isuru/Malintha/Fazlan - Please add if I have missed anything.)
>>
>> Thanks.
>>
>> --
>> Chamin Dias
>> Mobile : 0716097455
>> Email : cham...@wso2.com
>> LinkedIn : https://www.linkedin.com/in/chamindias
>>
>>
>
>
> --
> Malintha Amarasinghe
> *WSO2, Inc. - lean | enterprise | middleware*
> http://wso2.com/
>
> Mobile : +94 712383306
>


-- 
Nuwan Dias

Director - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] API Microgateway Ballerina Upgrade to 0.980

[Nuwan Dias]

How about Analytics, Rate Limiting?

On Mon, Jul 23, 2018 at 5:44 AM Sachini De Silva  wrote:

> Hi all,
>
> Adding to the list of tested scenarios,
>
> 8. Deploy microgateway in kubernetes with a single API and invoke with JWT
> token.
> 9. Tested same for a group of labeled APIs.
>
> Thanks,
> Sachini
>
> On Mon, Jul 23, 2018 at 5:10 PM, Sanjeewa Malalgoda 
> wrote:
>
>> Tested 0.980.1 updated microgateway with single API mode for both
>> JWT/OAuth token mode in docker and local mode. Didn't noticed any issues
>> and its working as expected. If other scenarios also passed i think we can
>> go ahead and do release.
>>
>> Thanks,
>> sanjeewa.
>>
>> On Mon, Jul 23, 2018 at 1:43 PM Isuru Haththotuwa 
>> wrote:
>>
>>>
>>>
>>> On Mon, Jul 23, 2018 at 1:36 PM, Bhathiya Jayasekara 
>>> wrote:
>>>
>>>> I think there was an issue with v0.980 and fixed in v0.980.1. Not sure
>>>> if it will affect MG. Please check that.
>>>>
>>> This was a fix related to packerina. However since this is the only
>>> change included, IMO we can bump the version and do the release.
>>>
>>>>
>>>> Thanks,
>>>> Bhathiya
>>>>
>>>> On Mon, Jul 23, 2018 at 12:47 PM Sachini De Silva 
>>>> wrote:
>>>>
>>>>> + [dev]
>>>>>
>>>>> On Mon, Jul 23, 2018 at 12:12 PM, Sachini De Silva 
>>>>> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> This is to give an update on how API Microgateway ballerina upgrade
>>>>>> is going.
>>>>>>
>>>>>> RajithR came up with
>>>>>> https://github.com/wso2/product-microgateway/pull/202/files which
>>>>>> contains the syntax changes to support ballerina 0.980.
>>>>>>
>>>>>> I have tested API Microgateway with the above change and listed below
>>>>>> are the scenarios I tested.
>>>>>>
>>>>>> 1. Created gateway distribution for a single API and invoked through
>>>>>> JWT and Oauth tokens.
>>>>>> 2. Tested the same for labelled APIs
>>>>>> 3. Tested overriding endpoints using system variables.
>>>>>> 4. Microgateway analytics
>>>>>> 6. Deploy microgateway in docker and invoked API using JWT and
>>>>>> Oauth2.
>>>>>> 7. Deploy a group of labeled APIs in docker. (to verify
>>>>>> https://github.com/wso2/product-microgateway/issues/199 is fixed)
>>>>>>
>>>>>> Thanks,
>>>>>> Sachini
>>>>>>
>>>>>> --
>>>>>>
>>>>>> *Sachini De Silva*
>>>>>> Software Engineer - WSO2
>>>>>>
>>>>>> Email : sachi...@wso2.com
>>>>>> Mobile : +94714765495
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Sachini De Silva*
>>>>> Software Engineer - WSO2
>>>>>
>>>>> Email : sachi...@wso2.com
>>>>> Mobile : +94714765495
>>>>>
>>>>>
>>>>
>>>> --
>>>> *Bhathiya Jayasekara*
>>>> *Associate Technical Lead,*
>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>
>>>> *Phone: +94715478185*
>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>*
>>>> *Blog: http://movingaheadblog.blogspot.com
>>>> <http://movingaheadblog.blogspot.com/>*
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Thanks and Regards,
>>>
>>> Isuru H.
>>> +94 716 358 048* <http://wso2.com/>*
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>
>>
>> --
>> *Sanjeewa Malalgoda*
>> WSO2 Inc.
>> Mobile : +94 712933253
>>
>> <http://sanjeewamalalgoda.blogspot.com/>blog
>> :http://sanjeewamalalgoda.blogspot.com/
>> <http://sanjeewamalalgoda.blogspot.com/>
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> *Sachini De Silva*
> Software Engineer - WSO2
>
> Email : sachi...@wso2.com
> Mobile : +94714765495
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
Nuwan Dias

Director - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Giving the different Access tokens in API manager 2.5.0 when try to generate new tokens before expired the access token.

[Nuwan Dias]

[Adding Prasanna].

I don't think this behavior is intentional. Therefore we will have to fix
this.

On Tue, Jul 3, 2018 at 5:44 PM Omindu Rathnaweera  wrote:

> Hi Fazlan/Nalaka,
>
> This behavior is not there in the IS 5.6.0 release candidate. I did a
> small test by reverting the APIMTokenIssuer to the default one and the
> issue got resolved. Better to check the APIMTokenIssuer.
>
> On Mon, Jul 2, 2018 at 7:48 PM Fazlan Nazeem  wrote:
>
>> This seems to be true.
>>
>> @IS team,  What is the reason to expire the token before the expiry time
>> and without a revocation request?
>>
>> On Mon, Jul 2, 2018 at 2:31 PM Nalaka Senarathna 
>> wrote:
>>
>>> In the latest release of API manager if we try to generate new access
>>> tokens before it expired using "password grant type " output is different
>>> access tokens with the same refresh token. when checking the database it
>>> shows the state is "EXPIRED" of the previous access token.
>>>
>>> In earlier releases, if the access token is not expired output was the
>>> same access token when trying to generate using the password grant type.
>>>
>>> Is that change made by intentionally In new release?
>>>
>>> regards.
>>> --
>>> *Nalaka Senarathna*
>>> *Associate Software Engineer | WSO2*
>>>
>>> *Email : nala...@wso2.com *
>>> *Mobile : +94714118474*
>>> *web :  https://wso2.com <https://wso2.com>*
>>> <https://wso2.com/signature>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>
>>
>> --
>> Thanks & Regards,
>>
>> *Fazlan Nazeem*
>> Senior Software Engineer
>> WSO2 Inc
>> Mobile : +94772338839
>> fazl...@wso2.com
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
> Regards,
> Omindu
> --
> Omindu Rathnaweera
> Senior Software Engineer, WSO2 Inc.
> Mobile: +94 771 197 211
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
Nuwan Dias

Director - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Unable to build the Micro Gateway distribution using the command in the documentation

[Nuwan Dias]

I think MARKETING_STORE is the label attached to the API and 'Internal' is
the name of the project that you're creating on your laptop/workstation.

Thanks,
NuwanD.

On Fri, Jun 29, 2018 at 8:56 AM Dinusha Senanayaka  wrote:

> Malintha, can you please fix the label name to be consistent in the
> sample. In the publisher, label is given as "MRKETING_STORE", but in  setup
> and build commands label is used as "Internal"  which is kind of confusing.
> Better if we an keep label as "MRKETING_STORE" for all the places.
>
> Regards,
> Dinusha
>
> On Fri, Jun 29, 2018 at 8:22 AM Malintha Amarasinghe 
> wrote:
>
>> Thanks for reporting this Iloshini. I have fixed the documentation.
>>
>> Thanks!
>>
>>
>> On Thu, Jun 28, 2018 at 10:38 PM, Iloshini Karunarathne <
>> ilosh...@wso2.com> wrote:
>>
>>> Hi All,
>>>
>>> There is an issue when building the micro-gateway distribution by using
>>> the command, *micro-gw build -l internal* in the documentation [1].
>>> Found that the source files haven't built and the target folder is empty.
>>>
>>> As per the source code, the command should be *micro-gw build -n
>>> internal *and able to successfully build the micro-gateway distribution
>>> using this command.
>>>
>>> This issue occurs when using the APIM Micro Gateway *Beta release* and
>>> IMHO it will be better if we can update the documentation [1] accordingly.
>>>
>>>
>>> [1].
>>> https://docs.wso2.com/display/AM2xx/Configuring+the+API+Microgateway
>>>
>>> Thanks,
>>> Iloshini
>>>
>>> Regards,
>>>
>>> *Iloshini Karunarathne*
>>>
>>> *Software Engineer | Support Team*
>>> *WSO2*
>>>
>>> Email : ilosh...@wso2.com
>>> Mobile : +94719821300
>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "WSO2 Documentation Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to documentation+unsubscr...@wso2.com.
>>> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>>>
>>
>>
>>
>> --
>> Malintha Amarasinghe
>> *WSO2, Inc. - lean | enterprise | middleware*
>> http://wso2.com/
>>
>> Mobile : +94 712383306
>>
>
>
> --
> Dinusha Dilrukshi
> Technical Lead
> WSO2 Inc.: http://wso2.com/
> Mobile: +94764069991
> Blog: http://dinushasblog.blogspot.com/
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM] Unable to run micro-gw generated balx file

[Nuwan Dias]

We will be getting rid of the .balx file generated outside the project
directory. Therefore it would be best if you could extract the .zip file
that's generated and run the program via the provided bash script.

On Wed, Jun 27, 2018 at 5:03 PM Dinusha Senanayaka  wrote:

>
> Hi Malintha,
>
> On Wed, Jun 27, 2018 at 4:57 PM Malintha Amarasinghe 
> wrote:
>
>> Hi Dinusha,
>>
>> It should work, basically the shell script created inside the
>> distribution (distribution/micro-gw-marketing_store/bin/micro_gw.sh)
>> also doing a ballerina run command.
>>
>> Does running the above file (./micro_gw.sh) work?
>>
> Yes,  that works.
>
>> If it works, the ballerina runtime installed in your machine may be not
>> matching with the balx file generated here. Please check with "ballerina
>> --version"
>>
> 0.970.1. What should be the ballerina version relevant to  micro-gw alpha
> release ?
>
> Regards,
> Dinusha
>
>>
>> Thanks!
>>
>> On Wed, Jun 27, 2018 at 4:01 PM, Dinusha Senanayaka 
>> wrote:
>>
>>> Hi APIM team,
>>>
>>> I'm trying to run micro-gw build generated balx file as a separate
>>> ballerina program and getting following error. Is that something possible ?
>>> Any idea on what could be wrong here ?
>>>
>>> Tried to execute the balx file in project's target directory and then
>>> the one in "target/distribution/micro-gw-marketing_store/exec" directory.
>>>
>>> projects/marketing_store/target/distribution/micro-gw-marketing_store/exec$
>>> *tree*
>>> .
>>> ├── ballerina-internal.log
>>> └── marketing_store.balx
>>>
>>> $ *ballerina run marketing_store.balx --config ../conf/micro-gw.conf *
>>> ballerina: Oh no, something really went wrong. Bad. Sad.
>>>
>>> *There should be a file named "ballerina-internal.log" in the current
>>> directory.*
>>> If you are able to share with us the code that broke Ballerina then
>>> we would REALLY appreciate if you would report this to us:
>>> go to https://github.com/ballerina-platform/ballerina-lang/issues and
>>> create a bug report with both this log file and the sample code.
>>>
>>> Following exception can be seen in "ballerina-internal.log" file.
>>>
>>> ERROR {org.ballerinalang.launcher.Main} - ballerina: invalid program
>>> file format
>>> org.ballerinalang.util.exceptions.ProgramFileFormatException: ballerina:
>>> invalid program file format
>>> at org.ballerinalang.BLangProgramLoader.read(BLangProgramLoader.java:46)
>>> at
>>> org.ballerinalang.launcher.LauncherUtils.runProgram(LauncherUtils.java:82)
>>> at org.ballerinalang.launcher.Main$RunCmd.execute(Main.java:256)
>>> at java.util.Optional.ifPresent(Optional.java:159)
>>> at org.ballerinalang.launcher.Main.main(Main.java:66)
>>> Caused by: java.lang.IndexOutOfBoundsException: Index: 33554432, Size:
>>> 125
>>> at java.util.ArrayList.rangeCheck(ArrayList.java:657)
>>> at java.util.ArrayList.get(ArrayList.java:433)
>>> at
>>> org.ballerinalang.util.codegen.PackageInfo.getCPEntry(PackageInfo.java:103)
>>> at
>>> org.ballerinalang.util.codegen.ProgramFileReader.getAttributeInfo(ProgramFileReader.java:1143)
>>> at
>>> org.ballerinalang.util.codegen.ProgramFileReader.readAttributeInfoEntries(ProgramFileReader.java:1133)
>>> at
>>> org.ballerinalang.util.codegen.ProgramFileReader.readStructInfoEntries(ProgramFileReader.java:497)
>>> at
>>> org.ballerinalang.util.codegen.ProgramFileReader.readPackageInfo(ProgramFileReader.java:377)
>>> at
>>> org.ballerinalang.util.codegen.ProgramFileReader.readProgramInternal(ProgramFileReader.java:159)
>>> at
>>> org.ballerinalang.util.codegen.ProgramFileReader.readProgram(ProgramFileReader.java:126)
>>> at org.ballerinalang.BLangProgramLoader.read(BLangProgramLoader.java:39)
>>> ... 4 more
>>>
>>> Regards,
>>> Dinusha
>>>
>>> --
>>> Dinusha Dilrukshi
>>> Technical Lead
>>> WSO2 Inc.: http://wso2.com/
>>> Mobile: +94764069991
>>> Blog: http://dinushasblog.blogspot.com/
>>>
>>
>>
>>
>> --
>> Malintha Amarasinghe
>> *WSO2, Inc. - lean | enterprise | middleware*
>> http://wso2.com/
>>
>> Mobile : +94 712383306
>>
>
>
> --
> Dinusha Dilrukshi
> Technical Lead
> WSO2 Inc.: http://wso2.com/
> Mobile: +94764069991
> Blog: http://dinushasblog.blogspot.com/
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Micro Gateway CLI - Hashing Resources (APIs/Policies) for change detection

[Nuwan Dias]

gt;>>>>
>>>>>
>>>>> /**
>>>>>  * WSDL URL if the APIDetailedDTO is based on a WSDL endpoint\n
>>>>>  **/
>>>>> @JsonProperty("wsdlUri")
>>>>> public String getWsdlUri() {
>>>>> return wsdlUri;
>>>>> }
>>>>>
>>>>> public void setWsdlUri(String wsdlUri) {
>>>>> this.wsdlUri = wsdlUri;
>>>>> }
>>>>>
>>>>> *@Hash*
>>>>> @JsonProperty("responseCaching")
>>>>> public String getResponseCaching() {
>>>>> return responseCaching;
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>> The methods marked with *@Hash* will be automatically extracted from
>>>>> the code and will be used to generate the hashes for each resource.
>>>>>
>>>>> The generated hashes will be stored inside the CLI's temp folder
>>>>> against each resources' UUID, which will be used to compare the hash
>>>>> changes between next runs.
>>>>>
>>>> What are the fields which we have added to the hash?
>>>>
>>>>>
>>>>>
>>>>> Highly appreciate your ideas on this.
>>>>>
>>>>> Thanks!
>>>>> Malintha
>>>>>
>>>>>
>>>>> --
>>>>> Malintha Amarasinghe
>>>>> *WSO2, Inc. - lean | enterprise | middleware*
>>>>> http://wso2.com/
>>>>>
>>>>> Mobile : +94 712383306
>>>>>
>>>>
>>>>
>>>> --
>>>> Harsha Kumara
>>>> Associate Technical Lead, WSO2 Inc.
>>>> Mobile: +94775505618
>>>> Blog:harshcreationz.blogspot.com
>>>>
>>>
>>>
>>>
>>> --
>>> Malintha Amarasinghe
>>> *WSO2, Inc. - lean | enterprise | middleware*
>>> http://wso2.com/
>>>
>>> Mobile : +94 712383306
>>>
>>
>>
>>
>> --
>> Malintha Amarasinghe
>> *WSO2, Inc. - lean | enterprise | middleware*
>> http://wso2.com/
>>
>> Mobile : +94 712383306
>>
>
>
>
> --
> Thanks and Regards,
>
> Isuru H.
> +94 716 358 048* <http://wso2.com/>*
>
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] APIM CLI simplify endpoint url configs

[Nuwan Dias]

I guess you are referring to the Microgateway CLI and not the APIM CLI.

On Mon, Jun 18, 2018 at 11:11 AM, Rukshan Premathunga 
wrote:

> Hi All,
>
> Currently CLI auto generate endpoints from defautl values and user have to
> edit it in order to work if endpoints are diffrent. As a solution we
> thought to provide urls as arguments for setup command.
> But here we have 4 endpoints(store, publisher, admin and token) to get as
> arguments. But making all of them as  mandatory, user experience may get
> reduce, So we need to have a mechanism to derive them.
>
> One option is to use one host for apps in same node(store, pub, admin). If
> it is changed, provide the optional arguments to override them.
>
> So can you also share some idea please.
>
> Thanks and Regards
> --
>
> Rukshan Chathuranga.
> WSO2, Inc.
> +94711822074
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] One Specific API not responding

[Nuwan Dias]

I was specifically interested in seeing the value of the Transfer-Encoding
request header. Since it appears to be missing, can you try disabling
chunking of this particular API by setting  in the api xml file
located at
/repository/deployment/server/synapse-configs/default/api ? You
should put this config within the  of the  being
executed.

If the above works, you could apply this solution as documented at [1].

[1] - https://docs.wso2.com/display/AM210/Disable+Message+Chunking

Thanks,
Nuwan.

On Tue, Apr 24, 2018 at 5:47 PM, <alapan@valuelabs.com> wrote:

> Hello Nuwan,
>
>
>
> Please find the requested information for backend API directly :
>
>
>
> *Request Headers --*
>
> Source-Identifier:  A076FCBB-41F3-4FB5-A9P8-DA2DCF6YR942
>
> Content-Type: application/json
>
> Authorization-Token :
>
>
>
> *Response Headers -- *
>
> Cache-Control →no-cache
>
> Content-Length →25078
>
> Content-Type →application/json; charset=utf-8
>
> Date →Tue, 24 Apr 2018 12:11:06 GMT
>
> Expires →-1
>
> Pragma →no-cache
>
> Server →Microsoft-IIS/8.0
>
> X-AspNet-Version →4.0.30319
>
> X-Powered-By →ASP.NET
>
>
>
> Best regards
>
> *Alapan Sur*
>
> Project Manager - SD
>
> ValueLabs - *'inspired by potential'*
>
> Desk: +91-40-6623-9000 | Ext: 32112
>
> Mobile: +91-7799681717
>
> This e-mail may contain information that is proprietary, confidential or
> otherwise protected from disclosure and is sent for the intended
> recipient(s) only. For email disclaimer details, please visit:
>  http://www.valuelabs.com/terms-of-use/
>
>
>
> *From:* Nuwan Dias [mailto:nuw...@wso2.com]
> *Sent:* Tuesday, April 24, 2018 5:24 PM
> *To:* alapan@valuelabs.com
> *Cc:* Abimaran Kugathasan <abima...@wso2.com>; dev <dev@wso2.org>
>
> *Subject:* Re: [Dev] One Specific API not responding
>
>
>
> Hi Alan,
>
>
>
> Can you send the list of Request headers and Response headers from a
> successful request that goes to your back-end directly (without going
> through the Gateway)?
>
>
>
> Thanks,
>
> Nuwan.
>
>
>
> On Tue, Apr 24, 2018 at 5:03 PM, <alapan@valuelabs.com> wrote:
>
> Hello Abimaran,
>
>
>
> I have increased socket timeout and connection timeout to 3 mints and also
> disabled the suspension of API, I am still getting 504 gateway timeout
> error and sometime I get the response. Also I have checked the backend API
> but we are getting response from backend server within 2 -3 seconds .
>
>
>
> I need immediate help to sort this out as we already moved this to
> production and customers are facing issue with timeout.
>
>
>
> Best regards
>
> *Alapan Sur*
>
> Project Manager - SD
>
> ValueLabs - *'inspired by potential'*
>
> Desk: +91-40-6623-9000 | Ext: 32112
>
> Mobile: +91-7799681717
>
> This e-mail may contain information that is proprietary, confidential or
> otherwise protected from disclosure and is sent for the intended
> recipient(s) only. For email disclaimer details, please visit:
> http://www.valuelabs.com/terms-of-use/
>
>
>
> *From:* Abimaran Kugathasan [mailto:abima...@wso2.com]
> *Sent:* Tuesday, April 24, 2018 4:41 PM
> *To:* alapan@valuelabs.com
> *Cc:* dev <dev@wso2.org>
> *Subject:* Re: [Dev] One Specific API not responding
>
>
>
> Hi Alapan,
>
>
>
> Do you want to increase socket timeout or remove the suspension of API?
>
>
>
> On Fri, Apr 20, 2018 at 11:24 AM, <alapan@valuelabs.com> wrote:
>
> Hello Team,
>
>
>
> Any idea on the below ?
>
>
>
> Best regards
>
> *Alapan Sur*
>
> Project Manager - SD
>
> ValueLabs - *'inspired by potential'*
>
> Desk: +91-40-6623-9000 | Ext: 32112
>
> Mobile: +91-7799681717
>
> This e-mail may contain information that is proprietary, confidential or
> otherwise protected from disclosure and is sent for the intended
> recipient(s) only. For email disclaimer details, please visit:
> http://www.valuelabs.com/terms-of-use/
>
>
>
> *From:* alapan@valuelabs.com [mailto:alapan@valuelabs.com]
> *Sent:* Thursday, April 19, 2018 1:24 PM
> *To:* 'dev@wso2.org' <dev@wso2.org>
> *Subject:* One Specific API not responding
>
>
>
> Hello Team,
>
>
>
> We are facing an issue file working with WSO2 API Manager 2.1.0.
>
>
>
> There is one request for a specific endpoint is continuously failing for
> some reason and as a result, this specific API is getting down and we are
> not getting an response from WSO2 APIM gateway  although we are receiving
> the response from backend API before the so

Re: [Dev] One Specific API not responding

[Nuwan Dias]

Hi Alan,

Can you send the list of Request headers and Response headers from a
successful request that goes to your back-end directly (without going
through the Gateway)?

Thanks,
Nuwan.

On Tue, Apr 24, 2018 at 5:03 PM, <alapan@valuelabs.com> wrote:

> Hello Abimaran,
>
>
>
> I have increased socket timeout and connection timeout to 3 mints and also
> disabled the suspension of API, I am still getting 504 gateway timeout
> error and sometime I get the response. Also I have checked the backend API
> but we are getting response from backend server within 2 -3 seconds .
>
>
>
> I need immediate help to sort this out as we already moved this to
> production and customers are facing issue with timeout.
>
>
>
> Best regards
>
> *Alapan Sur*
>
> Project Manager - SD
>
> ValueLabs - *'inspired by potential'*
>
> Desk: +91-40-6623-9000 | Ext: 32112
>
> Mobile: +91-7799681717
>
> This e-mail may contain information that is proprietary, confidential or
> otherwise protected from disclosure and is sent for the intended
> recipient(s) only. For email disclaimer details, please visit:
>  http://www.valuelabs.com/terms-of-use/
>
>
>
> *From:* Abimaran Kugathasan [mailto:abima...@wso2.com]
> *Sent:* Tuesday, April 24, 2018 4:41 PM
> *To:* alapan@valuelabs.com
> *Cc:* dev <dev@wso2.org>
> *Subject:* Re: [Dev] One Specific API not responding
>
>
>
> Hi Alapan,
>
>
>
> Do you want to increase socket timeout or remove the suspension of API?
>
>
>
> On Fri, Apr 20, 2018 at 11:24 AM, <alapan@valuelabs.com> wrote:
>
> Hello Team,
>
>
>
> Any idea on the below ?
>
>
>
> Best regards
>
> *Alapan Sur*
>
> Project Manager - SD
>
> ValueLabs - *'inspired by potential'*
>
> Desk: +91-40-6623-9000 | Ext: 32112
>
> Mobile: +91-7799681717
>
> This e-mail may contain information that is proprietary, confidential or
> otherwise protected from disclosure and is sent for the intended
> recipient(s) only. For email disclaimer details, please visit:
> http://www.valuelabs.com/terms-of-use/
>
>
>
> *From:* alapan@valuelabs.com [mailto:alapan@valuelabs.com]
> *Sent:* Thursday, April 19, 2018 1:24 PM
> *To:* 'dev@wso2.org' <dev@wso2.org>
> *Subject:* One Specific API not responding
>
>
>
> Hello Team,
>
>
>
> We are facing an issue file working with WSO2 API Manager 2.1.0.
>
>
>
> There is one request for a specific endpoint is continuously failing for
> some reason and as a result, this specific API is getting down and we are
> not getting an response from WSO2 APIM gateway  although we are receiving
> the response from backend API before the socket time out error.  Please
> find the below error we are getting :
>
>
>
> TID: [-1] [] [2018-04-19 04:54:24,294] WARN 
> {org.apache.synapse.transport.passthru.SourceHandler}
> - Connection time out after request is read: http-incoming-106261 Socket
> Timeout : 6 Remote Address : /10.138.120.228:36754
> <https://l.facebook.com/l.php?u=http%3A%2F%2F10.138.120.228%3A36754%2F=ATOl7IzK7wN9mVsfkzG0fh6ZtnMR7L9K40MZWk0LYuJEbmNeWspvtYMO4BNt3VE7oDGgr23jwDtmmzAmNzl9jDrCHFvSnNLITEmpFqP6iWx4v_OkfvIqNnIxGpvMv6PB>
> {org.apache.synapse.transport.passthru.SourceHandler}
>
>
> Is there any threshold configuration which is configured to handle the
> multiple API failure and WSO2 skips suspend the end point ?
> <http://l.facebook.com/l.php?u=http%3A%2F%2F10.138.120.228%3A36754%2F=ATPsubv-DfKlSaiNx21YeahwUalUYsKADBcz4F-OaA0nNb7IrCxSzP9E4OvrEmhKGyMow8idhB7i0Ij9HBZZRiJUfMgIi7R31JXKm0GM27z_dVvC_69FV9pEg9RG9I6_2afAkKPvJcE=1>
>
>
>
> Can anyone help in this regard ?
>
> Best regards
>
> *Alapan Sur*
>
> Project Manager - SD
>
> ValueLabs - *'inspired by potential'*
>
> Desk: +91-40-6623-9000 | Ext: 32112
>
> Mobile: +91-7799681717
>
> This e-mail may contain information that is proprietary, confidential or
> otherwise protected from disclosure and is sent for the intended
> recipient(s) only. For email disclaimer details, please visit:
> http://www.valuelabs.com/terms-of-use/
>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
>
>
> --
>
> Thanks
>
> Abimaran Kugathasan
>
> Senior Software Engineer - API Technologies
>
>
>
> Email : abima...@wso2.com
>
> Mobile : +94 773922820
>
>
>
> <http://stackoverflow.com/users/515034>
> <http://lk.linkedin.com/in/abimaran>
> <http://www.lkabimaran.blogspot.com/>  <https://github.com/abimarank>
> <https://twitter.com/abimaran>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Forget-me tool is not shipped with wso2am-micro-gw-2.2.0

[Nuwan Dias]

The MicroGW will never be used in isolation. Therefore if someone wants it,
they can use the forgetme tool from the parent profile. It'll work on the
microgw to. I don't see a huge requirement to WUM it since nobody will be
blocked by this.

On Tue, Apr 10, 2018 at 11:55 AM, Megala Uthayakumar <meg...@wso2.com>
wrote:

> Hi,
>
> Is there any reason for not shipping forget-me tool with wso2am-micro-gw?
> If there is no reason, it is better to push it as a WUM update.
>
> Thanks.
>
> Regards,
> Megala
>
> --
> Megala Uthayakumar
>
> Senior Software Engineer
> Mobile : 0779967122
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Possible Issue with user.core AdminUser role assignment

[Nuwan Dias]

I guess this behavior is specific to attaching admin role to the admin user
on startup right? If we create a user manually and assign him the admin
role and then configure his username in the user-mgt.xml file, it should be
fine right?

On Tue, Mar 20, 2018 at 7:23 AM, Ruwan Yatawara <ruw...@wso2.com> wrote:

> Hi all,
>
> With the bump to kernel 4.4.26, noticed the following behaviour.
>
>- When a non-existent admin user is declared in user-mgt.xml, at
>server boot up even though the user is created, said user is not assigned
>the default "admin" role, as expected, instead when browsed via the carbon
>console, user is seen to have internal/everyone role, only.
>- When the admin role name is also changed along with the new admin
>user, the new admin role is attached to the user account as expected.
>- Amidst all this however, when enabled user.core debug logs, admin
>role is attached to the role as per log :
>   - DEBUG - JDBCAuthorizationManager abcd1 user is in role :  admin
>
> It appears there maybe an issue with getting the role list of a user /
> user list of role for freshly created users, automatically created when
> changing the user-mgt.xml.
>
> I believe this may have an impact on scope validation in api manager when
> default admin user name is changed, as the ScopesIssuer class will refer
> the role list attached to a particular user (in this case, when an admin
> user requests for tokens), before granting a particular scope.
>
> I am investigating further in to this.
>
>
> Thanks and Regards,
>
> Ruwan Yatawara
>
> Technical Lead,
> WSO2 Inc.
>
> email : ruw...@wso2.com
> mobile : +94 77 9110413
> http://ruwansrants.blogspot.com/
> https://500px.com/ruwan_ace
> https://medium.com/@ruwanyatawara
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Getting Error "ServerWorker Error while building message for REST_URL request" for all API requests

[Nuwan Dias]

Is there a release of EI happening in Q1? Don't you notice this error on
latest versions of EI?

On Fri, Feb 23, 2018 at 3:46 PM, Vijitha Ekanayake <vijit...@wso2.com>
wrote:

> This error is generated within the handleRESTUrlPost(...) method in
> ServerWorker class. So I think we need to investigate the reason why these
> GET requests are landed in that method and fix if there is an issue in the
> logic.
>
> Thanks.
>
> On Fri, Feb 23, 2018 at 3:20 PM, Chaminda Jayawardena <chami...@wso2.com>
> wrote:
>
>> True, But I am trying with Jmeter and just tried since suggested above
>> and error is not appeared when it sends with Content-Type :)
>> Yes, have to fix it.
>>
>> Thanks,
>> Chaminda
>>
>> On Fri, Feb 23, 2018 at 3:12 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>>
>>> Well, for GET requests you aren't supposed to have a Content-Type header.
>>>
>>> On Fri, Feb 23, 2018 at 3:11 PM, Chaminda Jayawardena <chami...@wso2.com
>>> > wrote:
>>>
>>>> Getting this continuously even for the GET requests in
>>>> wso2apim-2.1.0-update12. Disappeared once put Content-Type(value as any
>>>> format) on the header.
>>>>
>>>> Thanks,
>>>> Chaminda
>>>>
>>>> On Fri, Feb 23, 2018 at 1:38 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>>>>
>>>>> I'm just doing a GET. I also checked with a POST with the correct
>>>>> Content-Type header as well.
>>>>>
>>>>> On Fri, Feb 23, 2018 at 1:17 PM, Vijitha Ekanayake <vijit...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Nuwan,
>>>>>>
>>>>>> According to below code segment, it seems like this happens when
>>>>>> request Content-Type doesn't match with the payload.
>>>>>>
>>>>>> try {
>>>>>>
>>>>>>   soapEnvelope = TransportUtils.createSOAPMessage(msgContext, null, 
>>>>>> contentType);
>>>>>>} catch (Exception e) {
>>>>>>   log.error("Error while building message for REST_URL request");
>>>>>> }
>>>>>>
>>>>>> Also It might be a case that POST requests received without a 
>>>>>> Content-Type header. Is there any possibility to isolate one such 
>>>>>> request causes this error. So that we could identify extract root cause 
>>>>>> for this.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>>
>>>>>> On Thu, Feb 22, 2018 at 2:38 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I'm seeing the error "*ServerWorker Error while building message
>>>>>>> for REST_URL request*" on the logs for all API requests on Synapse
>>>>>>> version 2.1.7.wso2v40. Any idea what could be causing this? AFAIR this
>>>>>>> wasn't there on earlier versions.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> NuwanD.
>>>>>>>
>>>>>>> --
>>>>>>> Nuwan Dias
>>>>>>>
>>>>>>> Software Architect - WSO2, Inc. http://wso2.com
>>>>>>> email : nuw...@wso2.com
>>>>>>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Vijitha Ekanayake
>>>>>> Senior Software Engineer*, *WSO2, Inc.; http://wso2.com/
>>>>>> Mobile : +94 777 24 73 39 | +94 718 74 44 08
>>>>>> lean.enterprise.middleware
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Nuwan Dias
>>>>>
>>>>> Software Architect - WSO2, Inc. http://wso2.com
>>>>> email : nuw...@wso2.com
>>>>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>>>>
>>>>> ___
>>>>> Dev mailing list
>>>>> Dev@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks & Regards
>>>>
>>>> *Chaminda Jayawardena*
>>>> Associate Technical Lead - QA
>>>> WSO2 Inc. - http://wso2.com
>>>> +94-77-7725234 <+94%2077%20772%205234>
>>>>
>>>
>>>
>>>
>>> --
>>> Nuwan Dias
>>>
>>> Software Architect - WSO2, Inc. http://wso2.com
>>> email : nuw...@wso2.com
>>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>>
>>
>>
>>
>> --
>> Thanks & Regards
>>
>> *Chaminda Jayawardena*
>> Associate Technical Lead - QA
>> WSO2 Inc. - http://wso2.com
>> +94-77-7725234 <+94%2077%20772%205234>
>>
>
>
>
> --
> Vijitha Ekanayake
> Senior Software Engineer*, *WSO2, Inc.; http://wso2.com/
> Mobile : +94 777 24 73 39 | +94 718 74 44 08
> lean.enterprise.middleware
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 Committers += Naduni Pamudika

[Nuwan Dias]

Hi,

Its my pleasure to announce Naduni Pamudika as a WSO2 Committer. She has
been a valuable contributor to WSO2 API Manager.

Congratulations Naduni and keep up the good work!!.

Thanks,
NuwanD.

-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Getting Error "ServerWorker Error while building message for REST_URL request" for all API requests

[Nuwan Dias]

Well, for GET requests you aren't supposed to have a Content-Type header.

On Fri, Feb 23, 2018 at 3:11 PM, Chaminda Jayawardena <chami...@wso2.com>
wrote:

> Getting this continuously even for the GET requests in
> wso2apim-2.1.0-update12. Disappeared once put Content-Type(value as any
> format) on the header.
>
> Thanks,
> Chaminda
>
> On Fri, Feb 23, 2018 at 1:38 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>> I'm just doing a GET. I also checked with a POST with the correct
>> Content-Type header as well.
>>
>> On Fri, Feb 23, 2018 at 1:17 PM, Vijitha Ekanayake <vijit...@wso2.com>
>> wrote:
>>
>>> Hi Nuwan,
>>>
>>> According to below code segment, it seems like this happens when request
>>> Content-Type doesn't match with the payload.
>>>
>>> try {
>>>
>>>   soapEnvelope = TransportUtils.createSOAPMessage(msgContext, null, 
>>> contentType);
>>>} catch (Exception e) {
>>>   log.error("Error while building message for REST_URL request");
>>> }
>>>
>>> Also It might be a case that POST requests received without a Content-Type 
>>> header. Is there any possibility to isolate one such request causes this 
>>> error. So that we could identify extract root cause for this.
>>>
>>> Thanks.
>>>
>>>
>>> On Thu, Feb 22, 2018 at 2:38 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I'm seeing the error "*ServerWorker Error while building message for
>>>> REST_URL request*" on the logs for all API requests on Synapse version
>>>> 2.1.7.wso2v40. Any idea what could be causing this? AFAIR this wasn't there
>>>> on earlier versions.
>>>>
>>>> Thanks,
>>>> NuwanD.
>>>>
>>>> --
>>>> Nuwan Dias
>>>>
>>>> Software Architect - WSO2, Inc. http://wso2.com
>>>> email : nuw...@wso2.com
>>>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>>>
>>>
>>>
>>>
>>> --
>>> Vijitha Ekanayake
>>> Senior Software Engineer*, *WSO2, Inc.; http://wso2.com/
>>> Mobile : +94 777 24 73 39 | +94 718 74 44 08
>>> lean.enterprise.middleware
>>>
>>
>>
>>
>> --
>> Nuwan Dias
>>
>> Software Architect - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks & Regards
>
> *Chaminda Jayawardena*
> Associate Technical Lead - QA
> WSO2 Inc. - http://wso2.com
> +94-77-7725234 <+94%2077%20772%205234>
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Getting Error "ServerWorker Error while building message for REST_URL request" for all API requests

[Nuwan Dias]

I'm just doing a GET. I also checked with a POST with the correct
Content-Type header as well.

On Fri, Feb 23, 2018 at 1:17 PM, Vijitha Ekanayake <vijit...@wso2.com>
wrote:

> Hi Nuwan,
>
> According to below code segment, it seems like this happens when request
> Content-Type doesn't match with the payload.
>
> try {
>
>   soapEnvelope = TransportUtils.createSOAPMessage(msgContext, null, 
> contentType);
>} catch (Exception e) {
>   log.error("Error while building message for REST_URL request");
> }
>
> Also It might be a case that POST requests received without a Content-Type 
> header. Is there any possibility to isolate one such request causes this 
> error. So that we could identify extract root cause for this.
>
> Thanks.
>
>
> On Thu, Feb 22, 2018 at 2:38 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>> Hi,
>>
>> I'm seeing the error "*ServerWorker Error while building message for
>> REST_URL request*" on the logs for all API requests on Synapse version
>> 2.1.7.wso2v40. Any idea what could be causing this? AFAIR this wasn't there
>> on earlier versions.
>>
>> Thanks,
>> NuwanD.
>>
>> --
>> Nuwan Dias
>>
>> Software Architect - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>
>
>
>
> --
> Vijitha Ekanayake
> Senior Software Engineer*, *WSO2, Inc.; http://wso2.com/
> Mobile : +94 777 24 73 39 | +94 718 74 44 08
> lean.enterprise.middleware
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Getting Error "ServerWorker Error while building message for REST_URL request" for all API requests

[Nuwan Dias]

Hi,

I'm seeing the error "*ServerWorker Error while building message for
REST_URL request*" on the logs for all API requests on Synapse version
2.1.7.wso2v40. Any idea what could be causing this? AFAIR this wasn't there
on earlier versions.

Thanks,
NuwanD.

-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [dev] Scope Management with OAuth Scopes

[Nuwan Dias]

The permissions of the use role have no relevance to the issuance of the
token. For a user to obtain a token with a certain set of scopes, the two
criteria below needs to be fulfilled.

1) The user should be in a role that is bound to the scope being requested.
2) The particular application that makes the /token request needs to bear a
valid subscription to the API that has the scope attached to a Resource.

Thanks,
NuwanD.

On Thu, Jan 18, 2018 at 1:33 PM, Isuru Uyanage <isur...@wso2.com> wrote:

> Hi All,
> I need to clarify if the below scenario is valid.
>
> Role Permission Scope Resource
> HRDept Admin Permission add_user POST
> Accounts Login, api create, api publish, api subscribe search_user GET
>
> 1. The role HRDept(With admin permission) can create an application and
> generate access token according to the scope from the Management Console as
> well as from a cURL command. Further, the particular resource can be
> invoked successfully.
>
> 2. The users belong to role Account *create a new application*, but they
> are not allowed select their own scope(search_user) from the Management
> console and generate the access token. An access token is generated for a
> default scope and using that they cannot proceed the GET operation.
> The same thing was tried by the curl command and got the same above
> result.
>
> curl -k -d "grant_type=password=user1S=Test123=
> *search_user*" -H "Authorization: Basic TnNRUXpoZjhZR2EyYmNSU1kwblZScG
> lqcllFYTo4X21Rb0VfSzZyWVB6T2VjZnM5RVlEWjNJXzBh"  -H "Content-Type:
> application/x-www-form-urlencoded" https://localhost:8243/token
>
>
> {"access_token":"b5484ade-42e4-3709-a6a6-cfc18008b6ec","
> refresh_token":"56142251-f1e8-3951-91d2-091a98d07d70","scope":"*default*
> ","token_type":"Bearer","expires_in":3600}
>
>
>
>
> This happens only if access tokens are generated for newly created
> applications other than the default application. With the default
> application above scenario works successfully.
>
> In a summary,
>
>- *Users who do not have admin permissions(Role - Accounts) creates a
>new application, using that they cannot get the access token for particular
>scope(search_user), instead, they get a default scope. And the resource
>cannot be invoked through that. But, with the default application, they get
>the access token for the particular scope and the resource can be invoked
>successfully. *
>
>
>- *Users who have admin permission (Role HRDept) can create a new
>application, using that they can get an access token for particular
>scope(add_user) and invoke the resource successfully. *
>
> Could you please confirm if above concerns are valid. Any feedback would
> be appreciated if I've missed anything.
>
> References: https://docs.wso2.com/display/AM2xx/Scope+
> Management+with+OAuth+Scopes
> Product: apim 2.1.0 update 6
>
> *Thanks and Best Regards,*
>
> *Isuru Uyanage*
> *Software Engineer - QA | WSO2*
> *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752*
> *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/
> <https://www.linkedin.com/in/isuru-uyanage/>*
>
>
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM] [Analytics] Can we analyze api invocations against the app language

[Nuwan Dias]

n De Silva <jas...@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> In APIM we provide sdk's to develop client apps to consume the apis
>>>>>>> from a preferred language. Let's assume a scenario where I develop 
>>>>>>> several
>>>>>>> apps using php, android, java etc.  which consumes from the same API. In
>>>>>>> such scenario is there a possibility that I can differentiate the api
>>>>>>> invocations done app wise to be tracked from analytics. E.g 50 calls
>>>>>>> via php app, 25 calls via android app etc.?
>>>>>>>
>>>>>>> I was going through [1] and I found that we currently capture the
>>>>>>> "User-Agent" header and save the OS and Browser version in
>>>>>>> API_REQ_USER_BROW_SUMMARY table and we generate stats to show the 
>>>>>>> browser
>>>>>>> version under "API Usage Across Usage Agent" in analytics. But I could 
>>>>>>> not
>>>>>>> find any info on how to get the above configured. Any input on this is
>>>>>>> highly appreciated.
>>>>>>>
>>>>>>> [1] https://docs.wso2.com/display/AM2xx/Viewing+API+Statisti
>>>>>>> cs#ViewingAPIStatistics-APIUsageAcrossUserAgent
>>>>>>>
>>>>>>> Regards,
>>>>>>> Jason
>>>>>>>
>>>>>>> Jason De Silva
>>>>>>> *Software Engineer - QA*
>>>>>>> Mobile: +94 (0) 772 097 678
>>>>>>> Email: jas...@wso2.com
>>>>>>> WSO2 Inc. www.wso2.com
>>>>>>> <http://wso2.com/signature>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thanks & Regards,
>>>>>>
>>>>>> *Fazlan Nazeem*
>>>>>> Senior Software Engineer
>>>>>> WSO2 Inc
>>>>>> Mobile : +94772338839 <+94%2077%20233%208839>
>>>>>> fazl...@wso2.com
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Rukshan Chathuranga.
>>>> Software Engineer.
>>>> WSO2, Inc.
>>>> +94711822074 <+94%2071%20182%202074>
>>>>
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> *Praminda Jayawardana*
>> Software Engineer
>> WSO2 Inc.; http://wso2.com
>> Mobile : +94 (0) 716 590918 <+94%2071%20659%200918>
>>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Enforcing a grace period to upgrade to the new version of the API in APIM 2.2.0

[Nuwan Dias]

How this can be achieved is by using the notifications functions when new
API versions are created and by the API deprecation feature. So what will
happen when a new version of an API is published is that a notification
should be sent to existing subscribes to notify them that the API will be
deprecated in X months and retired in Y months. Then the API publisher has
to actually perform those actions (deprecate and retire) in X and Y
respectively.

Thanks,
NuwanD.

On Fri, Jan 12, 2018 at 5:28 PM, Isuru Haththotuwa <isu...@wso2.com> wrote:

>
>
> On Fri, Jan 12, 2018 at 5:22 PM, Shanika Wickramasinghe <shani...@wso2.com
> > wrote:
>
>> Hi All,
>>
>> Please Refer to the APIM 2.2.0 Scenario doc [1]. Under API Versioning
>> section there is a sub point as below
>>
>> "Enforcing a grace period to upgrade to the new version of the API"
>>
>> Could not find a way to implement this under the API Versioning section
>> in APIM 2.x.x [2] [3]. Is it possible to implement this using throttling
>> policies (correct me if i am wrong) [4]. Appreciate any guidance on how
>> this can be implemented using APIM 2.1.0 update-5 pack.
>>
>>
>>
>> [1].https://docs.google.com/document/d/1YTcqeywgLR47NZY3xWwc
>> -jJfREjhhVl2vgAAasZhN3A/edit#heading=h.5ols5s5s9tct
>> [2].https://docs.wso2.com/display/AM2xx/Create+a+New+API+Version
>> [3].https://docs.wso2.com/pages/viewpage.action?spaceKey=
>> AM2xx=API+Versioning
>> [4].https://docs.wso2.com/display/AM2xx/Enforcing+Throttling+to+an+API
>>
>> Thankyou,
>> Shanika.
>>
>> --
>> *Shanika Wickramasinghe*
>> Software Engineer - QA Team
>>
>> Email: shani...@wso2.com
>> Mobile  : +94713503563 <071%20350%203563>
>> Web : http://wso2.com
>>
>> <http://wso2.com/signature>
>>
>
>
>
> --
> Thanks and Regards,
>
> Isuru H.
> +94 716 358 048 <+94%2071%20635%208048>* <http://wso2.com/>*
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Host name verification issue

[Nuwan Dias]

The reason for this error is because the cert on your back-end must be
having a different host than 192.168.8.101:9443 as its CN. To rectify this
error you either have to deploy a cert which bears 192.168.8.101:9443 as
its CN on the back-end or set the HostnameVerifier property to AllowAll on
the transportSender of the axis2.xml.

Thanks,
NuwanD.

On Thu, Oct 26, 2017 at 11:49 PM, Menaka Jayawardena <men...@wso2.com>
wrote:

> Hi,
>
> I'm working on configuring API Manager for dynamic SSL profile loading
> [1]. I need to enable this for PassthroughHTTPSender.
> I did the configuration in API Manager, axis2.xml and created the custom
> profile xml, senderprofiles.xml.
>
> My backend API is running on 192.168.8.101:9443 and API Manager is on
> 192.168.8.101:9444.
> When invoking the published API, I got the error below.
>
> [2017-10-26 23:34:50,389] ERROR - TargetHandler I/O error: Host name
> verification failed for host : 192.168.8.101
> javax.net.ssl.SSLException: Host name verification failed for host :
> 192.168.8.101
> at org.apache.synapse.transport.http.conn.ClientSSLSetupHandler.verify(
> ClientSSLSetupHandler.java:171)
> at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(
> SSLIOSession.java:308)
> at org.apache.http.nio.reactor.ssl.SSLIOSession.
> isAppInputReady(SSLIOSession.java:410)
> at org.apache.http.impl.nio.reactor.AbstractIODispatch.
> inputReady(AbstractIODispatch.java:119)
> at org.apache.http.impl.nio.reactor.BaseIOReactor.
> readable(BaseIOReactor.java:159)
> at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(
> AbstractIOReactor.java:338)
> at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(
> AbstractIOReactor.java:316)
> at org.apache.http.impl.nio.reactor.AbstractIOReactor.
> execute(AbstractIOReactor.java:277)
> at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(
> BaseIOReactor.java:105)
> at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$
> Worker.run(AbstractMultiworkerIOReactor.java:586)
> at java.lang.Thread.run(Thread.java:745)
> [2017-10-26 23:34:50,593]  WARN - EndpointContext Endpoint : 
> admin--Echo_APIproductionEndpoint_0
> with address https://192.168.8.101:9443/RESTfulExample/rest/hello/sdsd
> will be marked SUSPENDED as it failed
>
> Here is the configuration in sender profile.
>
> 
> 
> 192.168.8.101:9443
> 
> repository/resources/security/apim.jks
> JKS
> wso2carbon
> wso2carbon
> 
> 
> repository/resources/security/
> apimtruststore.jks
> JKS
> wso2carbon
> 
> 
> 
>
> I added the client cert to apimtruststore.jks.
>
> What could be the possible reason for this?
>
> [1] https://docs.wso2.com/display/ESB490/Multi-HTTPS+Transport#Multi-
> HTTPSTransport-DynamicSSLprofiles
>
>
> Thanks and Regards,
> Menaka
> --
> *Menaka Jayawardena*
> *Software Engineer - WSO2 Inc*
> *Tel : 071 350 5470*
> *LinkedIn: https://lk.linkedin.com/in/menakajayawardena
> <https://lk.linkedin.com/in/menakajayawardena>*
> *Blog: https://menakamadushanka.wordpress.com/
> <https://menakamadushanka.wordpress.com/>*
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Have we tested the new DCR on IS 5.4.0 Alpha2?

[Nuwan Dias]

Cool, thanks for checking this. If the /oauth2 webapp is going to be used
for scope registrations, then we better make its URL obvious that its
dealing with scopes and doesn't have anything to do with dcr stuff.

On Fri, Sep 15, 2017 at 10:04 AM, Harsha Thirimanna <hars...@wso2.com>
wrote:

> On Fri, Sep 15, 2017 at 9:45 AM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>> Hi Ishara,
>>
>> Thanks for the confirmation.
>>
>> There are two DCR webapps within IS 5.4.0 alpha2, one which goes as
>> ​​
>> /api/identity/*oauth*/dcr/v1.0 and the other which goes as
>> ​​
>> /api/identity/*oauth2*/dcr/v1.0. According to the basepath in the
>> Swagger doc, the second app should be the correct one. But that doesn't
>> work. What works is the ../*oauth*/dcr.. webapp. Can you guys kindly do
>> the needful to rectify this? I will continue to use the /oauth/ webapp for
>> the time being.
>>
>
> ​Sorry about the confusion here and it is not correctly updated the
> swagger file.
>
> The correct path is "
> ​
> /api/identity/*oauth*/dcr/v1.0" and it should be updated in the swagger
> file.
>
> ​
> /api/identity/*oauth2*/dcr/v1.0 is for "OAuth2 Scope Endpoint​"
>
> ​Anyway, it will give some confusion at once and we will discuss this
> again. Thanks for pointing this.
>
>
>
>> Thanks,
>> NuwanD.
>>
>> On Fri, Sep 15, 2017 at 7:41 AM, Ishara Karunarathna <isha...@wso2.com>
>> wrote:
>>
>>> HI Nuwan,
>>>
>>> On Fri, Sep 15, 2017 at 7:14 AM, Nuwan Dias <nuw...@wso2.com> wrote:
>>>
>>>> Hi Hasintha,
>>>>
>>>> Isn't this the old DCR implementation? This one doesn't mention about
>>>> DCRM. Where can I get information on using DCRM?
>>>>
>>>> I was under the impression the new DCR implementation was documented at
>>>> [3]. This doc mentions about DCRM too, hence why I thought that should be
>>>> the new implementation of DCR/M.
>>>>
>>>> Yes that is old implementation and you should use [3].
>>> But this sample request in the yaml need to be chnaged, no longer we
>>> supported for ext_param_owne property, insted we get it from the
>>> authenticated user. S
>>> o request should be
>>> Payload: 
>>> {"redirect_uris":["https://client.example.org/callback"],"client_name":
>>> "application_3","grant_types": ["password"]}
>>>
>>> Thanks,
>>> Ishara
>>>
>>> [3] - https://github.com/wso2-extensions/identity-inbound-auth-o
>>>> auth/blob/master/components/org.wso2.carbon.identity.oauth.d
>>>> cr.endpoint/src/main/resources/api.identity.oauth.dcr.endpoint.yaml
>>>>
>>>> Thanks,
>>>> NuwanD.
>>>>
>>>> On Fri, Sep 15, 2017 at 5:39 AM, Hasintha Indrajee <hasin...@wso2.com>
>>>> wrote:
>>>>
>>>>> For IS endpoint should be https://localhost:9443/iden
>>>>> tity/connect/register. Refer [1]​[2]
>>>>>
>>>>> [1] http://openid.net/specs/openid-connect-registration-1_0.html
>>>>> [2] https://docs.wso2.com/display/IS540/OpenID+Connect+Dynam
>>>>> ic+Client+Registration
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Nuwan Dias
>>>>
>>>> Software Architect - WSO2, Inc. http://wso2.com
>>>> email : nuw...@wso2.com
>>>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>>>
>>>
>>>
>>>
>>> --
>>> Ishara Karunarathna
>>> Associate Technical Lead
>>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>>
>>> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
>>> +94717996791 <+94%2071%20799%206791>
>>>
>>>
>>>
>>
>>
>> --
>> Nuwan Dias
>>
>> Software Architect - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Have we tested the new DCR on IS 5.4.0 Alpha2?

[Nuwan Dias]

Hi Ishara,

Thanks for the confirmation.

There are two DCR webapps within IS 5.4.0 alpha2, one which goes as
/api/identity/*oauth*/dcr/v1.0 and the other which goes as /api/identity/
*oauth2*/dcr/v1.0. According to the basepath in the Swagger doc, the second
app should be the correct one. But that doesn't work. What works is the ../
*oauth*/dcr.. webapp. Can you guys kindly do the needful to rectify this? I
will continue to use the /oauth/ webapp for the time being.

Thanks,
NuwanD.

On Fri, Sep 15, 2017 at 7:41 AM, Ishara Karunarathna <isha...@wso2.com>
wrote:

> HI Nuwan,
>
> On Fri, Sep 15, 2017 at 7:14 AM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>> Hi Hasintha,
>>
>> Isn't this the old DCR implementation? This one doesn't mention about
>> DCRM. Where can I get information on using DCRM?
>>
>> I was under the impression the new DCR implementation was documented at
>> [3]. This doc mentions about DCRM too, hence why I thought that should be
>> the new implementation of DCR/M.
>>
>> Yes that is old implementation and you should use [3].
> But this sample request in the yaml need to be chnaged, no longer we
> supported for ext_param_owne property, insted we get it from the
> authenticated user. S
> o request should be
> Payload: 
> {"redirect_uris":["https://client.example.org/callback"],"client_name":
> "application_3","grant_types": ["password"]}
>
> Thanks,
> Ishara
>
> [3] - https://github.com/wso2-extensions/identity-inbound-auth-
>> oauth/blob/master/components/org.wso2.carbon.identity.
>> oauth.dcr.endpoint/src/main/resources/api.identity.oauth.
>> dcr.endpoint.yaml
>>
>> Thanks,
>> NuwanD.
>>
>> On Fri, Sep 15, 2017 at 5:39 AM, Hasintha Indrajee <hasin...@wso2.com>
>> wrote:
>>
>>> For IS endpoint should be https://localhost:9443/iden
>>> tity/connect/register. Refer [1]​[2]
>>>
>>> [1] http://openid.net/specs/openid-connect-registration-1_0.html
>>> [2] https://docs.wso2.com/display/IS540/OpenID+Connect+Dynam
>>> ic+Client+Registration
>>>
>>
>>
>>
>> --
>> Nuwan Dias
>>
>> Software Architect - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>
>
>
>
> --
> Ishara Karunarathna
> Associate Technical Lead
> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>
> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
> +94717996791 <+94%2071%20799%206791>
>
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Have we tested the new DCR on IS 5.4.0 Alpha2?

[Nuwan Dias]

Hi Hasintha,

Isn't this the old DCR implementation? This one doesn't mention about DCRM.
Where can I get information on using DCRM?

I was under the impression the new DCR implementation was documented at
[3]. This doc mentions about DCRM too, hence why I thought that should be
the new implementation of DCR/M.

[3] -
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth.dcr.endpoint/src/main/resources/api.identity.oauth.dcr.endpoint.yaml

Thanks,
NuwanD.

On Fri, Sep 15, 2017 at 5:39 AM, Hasintha Indrajee <hasin...@wso2.com>
wrote:

> For IS endpoint should be https://localhost:9443/identity/connect/register.
> Refer [1]​[2]
>
> [1] http://openid.net/specs/openid-connect-registration-1_0.html
> [2] https://docs.wso2.com/display/IS540/OpenID+Connect+
> Dynamic+Client+Registration
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Have we tested the new DCR on IS 5.4.0 Alpha2?

[Nuwan Dias]

Hi,

Have we tested the new DCR endpoints on IS 5.4.0 Alpha2? I have tried
making the following request but it returns a 200 with the html content of
the carbon login page. There aren't any error logs as well.

POST https://localhost:9443/api/identity/oauth2/dcr/v1.0/register

Headers: Content-Type: application/json, Authorization: Basic
YWRtaW46YWRtaW4=

Payload: {"redirect_uris":["https://client.example.org/callback"],"client_name":
"application_3","ext_param_owner": "admin","grant_types": ["password"]}

Is there anything wrong with this request?

-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Multiple scopes for REST resources in APIM Store and Publisher

[Nuwan Dias]

Although we don't have a requirement to attach multiple scopes for a given
resource, it may come up as a need in the future. So if possible let's not
try to make any assumptions based on the current situation.

On Thu, Sep 14, 2017 at 5:18 PM, Viduranga Gunarathne <vidura...@wso2.com>
wrote:

> Hi,
> With the existing implementation in the store and publisher yaml, there is
> only a single scope provided in the security for resources as shown in
> Image #1. But other swagger definitions tend to have multiple scopes for a
> single resource as shown in Image #2.
> Currently there is no requirement in API Manager to support for multiple
> scopes but I was wondering if there would be a requirement to cater to
> multiple scopes in future ?
>
> 
> Image #1: (store-api.yaml in API Manager)
> 
> 
> 
> ---
> ===
> Image #2: (Petstore swagger in http://petstore.swagger.io/)
> 
> 
>
> ​​--
> --
> ===
>
> Thanks,
> Viduranga.
> --
> Regards,
>
> *Viduranga Gunarathne*
>
> *Software Engineer Intern*
>
>
> *WSO2*
> Email : vidura...@wso2.com
> Mobile : +94712437484 <+94%2071%20243%207484>
> Web : http://wso2.com
> [image: https://wso2.com/signature] <https://wso2.com/signature>
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IOT]Concerns regarding saving the image and binary files in the File System

[Nuwan Dias]

If you require NFS anyway (for other usecases), then I think its fine. But
if you're introducing the complexity of NFS just for this use case, then I
think it would be an overkill.

BTW, not every one is ok with setting up a NFS. So if you need to share
files between nodes you may want to have some other recommendations handy
as well (RSync).

Is there a problem is storing this file on the DB instead of the FS?

On Wed, Aug 16, 2017 at 5:41 PM, Megala Uthayakumar <meg...@wso2.com> wrote:

> Hi Nuwan,
>
> As mentioned by Harshan user needs to configure NFS when configuring this
> in HA setup. We do accept local file path or NFS url in the configuration
> file for the path.
>
> Thanks.
>
> On Wed, Aug 16, 2017 at 5:01 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>> When you have two nodes of the IoT server running for HA, and if a given
>> image/file is stored on the file system of one server, how do you make that
>> image/file available for a request that's served via the other server?
>>
>> On Wed, Aug 16, 2017 at 4:54 PM, Megala Uthayakumar <meg...@wso2.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> Currently we are working on writing a mobile application store for IOT
>>> server. For that we have decided to save the images and binary files
>>> related with applications in the file system(This decision was taken
>>> considering the file size). File location will be derived from a
>>> configuration. While implementing this, we have come-up with the following
>>> suggestions for saving files as per the meeting we had internally.
>>>
>>> *Option 1*
>>> For each application we will have a folder with the name as the
>>> generated ID for the application from the database. Each will hold all the
>>> relevant artifacts such as icon, screen-shots and binary files.
>>> In this case, there were 2 suggestions
>>>
>>>1. For each app, the icon and screen-shots will be saved with the
>>>same name. Ex - For icons the image file name will be 'icon' and 
>>> like-wise
>>>for others as well. So in this case, we do not need to save image names 
>>> in
>>>the database.
>>>2. Need to dynamically generate some random names.
>>>
>>> If we consider first approach, if we use the same name for all the
>>> application, there is possible chance an attacker may get all the image
>>> files if the name is known to them.  AFAIU this can happen even if we do
>>> not use the 1st approach and use the second approach in which we use random
>>> names, as this can happen only if the root path for saving the artifacts
>>> are compromised and without the name also attacker can do a "listFiles"
>>> request  and get all the data.
>>>
>>> *Option 2*
>>> For binary files and image files we will have separate location and each
>>> respective files will be saved in these location separately by generating a
>>> unique name. This may be helpful if we can cache the images and improve the
>>> performance, but this may not be possible in real production scenarios
>>> depending on the size of the images.
>>>
>>> What would be the most preferable option? Comments and suggestions on
>>> this regard is highly appreciated.
>>>
>>> Thanks.
>>>
>>> Regards,
>>> Megala
>>>
>>> --
>>> Megala Uthayakumar
>>>
>>> Software Engineer
>>> Mobile : 0779967122
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "WSO2 IoT Team Group" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to iot-group+unsubscr...@wso2.com.
>>> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>>>
>>
>>
>>
>> --
>> Nuwan Dias
>>
>> Software Architect - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>
>
>
>
> --
> Megala Uthayakumar
>
> Software Engineer
> Mobile : 0779967122
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IOT]Concerns regarding saving the image and binary files in the File System

[Nuwan Dias]

When you have two nodes of the IoT server running for HA, and if a given
image/file is stored on the file system of one server, how do you make that
image/file available for a request that's served via the other server?

On Wed, Aug 16, 2017 at 4:54 PM, Megala Uthayakumar <meg...@wso2.com> wrote:

> Hi All,
>
> Currently we are working on writing a mobile application store for IOT
> server. For that we have decided to save the images and binary files
> related with applications in the file system(This decision was taken
> considering the file size). File location will be derived from a
> configuration. While implementing this, we have come-up with the following
> suggestions for saving files as per the meeting we had internally.
>
> *Option 1*
> For each application we will have a folder with the name as the generated
> ID for the application from the database. Each will hold all the relevant
> artifacts such as icon, screen-shots and binary files.
> In this case, there were 2 suggestions
>
>1. For each app, the icon and screen-shots will be saved with the same
>name. Ex - For icons the image file name will be 'icon' and like-wise for
>others as well. So in this case, we do not need to save image names in the
>database.
>2. Need to dynamically generate some random names.
>
> If we consider first approach, if we use the same name for all the
> application, there is possible chance an attacker may get all the image
> files if the name is known to them.  AFAIU this can happen even if we do
> not use the 1st approach and use the second approach in which we use random
> names, as this can happen only if the root path for saving the artifacts
> are compromised and without the name also attacker can do a "listFiles"
> request  and get all the data.
>
> *Option 2*
> For binary files and image files we will have separate location and each
> respective files will be saved in these location separately by generating a
> unique name. This may be helpful if we can cache the images and improve the
> performance, but this may not be possible in real production scenarios
> depending on the size of the images.
>
> What would be the most preferable option? Comments and suggestions on this
> regard is highly appreciated.
>
> Thanks.
>
> Regards,
> Megala
>
> --
> Megala Uthayakumar
>
> Software Engineer
> Mobile : 0779967122
>
> --
> You received this message because you are subscribed to the Google Groups
> "WSO2 IoT Team Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to iot-group+unsubscr...@wso2.com.
> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM Analytics] Data grow in repository/data

[Nuwan Dias]

Do you mean API Manager or API Manager Analytics? It should be
repository/database right? Not repository/data because that directory is
empty by default. Once you've configured the databases properly, DBs inside
repository/database shouldn't ideally grow. Which DB are you specifically
seeing a growth?

Thanks,
NuwanD.

On Tue, Jul 25, 2017 at 1:30 AM, Godwin Shrimal <god...@wso2.com> wrote:

> Hi APIM Team,
>
> We observed data under repository/data grows continiously, What is the
> reason for this ? Is there any way to prevent this ?  I saw documentation
> [1] related to data purging, Not sure we can use this to resolve this issue
> ?
>
> [1] https://docs.wso2.com/display/DAS310/Purging+Data#
> PurgingData-Globaldatapurging
>
> Thanks
> Godwin
>
> --
> *Godwin Amila Shrimal*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>*
> twitter: https://twitter.com/godwinamila
> <http://wso2.com/signature>
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM][C5] - Handling API's gateway label updates

[Nuwan Dias]

I don't think we need to handle the situation of a Gateway changing its
labels. That is an extremely unlikely use case and writing complex code to
handle that situation is going to be a waste. If someone wants to change a
label of the Gateway we can simply ask them to remove all APIs and start it
as a fresh Gateway. This will make sure that it pulls all the relevant APIs
only on startup.

On Fri, Jun 23, 2017 at 2:40 PM, Harsha Kumara <hars...@wso2.com> wrote:

> @Tharindu, will gateway change the labels? If a gateway changes the label
> and starts it we are calling to core API to get the available APIs list for
> that particular gateway. In order to handle the label change, we
> can undeploy the APIs which are not under returned list of APIs.
>
> On Fri, Jun 23, 2017 at 2:06 PM, Tharindu Dharmarathna <tharin...@wso2.com
> > wrote:
>
>> As offline discussion with Lakmal, We are not going to register gateway
>> labels and access URLs on the apim core by Gateway startup.  And labels are
>> managed by the admin can assign permissions to those labels to make who can
>> see this labels. Then Gateway will only start with the predefined label.
>>
>> When Gateway gets to start it retrieve APIs according to label assigned.
>> @All,
>> How do we going to handle the already created APIs under the Gateway?
>>
>> In VM scenario if set of API artifacts (ballerina files) created under
>> the gateway.
>> Then Gateway started with the different label. We have a way to get a
>> list of ballerina artifacts under file system and do the check for those
>> its validity for that label.
>>
>> How do we going to handle above requirement from the file system?
>>
>> On Wed, Jun 21, 2017 at 7:24 AM, Isuru Haththotuwa <isu...@wso2.com>
>> wrote:
>>
>>>
>>>
>>> On Tue, Jun 20, 2017 at 8:29 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>>>
>>>> I'm not in favor of using special headers or anything like that. What
>>>> if we just send all API updates to all Gateways? Each Gateway upon
>>>> receiving this event will request for the particular API from the Core. The
>>>> Core will only give that API to the Gateway if the Gateway's labels matches
>>>> that of the requesting Gateway. If it does not, the core will refuse to
>>>> give the API to the Gateway and in that case if the Gateway already has
>>>> that API deployed it should go and remove it from itself (same code that
>>>> runs in case of an API delete event).
>>>>
>>> This header based filtering is actually a useful feature in the general
>>> case IMO; sometimes we need events to be processed by specific clients
>>> (gateways), in other cases we might need to do a multicast for all clients.
>>> In such situations we can stop the payload being processed unnecessarily.
>>> If we have to process all such events at all gateways, it might leads to
>>> scalability issues specially in container based deployments.
>>>
>>>>
>>>> Thanks,
>>>> NuwanD.
>>>>
>>>> On Tue, Jun 20, 2017 at 3:24 PM, Harsha Kumara <hars...@wso2.com>
>>>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Tue, Jun 20, 2017 at 11:39 AM, Thilini Shanika <thili...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> As per the APIM C5 architecture, the gateways can be registered in
>>>>>> APIM Core, specifying it's label and accessURLs. When creating/updating
>>>>>> APIs, the API can be moved to a gateway by assigning the label of the
>>>>>> gateway which registered under APIM Core. Once a label is assigned to an
>>>>>> API, that particular API will be deployed and available to the
>>>>>> gateway/gateways represented by the given label/labels.
>>>>>>
>>>>>> Basically, all the API related actions(API
>>>>>> create/update/delete/status change) are published to JMS topic along with
>>>>>> label information. The gateways are responsible for listening to the 
>>>>>> topic,
>>>>>> capture events which are relevant and process them. Ideally, gateways
>>>>>> should filter the events based on API label and only process the events
>>>>>> generated for APIs which are assigned with their gateway labels and rest 
>>>>>> of
>>>>>> the events should be ignored.
>>>>>>
>>>&g

Re: [Dev] API Manager 3.0.0-m3 startup issue

[Nuwan Dias]

tDispatcher.java:111)
> at org.wso2.carbon.uuf.internal.RequestDispatcher.serve(
> RequestDispatcher.java:71)
> at org.wso2.carbon.uuf.internal.UUFServer.serve(UUFServer.java:179)
> at org.wso2.carbon.uuf.httpconnector.msf4j.UUFMicroservice.getImpl(
> UUFMicroservice.java:56)
> at org.wso2.carbon.uuf.httpconnector.msf4j.UUFMicroservice.get(
> UUFMicroservice.java:48)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:497)
> at org.wso2.msf4j.internal.router.HttpMethodInfo.invoke(
> HttpMethodInfo.java:132)
> at org.wso2.msf4j.internal.MSF4JMessageProcessor.dispatchMethod(
> MSF4JMessageProcessor.java:139)
> at org.wso2.msf4j.internal.MSF4JMessageProcessor.lambda$receive$0(
> MSF4JMessageProcessor.java:81)
> at 
> org.wso2.msf4j.internal.MSF4JMessageProcessor$$Lambda$201/1261285120.run(Unknown
> Source)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.ClassCastException: Cannot cast java.lang.String to
> [Ljava.lang.Object;
> ... 50 more
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Please increase the TOKEN_SCOPE column length in IDN_OAUTH2_ACCESS_TOKEN_SCOPE table

[Nuwan Dias]

Please remember to include this change in the migration script (5.3.0 to
5.4.0) as well.

On Thu, Jun 22, 2017 at 12:19 PM, Indunil Upeksha Rathnayake <
indu...@wso2.com> wrote:

> Hi,
>
> Created a JIRA for this in [1], will be fixed in 5.4.0-m2.
>
> [1] https://wso2.org/jira/browse/IDENTITY-6093
>
> Thanks and Regards
>
> On Thu, Jun 22, 2017 at 11:54 AM, Naduni Pamudika <nad...@wso2.com> wrote:
>
>> Hi IS Team,
>>
>> I am working on the SSO Login feature in APIM, and there I need to have a
>> bit longer scopes list. When I was trying to send the access token request
>> it gave an error saying "Value too long for column "TOKEN_SCOPE
>> VARCHAR(60) NOT NULL"".
>>
>> Noticed that you have size 2048 for the scopes in other places [1,2]. Can
>> you please increase this [3] as well?
>>
>> [1] https://github.com/wso2/carbon-identity-framework/blob/
>> master/features/identity-core/org.wso2.carbon.identity.core.
>> server.feature/resources/dbscripts/mysql.sql#L31
>> [2] https://github.com/wso2/carbon-identity-framework/blob/
>> master/features/identity-core/org.wso2.carbon.identity.core.
>> server.feature/resources/dbscripts/mysql.sql#L86
>> [3] https://github.com/wso2/carbon-identity-framework/blob/
>> master/features/identity-core/org.wso2.carbon.identity.core.
>> server.feature/resources/dbscripts/mysql.sql#L105
>>
>> Thank you.
>> Naduni
>>
>> --
>> *Naduni Pamudika*
>> Software Engineer | WSO2
>> Mobile: +94 719 143658 <+94%2071%20914%203658>
>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>
>
>
>
> --
> Indunil Upeksha Rathnayake
> Software Engineer | WSO2 Inc
> Emailindu...@wso2.com
> Mobile   0772182255
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM][C5] Splitting "Generate Keys" operation in Store REST API

[Nuwan Dias]

Yes, that's what I was suggesting. From the UI it looks like its a single
operation, but behind the scenes we need to be doing 2 (or more) REST calls
to get this working.

On Wed, Jun 21, 2017 at 9:45 AM, Bhathiya Jayasekara <bhath...@wso2.com>
wrote:

>
> On Wed, Jun 21, 2017 at 8:01 AM, Malintha Amarasinghe <malint...@wso2.com>
> wrote:
>
>> Hi,
>>
>> If we are generating keys and creating an app at the same time (from the
>> UI with 2 REST calls), I guess we will need to have a separate option at
>> the app creation page itself for "Providing keys". Maybe a checkbox
>> "Provide keys" which enables two text boxes to specify consumer key and
>> secret as well? Then UI can decide whether it should call "generate keys"
>> operation or "provide keys" operation secondly.
>>
>
> Yes we need something like that when we design the UI.
>
> Thanks,
> Bhathiya
>
>
>>
>> Thanks!
>>
>> On Tue, Jun 20, 2017 at 7:44 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>>
>>> We need to have two resources for generating keys and generating a
>>> token. The user experience (UI) should be such that when you create an
>>> application you automatically create the consumer key and consumer secret
>>> too. So the UI will have to make two calls, POST /application and POST
>>> /generate-keys when you create an Application. Generating a token could of
>>> course be an optional thing.
>>>
>>> On Tue, Jun 20, 2017 at 2:57 PM, Chamin Dias <cham...@wso2.com> wrote:
>>>
>>>> Suggested method looks good. +1.
>>>>
>>>> On Tue, Jun 20, 2017 at 2:50 PM, Uvindra Dias Jayasinha <
>>>> uvin...@wso2.com> wrote:
>>>>
>>>>> +1
>>>>>
>>>>> On 20 June 2017 at 14:47, Bhathiya Jayasekara <bhath...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> In the current implementation of store REST API, we have a single
>>>>>> operation (aka. Generate Keys) to create OAuth application and generate
>>>>>> access tokens, which requires 2 calls to key manager. IMO, if we split 
>>>>>> this
>>>>>> operation into 2, the code becomes cleaner. On the other hand, the 
>>>>>> current
>>>>>> implementation makes the code of out of band client registation[1] a bit
>>>>>> complex as we don't have a way to only generate access tokens after
>>>>>> providing keys explicitly.
>>>>>>
>>>>>> so, to make the code cleaner, I'm suggesting to split this "Generate
>>>>>> Keys" operation into 2 as,
>>>>>>
>>>>>> 1) Create OAuth application (i.e. generate consumer key/secret)
>>>>>> 2) Generate access tokens.
>>>>>>
>>>>>> If we do this, in the case of out-of-band client provisioning we can
>>>>>> simply replace step 1 with "Provide Keys" call.
>>>>>>
>>>>>> In UI, there will be 2 buttons as "Generate Keys/Provide Keys" which
>>>>>> generates or allows to add consumer key/secret, and "Generate Access 
>>>>>> Token"
>>>>>> which generates application access token.
>>>>>>
>>>>>> Please let me know if you have any concerns about this.
>>>>>>
>>>>>> [1] https://docs.wso2.com/display/AM210/Provisioning+Out-of-Band
>>>>>> +OAuth+Clients
>>>>>>
>>>>>> Thanks,
>>>>>> --
>>>>>> *Bhathiya Jayasekara*
>>>>>> *Associate Technical Lead,*
>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>>>
>>>>>> *Phone: +94715478185 <+94%2071%20547%208185>*
>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>>>> *Twitter: https://twitter.com/bhathiyax
>>>>>> <https://twitter.com/bhathiyax>*
>>>>>> *Blog: http://movingaheadblog.blogspot.com
>>>>>> <http://movingaheadblog.blogspot.com/>*
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Uvindra
>>>>>
>>>>> Mobile: 7

Re: [Dev] [APIM][C5] Splitting "Generate Keys" operation in Store REST API

[Nuwan Dias]

We need to have two resources for generating keys and generating a token.
The user experience (UI) should be such that when you create an application
you automatically create the consumer key and consumer secret too. So the
UI will have to make two calls, POST /application and POST /generate-keys
when you create an Application. Generating a token could of course be an
optional thing.

On Tue, Jun 20, 2017 at 2:57 PM, Chamin Dias <cham...@wso2.com> wrote:

> Suggested method looks good. +1.
>
> On Tue, Jun 20, 2017 at 2:50 PM, Uvindra Dias Jayasinha <uvin...@wso2.com>
> wrote:
>
>> +1
>>
>> On 20 June 2017 at 14:47, Bhathiya Jayasekara <bhath...@wso2.com> wrote:
>>
>>> Hi all,
>>>
>>> In the current implementation of store REST API, we have a single
>>> operation (aka. Generate Keys) to create OAuth application and generate
>>> access tokens, which requires 2 calls to key manager. IMO, if we split this
>>> operation into 2, the code becomes cleaner. On the other hand, the current
>>> implementation makes the code of out of band client registation[1] a bit
>>> complex as we don't have a way to only generate access tokens after
>>> providing keys explicitly.
>>>
>>> so, to make the code cleaner, I'm suggesting to split this "Generate
>>> Keys" operation into 2 as,
>>>
>>> 1) Create OAuth application (i.e. generate consumer key/secret)
>>> 2) Generate access tokens.
>>>
>>> If we do this, in the case of out-of-band client provisioning we can
>>> simply replace step 1 with "Provide Keys" call.
>>>
>>> In UI, there will be 2 buttons as "Generate Keys/Provide Keys" which
>>> generates or allows to add consumer key/secret, and "Generate Access Token"
>>> which generates application access token.
>>>
>>> Please let me know if you have any concerns about this.
>>>
>>> [1] https://docs.wso2.com/display/AM210/Provisioning+Out-of-Band
>>> +OAuth+Clients
>>>
>>> Thanks,
>>> --
>>> *Bhathiya Jayasekara*
>>> *Associate Technical Lead,*
>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>
>>> *Phone: +94715478185 <+94%2071%20547%208185>*
>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>> <http://www.linkedin.com/in/bhathiyaj>*
>>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>*
>>> *Blog: http://movingaheadblog.blogspot.com
>>> <http://movingaheadblog.blogspot.com/>*
>>>
>>
>>
>>
>> --
>> Regards,
>> Uvindra
>>
>> Mobile: 33962
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Chamin Dias
> Mobile : 0716097455
> Email : cham...@wso2.com
> LinkedIn : https://www.linkedin.com/in/chamindias
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM][C5] Splitting "Generate Keys" operation in Store REST API

[Nuwan Dias]

I am suggesting the user experience be as such that when you create the
Application it automatically creates the keys too (except the token). There
should be a separate resource/action for generating the keys however, so
that one can separate that part if needed.

On Tue, Jun 20, 2017 at 11:02 PM, Chamila Adhikarinayake <chami...@wso2.com>
wrote:

> Hi Bhathiya,
>
> I have a small concern regarding this. Previously user only has to create
> application then create tokens, Now he has to create Application, then
> create Oauth application and then generate tokens. I think user might get
> confuced why he is creating two applications.
>
> On Tue, Jun 20, 2017 at 2:17 AM, Bhathiya Jayasekara <bhath...@wso2.com>
> wrote:
>
>> Hi all,
>>
>> In the current implementation of store REST API, we have a single
>> operation (aka. Generate Keys) to create OAuth application and generate
>> access tokens, which requires 2 calls to key manager. IMO, if we split this
>> operation into 2, the code becomes cleaner. On the other hand, the current
>> implementation makes the code of out of band client registation[1] a bit
>> complex as we don't have a way to only generate access tokens after
>> providing keys explicitly.
>>
>> so, to make the code cleaner, I'm suggesting to split this "Generate
>> Keys" operation into 2 as,
>>
>> 1) Create OAuth application (i.e. generate consumer key/secret)
>> 2) Generate access tokens.
>>
>> If we do this, in the case of out-of-band client provisioning we can
>> simply replace step 1 with "Provide Keys" call.
>>
>> In UI, there will be 2 buttons as "Generate Keys/Provide Keys" which
>> generates or allows to add consumer key/secret, and "Generate Access Token"
>> which generates application access token.
>>
>> Please let me know if you have any concerns about this.
>>
>> [1] https://docs.wso2.com/display/AM210/Provisioning+Out-of-Band
>> +OAuth+Clients
>>
>> Thanks,
>> --
>> *Bhathiya Jayasekara*
>> *Associate Technical Lead,*
>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>
>> *Phone: +94715478185 <+94%2071%20547%208185>*
>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>> <http://www.linkedin.com/in/bhathiyaj>*
>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>*
>> *Blog: http://movingaheadblog.blogspot.com
>> <http://movingaheadblog.blogspot.com/>*
>>
>
>
>
> --
> Regards,
> Chamila Adhikarinayake
> Senior Software Engineer
> WSO2, Inc.
> Mobile - +94712346437 <+94%2071%20234%206437>
> Email  - chami...@wso2.com
> Blog  -  http://helpfromadhi.blogspot.com/
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM][C5] - Handling API's gateway label updates

[Nuwan Dias]

I'm not in favor of using special headers or anything like that. What if we
just send all API updates to all Gateways? Each Gateway upon receiving this
event will request for the particular API from the Core. The Core will only
give that API to the Gateway if the Gateway's labels matches that of the
requesting Gateway. If it does not, the core will refuse to give the API to
the Gateway and in that case if the Gateway already has that API deployed
it should go and remove it from itself (same code that runs in case of an
API delete event).

Thanks,
NuwanD.

On Tue, Jun 20, 2017 at 3:24 PM, Harsha Kumara <hars...@wso2.com> wrote:

>
>
> On Tue, Jun 20, 2017 at 11:39 AM, Thilini Shanika <thili...@wso2.com>
> wrote:
>
>> Hi All,
>>
>> As per the APIM C5 architecture, the gateways can be registered in APIM
>> Core, specifying it's label and accessURLs. When creating/updating APIs,
>> the API can be moved to a gateway by assigning the label of the gateway
>> which registered under APIM Core. Once a label is assigned to an API, that
>> particular API will be deployed and available to the gateway/gateways
>> represented by the given label/labels.
>>
>> Basically, all the API related actions(API create/update/delete/status
>> change) are published to JMS topic along with label information. The
>> gateways are responsible for listening to the topic, capture events which
>> are relevant and process them. Ideally, gateways should filter the events
>> based on API label and only process the events generated for APIs which are
>> assigned with their gateway labels and rest of the events should be
>> ignored.
>>
>> But when it comes to label update, the gateways should behave
>> differently, due to the scenarios explained before. Though API label update
>> is populated as an API update event, some of the gateways have to process
>> this API updates differently(May be as an API create or may be as an API
>> delete)
>>
>>- Moving API to a new gateway: When a new gateway label is assigned
>>to an API, the event generated for the gateways with newly added
>>label/labels is an API create event and the API should be deployed to the
>>gateway/gateway with newly added label/labels.
>>- Remove API from a gateway: When a label is removed from an API, the
>>event generated to the gateway with the removed label is an API delete
>>event and API should be undeployed from that gateway.
>>
>> We came up with few solutions in order to handle label related API update
>> events.
>>
>>- Introducing a new event on API label update:
>>
>>During an API update, we need to identify whether there is a
>> label change and populate a label update event with label change details
>> (ie: newly added label/previous labels).  The gateways can read the label
>> change information and decide whether it is relevant to process the event
>> and perform API deploy/undeploy actions accordingly.
>>
>>- Introducing a header/property to force every API gateway to process
>>an label update related event:
>>
>> If there is a label update, a property is set to JMS event so
>> that every gateway should process the events generated with that particular
>> property. Ideally, the gateways process API events generated with its own
>> gateway label, but in this case, they have to process the event if it comes
>> with this property.
>>
> +1 for the approach as we can handle through the API update event. What
> information are we going to send with this property? Is it only specify
> label change? I think we will need to send the label changes as we will
> need to  process it from the gateway side. Somecases we will need to remove
> the API from particulae gateway during a label change.
>
>>
>> Any suggestions on this? Your thoughts and suggestions are highly
>> appreciated
>>
>> Thanks
>> Thilini
>>
>> --
>> Thilini Shanika
>> Senior Software Engineer
>> WSO2, Inc.; http://wso2.com
>> 20, Palmgrove Avenue, Colombo 3
>>
>> E-mail: tgtshan...@gmail.com
>>
>>
>
>
> --
> Harsha Kumara
> Software Engineer, WSO2 Inc.
> Mobile: +94775505618 <+94%2077%20550%205618>
> Blog:harshcreationz.blogspot.com
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM][C5] - Best Way to get the end user information

[Nuwan Dias]

Ok. All of these are extensions anyway. If some IDP sends the same
responses as IS the benefit is that we can just plug and play. If there are
differences we basically have to write code and deploy as extensions.

On Sun, 14 May 2017 at 12:44 pm, Farasath Ahamed <farasa...@wso2.com> wrote:

> On Sun, May 14, 2017 at 12:30 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>> It looks like we may have to use the introspect to validate the token and
>> use a proprietary api in IS to get user claims.
>>
>
> Sending username of the authorized user in the introspection response is
> not mandatory. IS sends by default. This may not be the same with external
> Key Managers. So we might have to consider that as well.
>
>
>> When using an external KM we will have to override the part that gets
>> user claims. That's of course if they want to send JWT to target endpoints
>> only.
>>
>> On Sun, 14 May 2017 at 8:57 am, Bhathiya Jayasekara <bhath...@wso2.com>
>> wrote:
>>
>>> Hi Ishara,
>>>
>>> On Sun, May 14, 2017 at 8:51 AM, Ishara Karunarathna <isha...@wso2.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> On Sun, May 14, 2017 at 8:42 AM, Ishara Karunarathna <isha...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Bhathiya,
>>>>>
>>>>> On Sun, May 14, 2017 at 8:18 AM, Bhathiya Jayasekara <
>>>>> bhath...@wso2.com> wrote:
>>>>>
>>>>>> Hi Ishara,
>>>>>>
>>>>>> On Sun, May 14, 2017 at 7:16 AM, Ishara Karunarathna <
>>>>>> isha...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> In the current implementations you get a JWT token from token
>>>>>>> validation service regardless of the grant types.
>>>>>>> But this would be a problem when you go with standards only. For
>>>>>>> example you may not be able to get and ID token from IDP if its only
>>>>>>> supporting specifications.
>>>>>>>
>>>>>>
>>>>>> We thought of using "openid" scope when generating token and then
>>>>>> call userinfo after validating (introspect) the token. I expect that 
>>>>>> should
>>>>>> work if the IDP is complient with the specs. WDYT?
>>>>>>
>>>>> What I'm saying is for all the oauth grant types does not work with
>>>>> OIDC
>>>>> For example in password grant type you can't use OIDC. OIDC define
>>>>> only authorization code and implicit grant types (it has a hybrid flow as
>>>>> well )
>>>>> In that case you can't expect to get ID token for all grant types.
>>>>>
>>>>
>>> Oh that's going to be a problem.
>>>
>>>
>>>> So do you need this user information in all the cases ??
>>>>
>>>
>>> Yes we may need, specially in passwrod grant type. If this is not going
>>> to work, we will have to think of a different solution (like the SCIM one
>>> you suggested.)
>>>
>>> Thanks,
>>> Bhathiya
>>>
>>>
>>>>
>>>> one option that come to my mind is.
>>>> in the token introspection response get the user name.
>>>> And then call a SCIM endpoint (or any other api to get the user
>>>> information) to get user information.
>>>>
>>>> But this also has a issue, this username is a optional parameter
>>>>
>>>>
>>>>>
>>>>> So do you need this user information in all the cases ??
>>>>>
>>>>>
>>>>>> Thanks,
>>>>>> Bhathiya
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> so this has to be address case by case.
>>>>>>> -Ishara
>>>>>>>
>>>>>>> On Sat, May 13, 2017 at 10:40 PM, Bhathiya Jayasekara <
>>>>>>> bhath...@wso2.com> wrote:
>>>>>>>
>>>>>>>> Thanks for the explanation Farasath.
>>>>>>>>
>>>>>>>> So this means we have to do a DCR call and another service call to
>>>>>>>> register claims to SP. @Tharindu: looks like we don't have a choice 
>>>>>>>> here.
>>>>>>>&g

Re: [Dev] [APIM][C5] - Best Way to get the end user information

[Nuwan Dias]

gt;>>>>>> 'openid'. These scopes are there to request specific user claims. I 
>>>>>>>>>>> think
>>>>>>>>>>> we can use them here. So when generating tokens, these scopes 
>>>>>>>>>>> should be
>>>>>>>>>>> used as per the requirement.
>>>>>>>>>>>
>>>>>>>>>>> [1]
>>>>>>>>>>> http://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Bhathiya
>>>>>>>>>>>
>>>>>>>>>>> On Sat, May 13, 2017 at 12:18 AM, Tharindu Dharmarathna <
>>>>>>>>>>> tharin...@wso2.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi All,
>>>>>>>>>>>>
>>>>>>>>>>>> We had a use case on APIM to send the user claims in the JWT
>>>>>>>>>>>> Header to the backend server.
>>>>>>>>>>>>
>>>>>>>>>>>> Currently APIM C4 architecture was Getting the user claims and
>>>>>>>>>>>> generate JWT from Key manager node.
>>>>>>>>>>>>
>>>>>>>>>>>> As in C5 architecture, we have to get the user claims from the
>>>>>>>>>>>> IS or the third party key manager.
>>>>>>>>>>>>
>>>>>>>>>>>> I had observed below two ways of getting user claims into the
>>>>>>>>>>>> Gateway from IS.
>>>>>>>>>>>>
>>>>>>>>>>>> 1. Generate token with OpenID scope.
>>>>>>>>>>>> 2. Call userinfo endpoint with above generated token
>>>>>>>>>>>> 3. Call OAuth2TokenValidation Service and get the token.
>>>>>>>>>>>>
>>>>>>>>>>>> When considering [2] in order to receive user info we have to
>>>>>>>>>>>> set the requested claims in service provider according to the App.
>>>>>>>>>>>>
>>>>>>>>>>>> And from Current C4 architecture, we don't mandate to send
>>>>>>>>>>>> openid token as a scope.
>>>>>>>>>>>>
>>>>>>>>>>>> Is there any other alternative ways to achieve above task.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>>>
>>>>>>>>>>>> *Tharindu Dharmarathna*Senior Software Engineer
>>>>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>>
>>>>>>>>>>>> mobile: *+94779109091 <077%20910%209091>*
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> *Bhathiya Jayasekara*
>>>>>>>>>>> *Associate Technical Lead,*
>>>>>>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>>>>>>>>
>>>>>>>>>>> *Phone: +94715478185 <071%20547%208185>*
>>>>>>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>>>>>>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>>>>>>>>> *Twitter: https://twitter.com/bhathiyax
>>>>>>>>>>> <https://twitter.com/bhathiyax>*
>>>>>>>>>>> *Blog: http://movingaheadblog.blogspot.com
>>>>>>>>>>> <http://movingaheadblog.blogspot.com/>*
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Bhathiya Jayasekara*
>>>>>>>>>> *Associate Technical Lead,*
>>>>>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>>>>>>>
>>>>>>>>>> *Phone: +94715478185 <+94%2071%20547%208185>*
>>>>>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>>>>>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>>>>>>>> *Twitter: https://twitter.com/bhathiyax
>>>>>>>>>> <https://twitter.com/bhathiyax>*
>>>>>>>>>> *Blog: http://movingaheadblog.blogspot.com
>>>>>>>>>> <http://movingaheadblog.blogspot.com/>*
>>>>>>>>>>
>>>>>>>>>> ___
>>>>>>>>>> Dev mailing list
>>>>>>>>>> Dev@wso2.org
>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Bhathiya Jayasekara*
>>>>>>>> *Associate Technical Lead,*
>>>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>>>>>
>>>>>>>> *Phone: +94715478185 <+94%2071%20547%208185>*
>>>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>>>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>>>>>> *Twitter: https://twitter.com/bhathiyax
>>>>>>>> <https://twitter.com/bhathiyax>*
>>>>>>>> *Blog: http://movingaheadblog.blogspot.com
>>>>>>>> <http://movingaheadblog.blogspot.com/>*
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Bhathiya Jayasekara*
>>>>>> *Associate Technical Lead,*
>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>>>
>>>>>> *Phone: +94715478185 <+94%2071%20547%208185>*
>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>>>> *Twitter: https://twitter.com/bhathiyax
>>>>>> <https://twitter.com/bhathiyax>*
>>>>>> *Blog: http://movingaheadblog.blogspot.com
>>>>>> <http://movingaheadblog.blogspot.com/>*
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Ishara Karunarathna
>>>>> Associate Technical Lead
>>>>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>>>>
>>>>> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
>>>>> +94717996791 <071%20799%206791>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Bhathiya Jayasekara*
>>>> *Associate Technical Lead,*
>>>> *WSO2 inc., http://wso2.com <http://wso2.com>*
>>>>
>>>> *Phone: +94715478185 <+94%2071%20547%208185>*
>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
>>>> <http://www.linkedin.com/in/bhathiyaj>*
>>>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>*
>>>> *Blog: http://movingaheadblog.blogspot.com
>>>> <http://movingaheadblog.blogspot.com/>*
>>>>
>>>
>>>
>>>
>>> --
>>> Ishara Karunarathna
>>> Associate Technical Lead
>>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>>
>>> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
>>> +94717996791 <+94%2071%20799%206791>
>>>
>>>
>>>
>>
>>
>> --
>> Ishara Karunarathna
>> Associate Technical Lead
>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>
>> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
>> +94717996791 <071%20799%206791>
>>
>>
>>
>
>
> --
> *Bhathiya Jayasekara*
> *Associate Technical Lead,*
> *WSO2 inc., http://wso2.com <http://wso2.com>*
>
> *Phone: +94715478185*
> *LinkedIn: http://www.linkedin.com/in/bhathiyaj
> <http://www.linkedin.com/in/bhathiyaj>*
> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>*
> *Blog: http://movingaheadblog.blogspot.com
> <http://movingaheadblog.blogspot.com/>*
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV][API-M] Localization at tenant level

[Nuwan Dias]

I think its standard implementation that the content renders in the user's
browser's language. Even within the same tenant, there can be users who
read different languages.

Some apps do have a control within the app itself to switch the language.

On Tue, May 9, 2017 at 12:55 PM, Amila Maha Arachchi <ami...@wso2.com>
wrote:

> Yes, that would be ideal. But I dont know how feasible it is with the
> current implementation.
>
> On Tue, May 9, 2017 at 11:39 AM, Pubudu Priyashan <pubu...@wso2.com>
> wrote:
>
>> @Amila: True. But that will be a common set of strings per language
>> displayed for anyone who is using that particular language as default in
>> the browser.
>>
>> It might be worth considering if we can support this at tenant level as
>> we discussed offline if tenant A and tenant B are using the same language
>> (eg: French) and A and B would prefer to have their own customised text
>> even though it is the same language. WDYT?
>>
>> Cheers,
>> Pubudu.
>>
>> Pubudu D.P
>> Senior Software Engineer - QA Team | WSO2 inc.
>> Mobile : +94775464547 <+94%2077%20546%204547>
>>
>> Linkedin: https://uk.linkedin.com/in/pubududp
>> Medium: https://medium.com/@pubududp
>>
>>
>> On Tue, May 9, 2017 at 11:22 AM, Amila Maha Arachchi <ami...@wso2.com>
>> wrote:
>>
>>> I just learned that this doen't necessarily should be a tenant level
>>> thing. We can define the locale strings and anyone who uses the locale will
>>> see the string we have defined.
>>>
>>> On Mon, May 8, 2017 at 6:59 PM, Amila Maha Arachchi <ami...@wso2.com>
>>> wrote:
>>>
>>>> This doesn't look like a tenant level thing. Once these instructions
>>>> are followed, it will change the language for anyone who access the
>>>> publisher or store.
>>>>
>>>> On Mon, May 8, 2017 at 3:14 PM, Pubudu Priyashan <pubu...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hey guys,
>>>>>
>>>>> I was going through the document at [1] on changing the language in
>>>>> API-M Publisher/Store. I would like to know if this is possible to do at
>>>>> tenant level? Or would that automatically pick up if we place the language
>>>>> specific files in advised locations in the document and update the default
>>>>> language of the browser?
>>>>>
>>>>> Please advise how I can go about this for a tenant domain.
>>>>>
>>>>> [1] https://docs.wso2.com/display/AM210/Adding+International
>>>>> ization+and+Localization
>>>>>
>>>>> Cheers,
>>>>> Pubudu D.P
>>>>> Senior Software Engineer - QA Team | WSO2 inc.
>>>>> Mobile : +94775464547 <+94%2077%20546%204547>
>>>>>
>>>>> Linkedin: https://uk.linkedin.com/in/pubududp
>>>>> Medium: https://medium.com/@pubududp
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Amila Maharachchi*
>>>> Software Architect
>>>> WSO2, Inc.; http://wso2.com
>>>>
>>>> Blog: http://maharachchi.blogspot.com
>>>> Mobile: +94719371446 <+94%2071%20937%201446>
>>>>
>>>>
>>>
>>>
>>> --
>>> *Amila Maharachchi*
>>> Software Architect
>>> WSO2, Inc.; http://wso2.com
>>>
>>> Blog: http://maharachchi.blogspot.com
>>> Mobile: +94719371446 <+94%2071%20937%201446>
>>>
>>>
>>
>
>
> --
> *Amila Maharachchi*
> Software Architect
> WSO2, Inc.; http://wso2.com
>
> Blog: http://maharachchi.blogspot.com
> Mobile: +94719371446 <+94%2071%20937%201446>
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Folder Structure for C5 based MB

[Nuwan Dias]

gt;>>>>>
>>>>>>   ├── carbon.product
>>>>>>
>>>>>>   ├── pom.xml
>>>>>>
>>>>>>   └── src
>>>>>>
>>>>>>   └── assembly
>>>>>>
>>>>>>  ├── bin.xml
>>>>>>   └── filter.properties
>>>>>>
>>>>>> Thanks,
>>>>>> --
>>>>>> *Eranda Rajapakshe*
>>>>>> Software Engineer
>>>>>> WSO2 Inc.
>>>>>> Mobile : +94784822608
>>>>>>
>>>>>> ___
>>>>>> Dev mailing list
>>>>>> Dev@wso2.org
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Madhawa Gunasekara*
>>>>> Software Engineer
>>>>> WSO2 Inc.; http://wso2.com
>>>>> lean.enterprise.middleware
>>>>>
>>>>> mobile: +94 719411002 <+94+719411002>
>>>>> blog: *http://madhawa-gunasekara.blogspot.com
>>>>> <http://madhawa-gunasekara.blogspot.com>*
>>>>> linkedin: *http://lk.linkedin.com/in/mgunasekara
>>>>> <http://lk.linkedin.com/in/mgunasekara>*
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Cheers,
>>>>
>>>> Hasitha Amal De Silva
>>>> Senior Software Engineer
>>>> Mobile : +94772037426 <077%20203%207426>
>>>> Blog: http://devnutshell.tumblr.com/
>>>> WSO2 Inc.: http://wso2.com ( lean.enterprise.middleware. )
>>>>
>>>
>>>
>>>
>>> --
>>> *Pamod Sylvester *
>>>
>>> *WSO2 Inc.; http://wso2.com <http://wso2.com>*
>>> cell: +94 77 7779495 <+94%2077%20777%209495>
>>>
>>
>>
>>
>> --
>> Cheers,
>>
>> Hasitha Amal De Silva
>> Senior Software Engineer
>> Mobile : +94772037426 <+94%2077%20203%207426>
>> Blog: http://devnutshell.tumblr.com/
>> WSO2 Inc.: http://wso2.com ( lean.enterprise.middleware. )
>>
>
>
>
> --
> Cheers,
>
> Hasitha Amal De Silva
> Senior Software Engineer
> Mobile : +94772037426 <+94%2077%20203%207426>
> Blog: http://devnutshell.tumblr.com/
> WSO2 Inc.: http://wso2.com ( lean.enterprise.middleware. )
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM] Incorrect resource mapping during api invokation when a resource with "/*" exists.

[Nuwan Dias]

Ayoob, both these resources are valid for the request you are sending. You
can't say one is wrong and the other is right. What you're expecting is
like a best match scenario, which synapse doesn't support at the moment. It
should be possible to implement it using a scoring mechanism or something
like that, but it'll definitely impact performance.

>From a REST point of view, its an invalid design. So my question is why
bother anyway? Do you really have resource paths that are impossible to
determine at design time?

On Tue, Apr 25, 2017 at 10:06 AM, Ayyoob Hamza <ayy...@wso2.com> wrote:

> Hi All,
>
> In IoTS, We have exposed all the APIs through the API manager. In a
> particular API, we have 2 API resources
>
> 1) POST /* with a scope X1
> 2) POST /{type}/operations with a scope X2.
>
> When we invoke the second resource, API call ends up going to the first
> one in the synapse layer. However after synapse forwards it to the backend,
> it ends up to the correct resource in the Jax-rs.
> The issue we are facing in here is that during scope validation it picks
> up the wrong resource.
>
> So this made me wondered why is the mapping is correctly evaluated in the
> tomcat but not in the synapse layer. Do we have a bug here? or was it an
> architecture decision to go with the first matching resource.
>
> Are there any solutions to pick the best possible matching resource in the
> synapse layer?
>
> Thanks
> *Ayyoob Hamza*
> *Senior Software Engineer*
> WSO2 Inc.; http://wso2.com
> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Preventing API Developers from updating an API once its Published

[Nuwan Dias]

Hi Malintha,

Yes, the workflow you have mentioned is the same one I'm proposing too. My
only concern is on a new state, because implementing that is a bit
complicated and this particular use case is not very common and therefore
there's little ROI :).

Let's say we call this new state "MAINTENANCE", what's the difference
between bringing an API to "MAINTENANCE" vs "CREATED"? If we bring an API
to "MAINTENANCE", does it mean that there is a copy of the API left which
is in "PUBLISHED" state?

@Fazlan, in theory it is true that updating a published API is wrong. But
in practice it sometimes happens because not everyone adheres to the best
practices 100% always. Users may opt to make backwards compatible changes
on the same minor version and some users don't even use minor versions at
all. So forcing to create a new version of the API and forcing their
clients to move to the newer version always is a bit too restrictive IMO.

Thanks,
NuwanD.

On Fri, Mar 31, 2017 at 8:41 AM, Rukshan Premathunga <ruks...@wso2.com>
wrote:

> Hi malintha,
>
> in c5 we decided to keep in the gateway even in the create state for
> purpose of creator's testing.
> so this will be fine. but keeping additional info in the create state not
> something good. because create state is the state very first state when an
> api is create.
>
> because of that I'm +1 for additional state.
>
> Thanks and Regards
>
> On Mar 31, 2017 8:10 AM, "Malintha Amarasinghe" <malint...@wso2.com>
> wrote:
>
>> Hi Nuwan,
>>
>> On Fri, Mar 31, 2017 at 12:12 AM, Nuwan Dias <nuw...@wso2.com> wrote:
>>
>>> Hi Pubudu,
>>>
>>> The API will reside on the Gateway irrespective of its state. So this
>>> action doesn't interrupt existing subscribers or existing consumers of the
>>> API. It only prevents any new subscribers from seeing the API on the store
>>> until republished.
>>>
>>> I have thought about introducing a new LC state as well. But that only
>>> doesn't solve this issue. We need to build a mechanism to make a copy of
>>> the API and store the developer's changes elsewhere until a publisher
>>> approves the changes. Building that whole workflow is non trivial and
>>> leaves a lot more to think about as well. Besides, the above usecase is not
>>> standard practice since its not a good idea to make technical changes to
>>> published APIs. But the reality is that the real world needs it and hence
>>> we need to support it.
>>>
>> If we are allowing this, I also feel a need of a new lifecycle state.
>> Because, in usual CREATED state, we do not allow the API to reside in
>> Gateway. But in *this* CREATED state, we are allowing the API to reside in
>> Gateway (which is the API with previous details).
>>
>> Let me summerise the complete flow, just to double check my understanding.
>>
>> 1. An API is in Published state.
>> 2. A Developer wants to make some technical changes to the API.
>> 3. Publisher makes the API Created state (or some new state).
>>
>> Now the API is not visible on Store, but existing subscriptions are still
>> valid.
>>
>> The previous API is available on GW, so existing invocations are working
>> without any issue. (This, we did not allow in CREATED state in C4)
>>
>> 4. Developer makes changes to the API
>> 5. Publisher accepts the changes (which means the API's lifecycle is
>> changed to Published)
>> 6. New changes are updated on the GW.
>>
>>
>> Thanks!
>> Malintha
>>
>>
>>> Thanks,
>>> NuwanD.
>>>
>>> On Thu, Mar 30, 2017 at 11:52 PM, Pubudu Gunatilaka <pubu...@wso2.com>
>>> wrote:
>>>
>>>> Hi Nuwan,
>>>>
>>>> AFAIU, in this case, we are not addressing the original issue. Original
>>>> issue here is changes made by API developers should not be reflected in
>>>> Store and Gateway unless the API publisher publishes the API again. Please
>>>> correct me if I am wrong.
>>>>
>>>> I don't think temporarily removing the API is the best solution if it
>>>> is already serving requests.
>>>>
>>>> What if we introduce another life cycle state and transfer the API to
>>>> that state until API publisher re-publishes the API. In this way, there is
>>>> no effect to the existing API.
>>>>
>>>> Thank you!
>>>>
>>>> On Thu, Mar 30, 2017 at 11:41 PM, Rukshan Premathunga <ruks...@wso2.com
>>>> > wrote:
>>>>
>>>

Re: [Dev] Preventing API Developers from updating an API once its Published

[Nuwan Dias]

Hi Pubudu,

The API will reside on the Gateway irrespective of its state. So this
action doesn't interrupt existing subscribers or existing consumers of the
API. It only prevents any new subscribers from seeing the API on the store
until republished.

I have thought about introducing a new LC state as well. But that only
doesn't solve this issue. We need to build a mechanism to make a copy of
the API and store the developer's changes elsewhere until a publisher
approves the changes. Building that whole workflow is non trivial and
leaves a lot more to think about as well. Besides, the above usecase is not
standard practice since its not a good idea to make technical changes to
published APIs. But the reality is that the real world needs it and hence
we need to support it.

Thanks,
NuwanD.

On Thu, Mar 30, 2017 at 11:52 PM, Pubudu Gunatilaka <pubu...@wso2.com>
wrote:

> Hi Nuwan,
>
> AFAIU, in this case, we are not addressing the original issue. Original
> issue here is changes made by API developers should not be reflected in
> Store and Gateway unless the API publisher publishes the API again. Please
> correct me if I am wrong.
>
> I don't think temporarily removing the API is the best solution if it is
> already serving requests.
>
> What if we introduce another life cycle state and transfer the API to that
> state until API publisher re-publishes the API. In this way, there is no
> effect to the existing API.
>
> Thank you!
>
> On Thu, Mar 30, 2017 at 11:41 PM, Rukshan Premathunga <ruks...@wso2.com>
> wrote:
>
>> Hi Nuwan,
>>
>> If we demote API back to create, state how we are going to handle
>> subscription already have? Are we going to disable them till the API get
>> publish again?
>>
>> Also can we introduce or use the existing state to allow the API to be
>> update without un-publishing it. once it is done we can publish it again
>> with the changes. Because in if we demote to create state, we cannot have
>> subscription information right?
>>
>> Thanks and Regards
>>
>> On Thu, Mar 30, 2017 at 11:15 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> On API Manager, API Developers (!= publishers) aren't able to publish an
>>> API to the Store or Gateway. But on API Manager version 2.1.0 and before,
>>> if an API Developer makes an update to an API that is already published,
>>> the changes made by the developer are immediately reflected on the Store
>>> and Gateway. This kind of beats the purpose of preventing API Developers
>>> from publishing APIs to the Store and Gateway directly.
>>>
>>> For API Manager 3.0.0, I suggest that we prevent the API being updated
>>> by API Developers after the API has gone beyond the "CREATED" state. API
>>> Publishers should still be allowed to make updates to the fields they are
>>> eligible for (non technical information). If someone badly needs to update
>>> technical information of a published API, they should first bring the API
>>> to the "CREATED" state, which will make the API disappear temporarily and
>>> bring it back to "PUBLISHED" once the changes are saved.
>>>
>>> Thanks,
>>> NuwanD.
>>>
>>> --
>>> Nuwan Dias
>>>
>>> Software Architect - WSO2, Inc. http://wso2.com
>>> email : nuw...@wso2.com
>>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>>
>>
>>
>>
>> --
>> Rukshan Chathuranga.
>> Software Engineer.
>> WSO2, Inc.
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Preventing API Developers from updating an API once its Published

[Nuwan Dias]

Hi Rukshan,

Since the API still exists in the database the subscriptions will be
preserved. Existing subscribers to the API will still see the API (under
subscriptions) as well. It will only be unavailable for new subscriptions
until re-published.

Thanks,
NuwanD.

On Thu, Mar 30, 2017 at 11:41 PM, Rukshan Premathunga <ruks...@wso2.com>
wrote:

> Hi Nuwan,
>
> If we demote API back to create, state how we are going to handle
> subscription already have? Are we going to disable them till the API get
> publish again?
>
> Also can we introduce or use the existing state to allow the API to be
> update without un-publishing it. once it is done we can publish it again
> with the changes. Because in if we demote to create state, we cannot have
> subscription information right?
>
> Thanks and Regards
>
> On Thu, Mar 30, 2017 at 11:15 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>> Hi,
>>
>> On API Manager, API Developers (!= publishers) aren't able to publish an
>> API to the Store or Gateway. But on API Manager version 2.1.0 and before,
>> if an API Developer makes an update to an API that is already published,
>> the changes made by the developer are immediately reflected on the Store
>> and Gateway. This kind of beats the purpose of preventing API Developers
>> from publishing APIs to the Store and Gateway directly.
>>
>> For API Manager 3.0.0, I suggest that we prevent the API being updated by
>> API Developers after the API has gone beyond the "CREATED" state. API
>> Publishers should still be allowed to make updates to the fields they are
>> eligible for (non technical information). If someone badly needs to update
>> technical information of a published API, they should first bring the API
>> to the "CREATED" state, which will make the API disappear temporarily and
>> bring it back to "PUBLISHED" once the changes are saved.
>>
>> Thanks,
>> NuwanD.
>>
>> --
>> Nuwan Dias
>>
>> Software Architect - WSO2, Inc. http://wso2.com
>> email : nuw...@wso2.com
>> Phone : +94 777 775 729 <+94%2077%20777%205729>
>>
>
>
>
> --
> Rukshan Chathuranga.
> Software Engineer.
> WSO2, Inc.
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Preventing API Developers from updating an API once its Published

[Nuwan Dias]

Hi,

On API Manager, API Developers (!= publishers) aren't able to publish an
API to the Store or Gateway. But on API Manager version 2.1.0 and before,
if an API Developer makes an update to an API that is already published,
the changes made by the developer are immediately reflected on the Store
and Gateway. This kind of beats the purpose of preventing API Developers
from publishing APIs to the Store and Gateway directly.

For API Manager 3.0.0, I suggest that we prevent the API being updated by
API Developers after the API has gone beyond the "CREATED" state. API
Publishers should still be allowed to make updates to the fields they are
eligible for (non technical information). If someone badly needs to update
technical information of a published API, they should first bring the API
to the "CREATED" state, which will make the API disappear temporarily and
bring it back to "PUBLISHED" once the changes are saved.

Thanks,
NuwanD.

-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How can we add multi language support in javascript files

[Nuwan Dias]

On Fri, Mar 24, 2017 at 2:32 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote:

> Hi Nuwan,
> In SPA, also I assume we have a limited(and finite) set of localized
> strings. I think no need to pass entire i18n file(which may be huge) to
> client side so that the localization is done at client side. Further one
> can argue that transferring the entire i18n file to the client side possess
> a security risk, by exposing too many information about the server.
> Also having an Ajax call to server side to get the translations done kills
> the performance.
>
> So I think it is better in performance wise to translate all the needed
> i18n strings in the respective HTML DOM on the server side.
>

Well, doesn't it break the whole concept of SPA? The API Store and
Publisher on API Manager 3.0.0 is built using an SPA architecture. Hasn't
this been done before by anybody, doing i18 stuff on the client side?

>
> Cheers,
> Ruwan
>
> On Fri, Mar 24, 2017 at 2:10 PM, Nuwandi Wickramasinghe <nuwan...@wso2.com
> > wrote:
>
>>
>>
>> On Fri, Mar 24, 2017 at 1:49 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>>
>>>
>>>
>>> On Fri, Mar 24, 2017 at 1:23 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote:
>>>
>>>> Hi All,
>>>> What if,
>>>> i18n is handled on the server side only, and encode the relevant
>>>> localized strings into HTML by the server-side (js or hbs).
>>>> Client side libraries only read the string values already in the client
>>>> locale within HTML DOM itself and just render the data. No client-side 
>>>> i18n.
>>>>
>>> I have a situation where a part of the DOM is created in client side JS.
>> In that case this wouldn't work.
>>
>>>
>>>> What is would be the limitations?
>>>>
>>>
>>> Limitations would be for SPAs where the rendering is done at the client
>>> side. Which would basically mean that SPAs can't have localization.
>>>
>>>>
>>>> Cheers,
>>>> Ruwan
>>>>
>>>> On Fri, Mar 24, 2017 at 11:54 AM, Nipuna Chandradasa <nipu...@wso2.com>
>>>> wrote:
>>>>
>>>>> API of somekind(Rest or a http service endpoint), That we have to
>>>>> think about,  that exposes a functionality to retrieve i18n as a json
>>>>> object to layout level or any other global level of the application. So on
>>>>> client side we can use the i18n language details anywhere.
>>>>> We can get the language data from the browser.. that's how we do it
>>>>> anyway i think. We get the i18n based on the what language browser has
>>>>> configured to use.
>>>>>
>>>>> Thank you,
>>>>>
>>>>> On Fri, Mar 24, 2017 at 10:14 AM, Prasanna Dangalla <prasa...@wso2.com
>>>>> > wrote:
>>>>>
>>>>>> On Fri, Mar 24, 2017 at 12:53 AM, Nipuna Chandradasa <
>>>>>> nipu...@wso2.com> wrote:
>>>>>>
>>>>>>> I don't think there is a feasible solution rather than loading i18n
>>>>>>> config file as a json object to the client side in the beginning of the
>>>>>>> app... i think from uuf side we can provide a api for that... WDYT?
>>>>>>>
>>>>>> API in the sense, what kind of an API ? Does this loads all the data
>>>>>> into front end or are you thinking about a filtering mechanism for the
>>>>>> language data by page before you send them to front end ?
>>>>>>
>>>>>>
>>>>>> On Thu, Mar 23, 2017 at 5:29 PM, SajithAR Ariyarathna <
>>>>>> sajit...@wso2.com> wrote:
>>>>>>
>>>>>>> Currently UUF doesn't support i18n in client-side.
>>>>>>>
>>>>>>> @UUF Team,
>>>>>>> We need to come up with a solution for client-side i18n. Shall we
>>>>>>> start a discussion on this?
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Mar 23, 2017 at 4:36 PM, Prasanna Dangalla <
>>>>>>> prasa...@wso2.com> wrote:
>>>>>>>
>>>>>>>> Hi Sajith,
>>>>>>>>
>>>>>>>> This is for Client-side JS
>>>>>>>>
>>>>>>>> *Prasanna Dangalla*
>>>>>&g

Re: [Dev] How can we add multi language support in javascript files

[Nuwan Dias]

w to include this in javascript files, not in
>>>>>>>>> hbs files. Is there a way to include in javascrip fiels ?
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>> *Prasanna Dangalla*
>>>>>>>>> Senior Software Engineer, WSO2, Inc.; http://wso2.com/
>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *cell: +94 718 11 27 51*
>>>>>>>>> *twitter: @prasa77*
>>>>>>>>>
>>>>>>>>> On Thu, Mar 23, 2017 at 10:33 AM, Nisala Nanayakkara <
>>>>>>>>> nis...@wso2.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Prasanna,
>>>>>>>>>>
>>>>>>>>>> UUF has the capability of facilitating above mentioned scenario.
>>>>>>>>>> You can define your language property file under the ‘lang’ 
>>>>>>>>>> directory as
>>>>>>>>>> follows.
>>>>>>>>>>
>>>>>>>>>> |src
>>>>>>>>>> | |main
>>>>>>>>>> |   | pages/
>>>>>>>>>> |   | fragments/
>>>>>>>>>> |   | layouts/
>>>>>>>>>> |   | modules/
>>>>>>>>>> |   | lang/
>>>>>>>>>> |en_US.properties
>>>>>>>>>> |   | public/
>>>>>>>>>>
>>>>>>>>>> After that you can use following code segment to achieve your
>>>>>>>>>> requirement in your hbs file.
>>>>>>>>>>
>>>>>>>>>> {{i18n "my.sample.key"}}
>>>>>>>>>>
>>>>>>>>>> Please go through sample app available here[1] if you need more
>>>>>>>>>> clarification. Moreover you can find actual usage above code segment
>>>>>>>>>> here[2] and corresponding language file here[3].
>>>>>>>>>>
>>>>>>>>>> [1] - https://github.com/wso2/carbon
>>>>>>>>>> -uuf/tree/master/samples/apps/org.wso2.carbon.uuf.sample.pet
>>>>>>>>>> s-store.app
>>>>>>>>>> [2] - https://github.com/wso2/carbon
>>>>>>>>>> -uuf/blob/master/samples/apps/org.wso2.carbon.uuf.sample.pet
>>>>>>>>>> s-store.app/src/main/pages/index.hbs#L16
>>>>>>>>>> [3] - https://github.com/wso2/carbon
>>>>>>>>>> -uuf/blob/master/samples/apps/org.wso2.carbon.uuf.sample.pet
>>>>>>>>>> s-store.app/src/main/lang/en_US.properties
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> Nisala
>>>>>>>>>>
>>>>>>>>>> On Thu, Mar 23, 2017 at 9:01 AM, Prasanna Dangalla <
>>>>>>>>>> prasa...@wso2.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi Devs,
>>>>>>>>>>>
>>>>>>>>>>> Is there a mechanism defined to use something like i18n in
>>>>>>>>>>> javascript ? Does the UUF has the capability of facilitating this ? 
>>>>>>>>>>> You
>>>>>>>>>>> inputs are highly appreciated.
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>>
>>>>>>>>>>> *Prasanna Dangalla*
>>>>>>>>>>> Senior Software Engineer, WSO2, Inc.; http://wso2.com/
>>>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> *cell: +94 718 11 27 51*
>>>>>>>>>>> *twitter: @prasa77*
>>>>>>>>>>>
>>>>>>>>>>> ___
>>>>>>>>>>> Dev mailing list
>>>>>>>>>>> Dev@wso2.org
>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Nisala Niroshana Nanayakkara,*
>>>>>>>>>> Software Engineer
>>>>>>>>>> Mobile:(+94)717600022
>>>>>>>>>> WSO2 Inc., http://wso2.com/
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ___
>>>>>>>>> Dev mailing list
>>>>>>>>> Dev@wso2.org
>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Pubudu Gunatilaka*
>>>>>>>> Committer and PMC Member - Apache Stratos
>>>>>>>> Software Engineer
>>>>>>>> WSO2, Inc.: http://wso2.com
>>>>>>>> mobile : +94774078049 <%2B94772207163>
>>>>>>>>
>>>>>>>>
>>>>>>>> ___
>>>>>>>> Dev mailing list
>>>>>>>> Dev@wso2.org
>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Ayesha Dissanayaka*
>>>>>>> Senior Software Engineer,
>>>>>>> WSO2, Inc : http://wso2.com
>>>>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com=D=1=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
>>>>>>> 20, Palm grove Avenue, Colombo 3
>>>>>>> E-Mail: aye...@wso2.com <ayshsa...@gmail.com>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Sajith Janaprasad Ariyarathna
>>>>>> Software Engineer; WSO2, Inc.;  http://wso2.com/
>>>>>> <https://wso2.com/signature>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Sajith Janaprasad Ariyarathna
>>>> Software Engineer; WSO2, Inc.;  http://wso2.com/
>>>> <https://wso2.com/signature>
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>>> Nipuna Marcus
>>>> *Software Engineer*
>>>> WSO2 Inc.
>>>> http://wso2.com/ - "lean . enterprise . middleware"
>>>> Mobile : +94 (0) 713 667906 <+94%2071%20366%207906>
>>>> nipu...@wso2.com
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>
>>
>> --
>> Nipuna Marcus
>> *Software Engineer*
>> WSO2 Inc.
>> http://wso2.com/ - "lean . enterprise . middleware"
>> Mobile : +94 (0) 713 667906 <+94%2071%20366%207906>
>> nipu...@wso2.com
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
> *lean.enterprise.middleware.*
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Environments Support for WSO2 API Manager

[Nuwan Dias]

 it when i am
>>>> publishing the API i should get the environment.
>>>>
>>>> question 1
>>>> Which one of these methods are the best approach or if i am wrong can
>>>> you all please help me in-order to find the correct approach to get which
>>>> environment . the current API are in .
>>>>
>>>> question 2
>>>> In the API store of the API manager , is there a specific way to show
>>>> the Environment (example should it be with API description )
>>>> can you please elaborate more on how should the environment should be
>>>> present in the store.
>>>>
>>>> think you all will help me to find answers for the questions , these
>>>> information will be helpful in writing the proposal and also making and
>>>> proper planning for the project.
>>>> Thank you
>>>>
>>>>
>>>> On Tue, Feb 21, 2017 at 11:19 AM, Kasun Thennakoon <kasu...@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Ravindu,
>>>>>
>>>>> We are glad to see your interest in WSO2 API manager and the GSOC
>>>>> project. It is good to see that you already have experience on working 
>>>>> with
>>>>> WSO2 API Manager.
>>>>> As we have mentioned in the project description[1], the expectation of
>>>>> this project is to develop an UI feature to seamlessly switch between
>>>>> different environments and perform user operations on that selected
>>>>> environment.To get started with the work, I would suggest you build the
>>>>> product from source[2][3] and walk through the current implementation
>>>>> details of the store and publisher and try to get familiar with those 
>>>>> apps.
>>>>> And also since API manager C5  UIs are built with UUF framework[4] it
>>>>> would be great if you can try out the samples in UUF core[5] and UUF
>>>>> commons[6] repositories and learn about the features and capabilities in
>>>>> UUF framework.
>>>>>
>>>>> Regards
>>>>> ~KasunTe
>>>>>
>>>>> [1] : https://docs.wso2.com/display/GSoC/Project+Proposals+for+2
>>>>> 017#ProjectProposalsfor2017-Proposal7:EnvironmentsSupportfor
>>>>> WSO2APIManager
>>>>>
>>>>> [2] : https://github.com/wso2/carbon-apimgt/tree/C5
>>>>>
>>>>> [3] : https://github.com/wso2/product-apim/tree/C5
>>>>>
>>>>> [4] : https://github.com/wso2/carbon-uuf
>>>>>
>>>>> [5] : https://github.com/wso2/carbon-uuf/tree/master/samples
>>>>>
>>>>> [6] : https://github.com/wso2/carbon-uuf-common/tree/master/samples
>>>>>
>>>>>
>>>>> On Tue, Feb 21, 2017 at 9:27 AM, Ravindu Perera <
>>>>> ravindu.2014...@iit.ac.lk> wrote:
>>>>>
>>>>>> Hi
>>>>>> I am a 3rd year student from Informatics Institute of technology and
>>>>>> i got 3 years experience in HTML, CSS, Javascript and knowledge and
>>>>>> also knowledge in using rest service , and experience on using the WSO2 
>>>>>> API
>>>>>> Manger cloud as well , familiar  handlebars.js . And have a good 
>>>>>> confident
>>>>>> level for this project , so can you all please provide more information 
>>>>>> and
>>>>>> guidance to start the project off.
>>>>>>
>>>>>> Thank you
>>>>>>
>>>>>>
>>>>>> ___
>>>>>> Dev mailing list
>>>>>> Dev@wso2.org
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Kasun Thennakoon*
>>>>> Software Engineer
>>>>> WSO2, Inc.
>>>>> Mobile:+94 711661919
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> *Kasun Thennakoon*
>>> Software Engineer
>>> WSO2, Inc.
>>> Mobile:+94 711661919
>>>
>>
>>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [GSoC][Proposal 8]Participation in GSoC 2017

[Nuwan Dias]

[Adding Pubudu and Sajith]

On Tue, Feb 28, 2017 at 5:12 PM, Randika Navagamuwa <
randika...@cse.mrt.ac.lk> wrote:

> Hi ,
>  I am Randika Navagamuwa and I am a final year undergraduate of Department
> of Computer Science and Engineering <http://www.cse.mrt.ac.lk/>, University
> of Moratuwa, Srilanka <http://www.mrt.ac.lk/web/>. Last year also I have
> participated and completed GSoC with Eclipse foundation [1].  This year I
> thought of applying for "*Proposal 8: CLI tool for WSO2 API Manager*"[2]
>  with WSo2. Since there is plenty of time before applying as a student, I
> thought of getting familiar with the project. Will you be able to guide me
> through the process.
>
> [1] https://summerofcode.withgoogle.com/archive/2016/project
> s/4930443140923392/
> [2] https://docs.wso2.com/display/GSoC/Project+Proposals+for+
> 2017#ProjectProposalsfor2017-Proposal8:CLItoolforWSO2APIManager
>
> Thank You,
>
> *Randika Navagamuwa,*
>
> *Department of Computer Science & Engineering,*
>
> *University of Moratuwa,*
> *Sri Lanka.*
>
> *www.rnavagamuwa.com <http://www.rnavagamuwa.com>*[image:
> lk.linkedin.com/in/rnavagamuwa/] <http://lk.linkedin.com/in/rnavagamuwa/> 
> [image:
> https://www.facebook.com/rnavagamuwa]
> <https://www.facebook.com/rnavagamuwa> [image:
> https://twitter.com/rnavagamuwa] <https://twitter.com/rnavagamuwa> [image:
> https://plus.google.com/+RandikaNavagamuwa/]
> <https://plus.google.com/+RandikaNavagamuwa/>
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] GSoC 2017 Proposal 15: APIM Design new REST API for Analytics

[Nuwan Dias]

[Adding Rukshan]

On Tue, Feb 21, 2017 at 10:22 AM, Sameera Wickramasekara <
itssamw...@gmail.com> wrote:

> Hi All,
>
> I'm Sameera Wickramasekara, a final year undergraduate at University of
> Moratuwa . I'm experienced with Java, Android and JavaScript frameworks
> .I'm Interested in the Project for designing new REST API for APIM . I have
> experience with developing REST APIs with java and Node.js from my academic
> projects and my internship experiences.I believe i can contribute to this
> project through my skills. as my fist steps i am reading the documentation
> of APIM and downloading it to get familiar with the concepts. I highly
> appreciate if you could guide me how should i proceed from here.
>
> Thank you & Regards,
> Sameera Wickramasekara
>
>
> .
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release WSO2 MSF4J 2.1.1 RC1

[Nuwan Dias]

[x] Stable - go ahead and release.

Thanks,
NuwanD.

On Wed, Feb 8, 2017 at 8:55 PM, Thusitha Thilina Dayaratne <
thusit...@wso2.com> wrote:

> Hi Devs,
>
> This is the 1st Release Candidate of WSO2 MSF4J(Microservices Framework
> for Java) 2.1.1.
>
> Please download, test the framework and vote. The vote will be open for
> 72 hours or as needed.
> Refer to GitHub readmes for guides.
>
> *Source and binary distribution files:*
> https://github.com/wso2/msf4j/releases/tag/v2.1.1-rc1
>
> *Maven staging repository:*
> https://maven.wso2.org/nexus/content/repositories/orgwso2msf4j-1012
>
> *The tag to be voted upon:*
> https://github.com/wso2/msf4j/tree/v2.1.1-rc1
>
>
>
> [ ] Broken - do not release (explain why)
> [ ] Stable - go ahead and release
>
> Thank you,
> Platform Team
> --
> Thusitha Dayaratne
> Software Engineer
> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>
> Mobile  +94712756809 <+94%2071%20275%206809>
> Blog  alokayasoya.blogspot.com
> Abouthttp://about.me/thusithathilina
> <http://wso2.com/signature>
>
>
> _______
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [UUF] Common "OnGet" method for all requests for a particular app

[Nuwan Dias]

Yes, we can prompt the login from JS itself. But the login flow is not
always that simple. Ex: In a case where SSO is enabled, the app (JS) need
to do a bunch of things to initiate the SSO flow such as checking if its
IDP initiated SSO, redirect to IS. If its SP initiated SSO, generate SAML
request and send to IS. Similarly the app needs to decrypt/verify signature
of the SAML response before initiating the flow to get an access token.

There are bunch of complexities to handle as above if we try to make the
login work purely on the client side. Therefore I think its more suitable
to get the UUF app to process the login flow and give an access token to
the client (JS) so that the client can simply keep using it from there
onwards to fetch the data and render.

Thanks,
NuwanD.



On Mon, Feb 6, 2017 at 6:31 PM, Manuranga Perera <m...@wso2.com> wrote:

> micro service layer and prompt login from there.
>>
> Well, I am suggesting the do the prompt in the frontend JS. This is how
> frontend only applications usually work.
>
> We are not trying to protect UI templates through cookies.
>
> Then you don't need UUF cookie, it's there *to protect UIs*. Do a API
> call to your backend (eg: /token?revalidate) and it can tell you if you
> have a session or not , and then you do the prompt using JS. No UUF needed.
>
>
> On Mon, Feb 6, 2017 at 12:48 PM, Rajith Roshan <raji...@wso2.com> wrote:
>
>> Hi Manu,
>>
>> Yes we can say that this is almost 90%  a front end app. But in order to
>> provide access token and to prompt login when access token is missing we
>> use back end functionalities of UUF.
>> We are not trying to protect UI templates through cookies. What we are
>> trying to do is provide access token via the uuf app. We are trying to do
>> the login prompt using the uuf app. So if token is missing micro service
>> layer will not be invoked and login will be prompted through the uuf app.
>> AFAIU what you are suggesting is to move this logic to micro service
>> layer and prompt login from there.
>>
>> On Mon, Feb 6, 2017 at 5:44 PM, Manuranga Perera <m...@wso2.com> wrote:
>>
>>> I assume you guys have a /auth API, this can set a cookie [1] just has
>>> easily as UUF. And all your other APIs can read the cookie.
>>>
>>
>> Yes we have /token api as a micro service bind to the uuf app which sets
>> the cookie.
>>
>>>
>>>
>>> [1] http://stackoverflow.com/questions/3340797/can-an-ajax-respo
>>> nse-set-a-cookie
>>>
>>> On Mon, Feb 6, 2017 at 12:06 PM, Manuranga Perera <m...@wso2.com> wrote:
>>>
>>>> So you guys don't want to use UUF for its backend rending, just as a
>>>> static server and want to do a frontend app, that's cool. But then properly
>>>> write a frontend app. Seems like you guys don't know how to write a SPA and
>>>> running back to bankend app logic.
>>>>
>>>> If your UUF UI don't have any data (just templates) then there why do
>>>> you need to cookie protect them. You need a custom auth mechanism for your
>>>> microservices where half of the value is picked from the cookies, this has
>>>> nothing to do with protecting UI.
>>>>
>>>
>>>
>>>
>>> --
>>> With regards,
>>> *Manu*ranga Perera.
>>>
>>> phone : 071 7 70 20 50
>>> mail : m...@wso2.com
>>>
>>
>>
>>
>> --
>> Rajith Roshan
>> Software Engineer, WSO2 Inc.
>> Mobile: +94-72-642-8350 <%2B94-71-554-8430>
>>
>
>
>
> --
> With regards,
> *Manu*ranga Perera.
>
> phone : 071 7 70 20 50
> mail : m...@wso2.com
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [VOTE] Release WSO2 API Manager 2.1.0 RC5

[Nuwan Dias]

Did some smoke testing on the basic scenarios and no issues found.

1. Adding APIs
2. LC changes
3. Tags
4. API Visibility and Tag visibility
6. Adding applications
7. Key Generation.
8. Tested product profiles

 [+] Stable - go ahead and release

Thanks,
NuwanD.

On Thu, Feb 2, 2017 at 11:32 PM, Malintha Amarasinghe <malint...@wso2.com>
wrote:

> Hi All,
>
> This is the 5th Release Candidate of WSO2 API Manager 2.1.0
>
> Please download, test the product and vote. The vote will be open for 72
> hours or as needed.
>
> Source and distribution
>
> Run-time : https://github.com/wso2/product-apim/releases/
> download/v2.1.0-rc5/wso2am-2.1.0-RC5.zip
> Analytics : https://github.com/wso2/analytics-apim/releases/download/v
> 2.1.0-rc3/wso2am-analytics-2.1.0-RC3.zip
> Tooling : https://github.com/wso2/devstudio-tooling-apim/releases/ta
> g/v2.1.0-rc2
>
>
> This release fixes the following issues:
> Runtime : https://wso2.org/jira/issues/?filter=13623
> Analytics : https://wso2.org/jira/issues/?filter=13624
> Tooling : https://wso2.org/jira/browse/DEVTOOLAPI-1
>
>
> Please vote as follows.
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> - WSO2 API Manager Team -
>
> --
> Malintha Amarasinghe
> Software Engineer
> *WSO2, Inc. - lean | enterprise | middleware*
> http://wso2.com/
>
> Mobile : +94 712383306 <+94%2071%20238%203306>
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [VOTE] Release WSO2 API Manager 2.1.0 RC4

[Nuwan Dias]

Looks like we have a problem. The SAML bearer grant seems to be checking
for an IDP when trying to validate the SAML token. IMO ideally it should
only be verifying the signature instead of checking for an IDP. Which would
only require the SAML token issuer's public cert to be imported to API
Manager. Since its not possible to change the design of the grant type,
we'll try to get this issue sorted.

On Thu, Feb 2, 2017 at 1:04 PM, Nadeesha Gamage <nadee...@wso2.com> wrote:

> Noted, I am referring to the following documentation of SAML Extension
> Grant [1], the document should also be updated to reflect this.
>
> [1] https://docs.wso2.com/display/AM210/SAML+Extension+Grant
>
> Thank you,
> Nadeesha
>
> On Thu, Feb 2, 2017 at 12:59 PM, Nuwan Dias <nuw...@wso2.com> wrote:
>
>> Hi Nadeesha,
>>
>> You shouldn't be adding IDPs on APIM. APIM doesn't support the full
>> functionality of managing IDPs. You should be using IS for that. The UI in
>> the management console appears right now since its coupled with some other
>> features, ideally it should be taken off.
>>
>> Thanks,
>> NuwanD.
>>
>> On Thu, Feb 2, 2017 at 12:53 PM, Nadeesha Gamage <nadee...@wso2.com>
>> wrote:
>>
>>> Hi all,
>>> API Manager throws the following error when adding a new Identity Server
>>>
>>> [2017-02-02 12:49:56,125] ERROR - IdentityProviderManager Error while
>>> adding Identity provider in tenantDomain : carbon.super
>>> org.wso2.carbon.idp.mgt.IdentityProviderManagementException: Metadata
>>> Converter is not set
>>> ...
>>> [2017-02-02 12:49:56,180] ERROR - IdentityProviderMgtServiceClient
>>> Error in adding a Identity Provider for a given tenant
>>> org.wso2.carbon.idp.mgt.stub.IdentityProviderMgtServiceIdent
>>> ityProviderManagementExceptionException: IdentityProviderMgtServiceIden
>>> tityProviderManagementExceptionExcep
>>>
>>>
>>> This is observed in RC3 as well.
>>>
>>> Thank you,
>>> Nadeesha
>>>
>>>
>>>
>>> On Thu, Feb 2, 2017 at 10:39 AM, Malintha Amarasinghe <
>>> malint...@wso2.com> wrote:
>>>
>>>> Hi All,
>>>>
>>>> We are calling off the vote due to a security fix identified.
>>>>
>>>> We will do RC5 as soon as possible.
>>>>
>>>> Thanks!
>>>> Malintha
>>>>
>>>> On Wed, Feb 1, 2017 at 10:36 AM, Lakmali Baminiwatta <lakm...@wso2.com>
>>>> wrote:
>>>>
>>>>> Tested below scenarios for ST and tenants.
>>>>>
>>>>>1. JWT token
>>>>>2. Authorization code grant type
>>>>>3. Implicit grant type
>>>>>4. Password grant type
>>>>>5. Scopes
>>>>>6. SaaS Apps
>>>>>7. API Walkthrough
>>>>>
>>>>> [+] Stable - Go ahead and release
>>>>>
>>>>>
>>>>> On 1 February 2017 at 07:07, Isuru Haththotuwa <isu...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Tested the following:
>>>>>>
>>>>>> 1. Basic API creation, updating, subscription and invocation flows
>>>>>> 2. Workflows for application creation and API subscription
>>>>>>
>>>>>> [+] Stable - go ahead and release
>>>>>>
>>>>>> On Mon, Jan 30, 2017 at 10:28 PM, Malintha Amarasinghe <
>>>>>> malint...@wso2.com> wrote:
>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> This is the 4th Release Candidate of WSO2 API Manager 2.1.0
>>>>>>>
>>>>>>> Please download, test the product and vote. The vote will be open
>>>>>>> for 72 hours or as needed.
>>>>>>>
>>>>>>> Source and distribution
>>>>>>>
>>>>>>> Run-time : https://github.com/wso2/prod
>>>>>>> uct-apim/releases/download/v2.1.0-rc4/wso2am-2.1.0-RC4.zip
>>>>>>> Analytics : https://github.com/wso2/anal
>>>>>>> ytics-apim/releases/download/v2.1.0-rc3/wso2am-analytics-2.1
>>>>>>> .0-RC3.zip
>>>>>>> Tooling : https://github.com/wso2/devs
>>>>>>> tudio-tooling-apim/releases/tag/v2.1.0-rc2
>>>>>>>
>>>>>>>
>>>>>>> T

Re: [Dev] [Architecture] [VOTE] Release WSO2 API Manager 2.1.0 RC4

[Nuwan Dias]

Hi Nadeesha,

You shouldn't be adding IDPs on APIM. APIM doesn't support the full
functionality of managing IDPs. You should be using IS for that. The UI in
the management console appears right now since its coupled with some other
features, ideally it should be taken off.

Thanks,
NuwanD.

On Thu, Feb 2, 2017 at 12:53 PM, Nadeesha Gamage <nadee...@wso2.com> wrote:

> Hi all,
> API Manager throws the following error when adding a new Identity Server
>
> [2017-02-02 12:49:56,125] ERROR - IdentityProviderManager Error while
> adding Identity provider in tenantDomain : carbon.super
> org.wso2.carbon.idp.mgt.IdentityProviderManagementException: Metadata
> Converter is not set
> ...
> [2017-02-02 12:49:56,180] ERROR - IdentityProviderMgtServiceClient Error
> in adding a Identity Provider for a given tenant
> org.wso2.carbon.idp.mgt.stub.IdentityProviderMgtServiceIdent
> ityProviderManagementExceptionException: IdentityProviderMgtServiceIden
> tityProviderManagementExceptionExcep
>
>
> This is observed in RC3 as well.
>
> Thank you,
> Nadeesha
>
>
>
> On Thu, Feb 2, 2017 at 10:39 AM, Malintha Amarasinghe <malint...@wso2.com>
> wrote:
>
>> Hi All,
>>
>> We are calling off the vote due to a security fix identified.
>>
>> We will do RC5 as soon as possible.
>>
>> Thanks!
>> Malintha
>>
>> On Wed, Feb 1, 2017 at 10:36 AM, Lakmali Baminiwatta <lakm...@wso2.com>
>> wrote:
>>
>>> Tested below scenarios for ST and tenants.
>>>
>>>1. JWT token
>>>2. Authorization code grant type
>>>3. Implicit grant type
>>>4. Password grant type
>>>5. Scopes
>>>6. SaaS Apps
>>>7. API Walkthrough
>>>
>>> [+] Stable - Go ahead and release
>>>
>>>
>>> On 1 February 2017 at 07:07, Isuru Haththotuwa <isu...@wso2.com> wrote:
>>>
>>>> Tested the following:
>>>>
>>>> 1. Basic API creation, updating, subscription and invocation flows
>>>> 2. Workflows for application creation and API subscription
>>>>
>>>> [+] Stable - go ahead and release
>>>>
>>>> On Mon, Jan 30, 2017 at 10:28 PM, Malintha Amarasinghe <
>>>> malint...@wso2.com> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> This is the 4th Release Candidate of WSO2 API Manager 2.1.0
>>>>>
>>>>> Please download, test the product and vote. The vote will be open for
>>>>> 72 hours or as needed.
>>>>>
>>>>> Source and distribution
>>>>>
>>>>> Run-time : https://github.com/wso2/prod
>>>>> uct-apim/releases/download/v2.1.0-rc4/wso2am-2.1.0-RC4.zip
>>>>> Analytics : https://github.com/wso2/anal
>>>>> ytics-apim/releases/download/v2.1.0-rc3/wso2am-analytics-2.1.0-RC3.zip
>>>>> Tooling : https://github.com/wso2/devs
>>>>> tudio-tooling-apim/releases/tag/v2.1.0-rc2
>>>>>
>>>>>
>>>>> This release fixes the following issues:
>>>>> Runtime : https://wso2.org/jira/issues/?filter=13623
>>>>> Analytics : https://wso2.org/jira/issues/?filter=13624
>>>>> Tooling : https://wso2.org/jira/browse/DEVTOOLAPI-1
>>>>>
>>>>>
>>>>> Please vote as follows.
>>>>> [+] Stable - go ahead and release
>>>>> [-] Broken - do not release (explain why)
>>>>>
>>>>> Thanks,
>>>>> - WSO2 API Manager Team -
>>>>>
>>>>> --
>>>>> Malintha Amarasinghe
>>>>> Software Engineer
>>>>> *WSO2, Inc. - lean | enterprise | middleware*
>>>>> http://wso2.com/
>>>>>
>>>>> Mobile : +94 712383306 <+94%2071%20238%203306>
>>>>>
>>>>> ___
>>>>> Architecture mailing list
>>>>> architect...@wso2.org
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks and Regards,
>>>>
>>>> Isuru H.
>>>> +94 716 358 048 <+94%2071%20635%208048>* <http://wso2.com/>*
>>>>
>>>>
>>>>
>>>> ___
>>>> Architecture mailing list
>>>> architect...@wso2

Re: [Dev] [Architecture] [VOTE] Release WSO2 API Manager 2.1.0 RC4

[Nuwan Dias]

Tested the following, no issues found.

1. Adding/Updating APIs.
2. API Visibility for tenants and ST.
3. Tags with visibility and tag grouping for tenants and ST.
4. Product profiles.

[+] Stable - go ahead and release

Thanks,
NuwanD.

On Mon, Jan 30, 2017 at 10:28 PM, Malintha Amarasinghe <malint...@wso2.com>
wrote:

> Hi All,
>
> This is the 4th Release Candidate of WSO2 API Manager 2.1.0
>
> Please download, test the product and vote. The vote will be open for 72
> hours or as needed.
>
> Source and distribution
>
> Run-time : https://github.com/wso2/product-apim/releases/download/v2.
> 1.0-rc4/wso2am-2.1.0-RC4.zip
> Analytics : https://github.com/wso2/analytics-apim/releases/download/v
> 2.1.0-rc3/wso2am-analytics-2.1.0-RC3.zip
> Tooling : https://github.com/wso2/devstudio-tooling-apim/releases/ta
> g/v2.1.0-rc2
>
>
> This release fixes the following issues:
> Runtime : https://wso2.org/jira/issues/?filter=13623
> Analytics : https://wso2.org/jira/issues/?filter=13624
> Tooling : https://wso2.org/jira/browse/DEVTOOLAPI-1
>
>
> Please vote as follows.
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thanks,
> - WSO2 API Manager Team -
>
> --
> Malintha Amarasinghe
> Software Engineer
> *WSO2, Inc. - lean | enterprise | middleware*
> http://wso2.com/
>
> Mobile : +94 712383306 <+94%2071%20238%203306>
>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] axis2-transports-2.0.0-wso2v1 Staged

[Nuwan Dias]

This release is a sub release of the synapse and carbon mediation releases.
We have already done testing on the axis2 transport, synapse and
carbon-mediation with the latest snapshots and found no issues. Can we
directly stage the carbon-mediation and then test and verify that only?
Having to verify piece by piece will take a lot of time and we're already
very very late.



On Mon, Jan 23, 2017 at 2:59 PM, Heshitha Hettihewa <heshit...@wso2.com>
wrote:

> Hi All,
>
> Please find the staged axis2-transports-2.0.0-wso2v1 at [1]
>
> [1]. https://maven.wso2.org/nexus/content/repositories/
> orgapacheaxis2transport-1005/
>
> Please test and confirm.
>
> Thanks,
> --
> Heshitha Hettihewa
> *Software Engineer*
> Mobile : +94716866386
> <%2B94%20%280%29%20773%20451194>
> heshit...@wso2.com
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS 6.0.0] [User Portal] Challenge Questions in Self sign-up page of user portal

[Nuwan Dias]

On Wed, Jan 18, 2017 at 5:10 PM, Indunil Upeksha Rathnayake <
indu...@wso2.com> wrote:

> Hi,
>
> Currently we are working on implementing C5 user portal in IS. Appreciate
> your suggestions/ideas for the following concerns regarding challenge
> questions.
>
> *1)  Is it necessary to include challenge questions in IS 6.0.0 as a
> recovery option?*
> Seems like secret questions are neither secure nor reliable enough to be
> used as a account recovery mechanism. And also most of the vendors has
> completely removed support for security questions including google. In C5,
> security question sets will be some what strengthen the recovery and makes
> it hard to guess the questions. But seems like need to consider whether it
> need to be implemented or not.
>

I personally have never used a security question to recover any of the
accounts of which I forgot passwords. Its always a recovery through email
or mobile. Therefore I don't see this as a valuable feature.

>
> *2)  Is it necessary to include security questions in user self sign-up
> page? If needed, following way is appropriate?*
> As we have planned, in C5, admin can create several security question sets
> and can configure the minimum number of questions that need to be answered
> by a user. So that in self sign up UI when populating security questions to
> a user,
>
>- security questions need to be categorized according to the security
>question sets
>- all the sets need to be populated for the user
>- user can select any number of security questions from different sets
>not from a same set
>- need to validate whether the user has answered for the minimum
>number of questions
>
> When an answer to a question is personal, the question itself is probably
personal too. Therefore I don't think an admin can decide on what questions
to be asked from you. Its unlikely you'll remember an answer to a question
which is not very relevant to you. If we're doing this (I'm negative on
implementing the feature itself too :)), I think we should let the user
decide his own questions and answers.


> Appreciate your ideas on this.
>
> Thanks and Regards
> --
> Indunil Upeksha Rathnayake
> Software Engineer | WSO2 Inc
> Emailindu...@wso2.com
> Mobile   0772182255
>
> _______
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM] Content-Length of the message header is missing when it goes through the API Gateway

[Nuwan Dias]

Hi all,

This is the expected behavior of the product AFAIK. And this behavior is
related to response chunking since the Gateway by default sends data in
chunked mode. There are four possible combinations related to response
chunking.

1. Back-End sends chunked data, Gateway also sends in chunked mode.
2. Back-End sends chunked data, Gateway sends in un-chunked mode.
3. Back-End sends un-chunked data, Gateway sends in chunked mode.
4. Back-End sends un-chunked data, Gateway also sends in un-chunked mode.

The behavior you're experiencing is (3). The reason is because the Gateway
by default sends data in chunked mode and hence it drops off the
Content-Length header.

The behavior you're expecting is (4) and to do that you need to set the
FORCE_HTTP_CONTENT_LENGTH and COPY_CONTENT_LENGTH_FROM_INCOMING properties.
Hence the JiRA actually cannot be considered a bug :).

If this particular back-end is in our (wso2) control, I would suggest that
we fix it to support chunking since most modern services support it. And
then disable chunking on the Gateway if the clients of the API cannot work
on chunked data. Switch to option (2) basically.

Thanks,
NuwanD.

On Wed, Jan 11, 2017 at 8:42 AM, Joseph Fonseka <jos...@wso2.com> wrote:

> Hi Hasunie
>
> It would be ideal if we can enable this only for the specific APIs but the
> way IoT publisher's the APIs it will be hard to achieve.
>
> Thanks
> Jo
>
> On Wed, Jan 11, 2017 at 4:18 AM, Hasunie Adikari <hasu...@wso2.com> wrote:
>
>> Hi all,
>>
>> IOT backend server gives Content-length header of the response as
>> expected, But Issue is arisen while passing it through the API Gateway,
>> Content-Length of the response header is missing. We have already created
>>  a public JIRA [1]
>> for the issue in APIM 2.1.0 RC1.
>> Since the issue is affected only for few of APIS, We are trying to add
>> some custom sequence (outSequence) by creating per API Extensions [2].
>>
>> 
>> > value="true"/>
>> > value="true" scope="axis2"/>
>> 
>>  
>>
>> [1] https://wso2.org/jira/browse/APIMANAGER-5573
>> [2] https://docs.wso2.com/display/AM1100/Adding+Mediation+Extensions
>>
>>
>> Thanks
>> Hasunie
>>
>> --
>> *Hasunie Adikari*
>> Software Engineer
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>> blog http://hasuniea.blogspot.com
>> Mobile:+94713350904 <+94%2071%20335%200904>
>>
>
>
>
> --
>
> --
> *Joseph Fonseka*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: +94 772 512 430
> skype: jpfonseka
>
> * <http://lk.linkedin.com/in/rumeshbandara>*
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [IS] [C5] Self sign-up in C5 User Portal

[Nuwan Dias]

Having a captcha should be supported OOTB in the default portal. I assume
we've considered that to be so in C5?

On Wed, Jan 4, 2017 at 9:22 AM, Dimuthu Leelarathne <dimut...@wso2.com>
wrote:

>
>
> On Tue, Jan 3, 2017 at 1:00 PM, Ishara Karunarathna <isha...@wso2.com>
> wrote:
>
>>
>>
>> On Tue, Jan 3, 2017 at 12:52 PM, Johann Nallathamby <joh...@wso2.com>
>> wrote:
>>
>>> What are the new user stories we are trying to implement that are not
>>> already there in IS 5.3.0? Can we come up with a list of new requirements?
>>> Isn't most of the above user stories already there in IS 5.3.0?
>>>
>> Yes in 5.3.0 we have almost complete user store. But when it comes to C5
>> implementation we can't cover it with a single milestone release,So we need
>> to start with a simple user story and use different version of that adding
>> other use cases associated with that.
>>
>>
> First we need to envision what we are going to achieve in the long run.
> Then we need to start with the simplest case. For C5 are we trying to
> achieve something different to what we already have?
>
> thanks,
> Dimuthu
>
> -Ishara
>>
>>
>>> On Tue, Jan 3, 2017 at 10:30 AM, Ishara Karunarathna <isha...@wso2.com>
>>> wrote:
>>>
>>>> Hi Indunil,
>>>>
>>>> When we think about self sign up.
>>>> basic use case is User comes to self sign up page and add his user
>>>> informations, system will create a account and let user to login.
>>>>
>>>> But there are lot of associated use cases with this. For example.
>>>> 1. Once user self signed up need to send a verification mail.
>>>> 2. self sign up should go through a approval process.
>>>> 3. User should be assign to a particular roles.
>>>>
>>>> To cater those requirements we need additional features.  And we may
>>>> need several version of this user story to complete this feature.
>>>> For the 1st implementation better to implement the simple case. where
>>>> use self sign up and login (with login permission only )
>>>>
>>>> Thanks,
>>>> -Ishara
>>>>
>>>>
>>>>
>>>> On Tue, Jan 3, 2017 at 9:54 AM, Indunil Upeksha Rathnayake <
>>>> indu...@wso2.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> In IS C5, we are currently implementing self sign-up in the User
>>>>> Portal and having following considerations regarding the self sign-up
>>>>> functionality.
>>>>>
>>>>> what would be the correct way of achieving self sign-up and would like
>>>>> to know how it has been implemented in other C5 based products.
>>>>> If self sign up is enabled, *users should be create their own user
>>>>> accounts and will be able to logged in immediately?* or there should
>>>>> be an *account confirmation through the email* which helps to confirm
>>>>> an actual user? or there should be configurations to enable/disable both
>>>>> registration and account confirmation?
>>>>>
>>>>> And when it comes to self sign-up, specially if there are no account
>>>>> confirmation, in C5, I think it's better to include improvements such as a
>>>>> way to *allow anyone to sign up (no restrictions) or restrict users
>>>>> to specific domains* and also a way to choose whether *administrators
>>>>> should receive an email when a new account is created*.
>>>>>
>>>>> I would appreciate your ideas/suggestions on this.
>>>>>
>>>>> Thanks and Regards
>>>>> --
>>>>> Indunil Upeksha Rathnayake
>>>>> Software Engineer | WSO2 Inc
>>>>> Emailindu...@wso2.com
>>>>> Mobile   0772182255 <077%20218%202255>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Ishara Karunarathna
>>>> Associate Technical Lead
>>>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>>>
>>>> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
>>>> +94717996791 <+94%2071%20799%206791>
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Technical Lead &a

Re: [Dev] APIM C5 Analytics - Designing Event streams

[Nuwan Dias]

  : STRING
>>
>> application_name: STRING
>>
>> application_id   : STRING
>>
>> protocol : STRING
>>
>> gateway_domain : STRING
>>
>> gateway_ip   : STRING
>>
>>
>>
>> *name: org.wso2.apimgt.statistics.throttle*
>>
>> *version : 2.0.0*
>>
>> api  : STRING
>>
>> context  : STRING
>>
>> publisher: STRING
>>
>> throttled_time   : LONG
>>
>> application_name: STRING
>>
>> application_id   : STRING
>>
>> application_owner   : STRING
>>
>> user_id  : STRING
>>
>> subscriber   : STRING
>>
>> throttled_reason : STRING
>>
>> throttled_policy : STRING
>>
>> gateway_domain : STRING
>>
>> gateway_ip   : STRING
>>
>>
>>
>> *name: org.wso2.apimgt.statistics.workflow*
>>
>> *version : 2.0.0*
>>
>> workflow_reference : STRING
>>
>> workflow_status  : STRING
>>
>> workflow : STRING
>>
>> created_time : LONG
>>
>> updated_time : LONG
>>
>> node_domain  : STRING
>> node_ip  : STRING
>>
>>
>> Thanks and Regards
>> --
>> Rukshan Chathuranga.
>> Software Engineer.
>> WSO2, Inc.
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Regards,
> Uvindra
>
> Mobile: 33962
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Returning token state from Identity Server introspect response.

[Nuwan Dias]

Yeah, AFAIK we don't be descriptive on the error response.

On Mon, Dec 5, 2016 at 10:45 AM, Sanjeewa Malalgoda <sanje...@wso2.com>
wrote:

> Yes i think its ok if introspection only send inactive. Anyway we don't
> need to send specific error message as it make possible user to guess token.
> As i know usually we dont send descriptive error message to users when
> auth failure happens.
>
> Thanks,
> sanjeewa.
>
> On Sat, Dec 3, 2016 at 9:55 PM, Ishara Cooray <isha...@wso2.com> wrote:
>
>> Thanks Farasath and Maduranga.
>>
>> Hi Nuwan/Sanjeewa,
>>
>> As per the above we won't be able to respond to an api request with
>> reason for an inactive token such as 'token expired' but we will respond as
>> 'token is inactive'.
>>
>> Appreciate your thoughts.
>>
>>
>>
>> Thanks & Regards,
>> Ishara Cooray
>> Senior Software Engineer
>> Mobile : +9477 262 9512 <077%20262%209512>
>> WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>> On Sat, Dec 3, 2016 at 12:08 AM, Maduranga Siriwardena <
>> madura...@wso2.com> wrote:
>>
>>> Hi Ishara,
>>>
>>> According to the specification, it is not recommended to expose too much
>>> details about why the token is not active.
>>>
>>>Note that to avoid disclosing too
>>>much of the authorization server's state to a third party, the
>>>authorization server SHOULD NOT include any additional information
>>>about an inactive token, including why the token is inactive.
>>>
>>>
>>> Sending response as expired, expose too much details about the
>>> authorization server's state, as I understand. And in the same time 
>>> specification
>>> specifically says to send {"active": false} response for any inactive
>>> token or any error response (other than unauthorized client). So sending
>>> such a custom attribute is not suitable either.
>>>
>>> Thanks,
>>>
>>> On Fri, Dec 2, 2016 at 10:51 PM, Farasath Ahamed <farasa...@wso2.com>
>>> wrote:
>>>
>>>> Hi Ishara,
>>>>
>>>> The '*active*' parameter is mandatory according to the Introspection
>>>> spec[1], to indicate the status of the token.
>>>>
>>>> If we are to send something like what you have suggested we could do so
>>>> by using a custom attribute in response. But then again that would be
>>>> something specific to our implementation and would not be understood by
>>>> standard clients right?
>>>>
>>>>
>>>> [1] https://tools.ietf.org/html/rfc7662#section-2.2
>>>>
>>>>
>>>> Thanks,
>>>> Farasath Ahamed
>>>> Software Engineer, WSO2 Inc.; http://wso2.com
>>>> Mobile: +94777603866
>>>> Blog: blog.farazath.com
>>>> Twitter: @farazath619 <https://twitter.com/farazath619>
>>>> <http://wso2.com/signature>
>>>>
>>>>
>>>>
>>>> On Fri, Dec 2, 2016 at 10:38 PM, Ishara Cooray <isha...@wso2.com>
>>>> wrote:
>>>>
>>>>> I have used introspect end point to get token info with Identity
>>>>> Server 5.3.0
>>>>> I get {'active':false} response even for expired token.
>>>>>
>>>>> *Request :*
>>>>> curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST
>>>>> --data 'token=a2c12c81-33fb-3e07-aa5e-c50639011199'
>>>>> https://localhost:9443/oauth2/introspect
>>>>> <https://www.google.com/url?q=https%3A%2F%2Flocalhost%3A9443%2Foauth2%2Fintrospect=D=1=AFQjCNEpi8QB_64Z4cbYhSNt1Ip7mao6vQ>
>>>>>
>>>>> *Response:*
>>>>> {'active':false}
>>>>>
>>>>> But, if we can have the{ state : expired } that way we can provide a
>>>>> more concrete response to end user.
>>>>>
>>>>> wdyt?
>>>>>
>>>>> Thanks & Regards,
>>>>> Ishara Cooray
>>>>> Senior Software Eng
>>>>>
>>>>> ineer
>>>>> Mobile : +9477 262 9512 <+94%2077%20262%209512>
>>>>> WSO2, Inc. | http://wso2.com/
>>>>> Lean . Enterprise . Middleware
>>>>>
>>>>> ___
>>>>> Dev mailing list
>>>>> Dev@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>> ___
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Maduranga Siriwardena
>>> Software Engineer
>>> WSO2 Inc; http://wso2.com/
>>>
>>> Email: madura...@wso2.com
>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>> Blog: http://madurangasblogs.blogspot.com/
>>> <http://wso2.com/signature>
>>>
>>
>>
>
>
> --
>
> *Sanjeewa Malalgoda*
> WSO2 Inc.
> Mobile : +94713068779 <+94%2071%20306%208779>
>
> <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.
> blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
>
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] carbon-mediation-4.6.8 Staged

[Nuwan Dias]

Thanks.

On Wed, Nov 30, 2016 at 4:44 PM, Nuwan Wimalasekara <nuw...@wso2.com> wrote:

> Hi All,
>
> Please find the staged carbon-mediation-4.6.8 at [1]
>
>
> [1] https://maven.wso2.org/nexus/content/repositories/
> orgwso2carbonmediation-1009
>
> Thanks,
> Nuwanw
>
> --
> Nuwan Wimalasekara
> Associate Technical Lead
> WSO2, Inc.: http://wso2.com
> lean. enterprise. middleware
>
> phone: +94 71 668 4620 <+94%2071%20668%204620>
>
>
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM][CORS] Caching preflight response in API Console

[Nuwan Dias]

Can't we use the _cors_request_handler_ sequence to set this value? Users
don't  have access to the synapse api xml file. And even if they change it,
it'll be overriden when you save again unless its set in the velocity
template as well. So if we can maintain it at the sequence these shouldn't
be a problem.

On Fri, Nov 18, 2016 at 5:28 PM, Abimaran Kugathasan <abima...@wso2.com>
wrote:

> Hi Jo/Nuwan,
>
> We have to set the property like below. Shall we have 15 mins as the
> default value in code level and let API Developer to override it through
> api synapse xml file like below?
>
>  class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
> 
> 
> 
>
>
> On Thu, Nov 3, 2016 at 11:57 AM, Joseph Fonseka <jos...@wso2.com> wrote:
>
>> +1 to merge the fix to carry this forward better if we can add this to
>> the publisher UI as well.
>>
>> Thanks
>> Jo
>>
>> On Thu, Nov 3, 2016 at 11:28 AM, Abimaran Kugathasan <abima...@wso2.com>
>> wrote:
>>
>>> Hi Dev,
>>>
>>> CORS specification allows caching the preflight response for a certain
>>> number of seconds through Access-Control-Max-Age header [1] .
>>>
>>> Some browsers have this feature by default which overrides this header
>>> if the value specified is greater than their value[2]
>>>
>>> Firefox - 24 hours
>>> Chrome - 10 minutes
>>> Chromium - 5 seconds
>>>
>>> Mathieu(https://github.com/mathieu-pousse) has sent a PR though [3].
>>> Please review and provide feedback.
>>>
>>>
>>> [1] : https://www.w3.org/TR/cors/#access-control-max-age-response-header
>>> [2] : https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/
>>> Access-Control-Max-Age
>>> [3] : https://github.com/wso2/carbon-apimgt/pull/3114
>>>
>>>
>>> --
>>> Thanks
>>> Abimaran Kugathasan
>>> Senior Software Engineer - API Technologies
>>>
>>> Email : abima...@wso2.com
>>> Mobile : +94 773922820
>>>
>>> <http://stackoverflow.com/users/515034>
>>> <http://lk.linkedin.com/in/abimaran>
>>> <http://www.lkabimaran.blogspot.com/>  <https://github.com/abimarank>
>>> <https://twitter.com/abimaran>
>>>
>>>
>>
>>
>> --
>>
>> --
>> *Joseph Fonseka*
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: +94 772 512 430
>> skype: jpfonseka
>>
>> * <http://lk.linkedin.com/in/rumeshbandara>*
>>
>>
>
>
> --
> Thanks
> Abimaran Kugathasan
> Senior Software Engineer - API Technologies
>
> Email : abima...@wso2.com
> Mobile : +94 773922820
>
> <http://stackoverflow.com/users/515034>
> <http://lk.linkedin.com/in/abimaran>
> <http://www.lkabimaran.blogspot.com/>  <https://github.com/abimarank>
> <https://twitter.com/abimaran>
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [dev][APIM 1.7] Alternatives for API creation/deletion audit logs

[Nuwan Dias]

You can write a registry handler (for the api artifact type) to capture API
additions, removals and updates.

On Thu, Oct 27, 2016 at 3:52 PM, Thilini Cooray <thili...@wso2.com> wrote:

> Hi Jo,
>
> Since AM_API table does not contain fields to capture user details in APIM
> 1.7, AFAIU we would need a code level modification to it.
> WDYT?
> ATM I only limited to fields available in AM_API table due to it.
>
> Thanks.
>
> On Thu, Oct 27, 2016 at 3:38 PM, Joseph Fonseka <jos...@wso2.com> wrote:
>
>> Hi
>>
>> I guess you would need to capture user details as well for an audit log
>> entry. Do you have a plan on getting the user data at db level.
>>
>> Thanks
>> Jo
>>
>> On Thu, Oct 27, 2016 at 3:27 PM, Thilini Cooray <thili...@wso2.com>
>> wrote:
>>
>>> Hi Uvindra,
>>>
>>> Details in AM_API will be enough for the audit log.
>>> If we want to capture lifecycle state details I understand that we need
>>> to look at registry resources as well.
>>>
>>> Thanks.
>>>
>>> On Thu, Oct 27, 2016 at 3:21 PM, Uvindra Dias Jayasinha <
>>> uvin...@wso2.com> wrote:
>>>
>>>> HI Thilini,
>>>>
>>>> If all you want to check is when an API is added or deleted then the
>>>> same approach of using trigger for AM_API table is enough. But what
>>>> information exactly do you need to collect for the audit?
>>>>
>>>> On 27 October 2016 at 14:23, Thilini Cooray <thili...@wso2.com> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> APIM 1.7 does not support audit logs for operations such as API
>>>>> creation and deletion, application creation and deletion.
>>>>> I am looking for alternatives which can be used for collecting audit
>>>>> data.
>>>>>
>>>>> Since application data are only stored in AM_DB, we can collect
>>>>> application related audit data by adding a database trigger for
>>>>> AM_APPLICATION table.
>>>>>
>>>>> However, API details are stored in both AM_DB and Registry DB.
>>>>> Therefore what is the recommended way for collecting audit data for
>>>>> API creation and deletion?
>>>>>
>>>>> Will it be reliable enough to just add a database trigger for AM_API
>>>>> table for insertions and deletions ?
>>>>>
>>>>> Thanks.
>>>>>
>>>>> --
>>>>> Best Regards,
>>>>>
>>>>> *Thilini Cooray*
>>>>> Software Engineer
>>>>> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20774%20570112>
>>>>> E-mail : thili...@wso2.com
>>>>>
>>>>> WSO2 Inc. www.wso2.com
>>>>> lean.enterprise.middleware
>>>>>
>>>>> ___
>>>>> Dev mailing list
>>>>> Dev@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Uvindra
>>>>
>>>> Mobile: 33962
>>>>
>>>
>>>
>>>
>>> --
>>> Best Regards,
>>>
>>> *Thilini Cooray*
>>> Software Engineer
>>> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20774%20570112>
>>> E-mail : thili...@wso2.com
>>>
>>> WSO2 Inc. www.wso2.com
>>> lean.enterprise.middleware
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> --
>> *Joseph Fonseka*
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: +94 772 512 430
>> skype: jpfonseka
>>
>> * <http://lk.linkedin.com/in/rumeshbandara>*
>>
>>
>
>
> --
> Best Regards,
>
> *Thilini Cooray*
> Software Engineer
> Mobile : +94 (0) 774 570 112 <%2B94%20%280%29%20774%20570112>
> E-mail : thili...@wso2.com
>
> WSO2 Inc. www.wso2.com
> lean.enterprise.middleware
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Editing scopes in API manager

[Nuwan Dias]

At the moment the Publisher UI doesn't allow you do edit the scope
definition. You have to remove the scope and add it back again.

On Sun, Oct 23, 2016 at 4:15 PM, Chathura Ekanayake <chath...@wso2.com>
wrote:

> Is there a way to edit existing scope details? I think it is useful to add
> or remove authorized roles in a scope. One problem in editing scope details
> is that it could make currently issued tokens inconsistent with the
> authorization policy. I think we can handle that by invalidating all issued
> token upon a scope change.
>
> - Chathura
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Enable/Disabling hostname verification in carbon 4.4.10

[Nuwan Dias]

Thanks. We (API Manager) will upgrade to 4.4.10 as soon as its released.

On Wed, Sep 28, 2016 at 10:25 PM, Kishanthan Thangarajah <
kishant...@wso2.com> wrote:

> FYI.
>
> Thanks,
>
> On Wed, Sep 28, 2016 at 12:31 PM, Lakshman Udayakantha <lakshm...@wso2.com
> > wrote:
>
>> Hi Folks,
>>
>> Enabling/disabling hostname verification was added to carbon kernel
>> 4.4.10 onwards as a system property. The property added was
>> httpclient.hostnameVerifier. Possible values can be Strict, AllowAll,
>> DefaultAndLocalhost. These values will behave same as synapse host name
>> verification options.
>>
>> 1. Strict - A wildcard such as "*.foo.com" matches only subdomains in
>> the same level, for example "a.foo.com".  It does not match deeper
>> subdomains such as "a.b.foo.com".
>> 2. AllowAll - Turn off the host name verification. Note that this is not
>> recommended in production setup. This is only for demo and testing purposes
>> only.
>> 3. DefaultAndLocalhost - Works same way as default, except one with one
>> additional relaxation: a host of "localhost", "localhost.localdomain",
>> "127.0.0.1", "::1" will always pass, no matter what is in the server's
>> certificate.
>> 4. If any of the above parameter not provided, it behaves in default
>> way. The only difference between default and Strict is that a wildcard
>> (such as "*.foo.com") with default matches all subdomains, including "
>> a.b.foo.com".
>>
>> example usage:
>>
>> -Dhttpclient.hostnameVerifier=AllowAll
>>
>> Thanks
>> --
>> Lakshman Udayakantha
>> WSO2 Inc. www.wso2.com
>> lean.enterprise.middleware
>> Mobile: *0717429601*
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Kishanthan Thangarajah*
> Technical Lead,
> Platform Technologies Team,
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - +94773426635
> Blog - *http://kishanthan.wordpress.com <http://kishanthan.wordpress.com>*
> Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>*
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev