Sunday, March 10, 2019

Configure WSO2 API Manager Analytics 2.6.0 with PostgreSQL

First, you need to configure the WSO2 API Manager to publish statistics. Please follow the following steps to configure the API-Manager. 

  1. Open the <API-M_HOME>/repository/conf/api-manager.xml file. 
  2. Under the <Analytics> sub element, set the Enabled parameter to true.
  3. Change the following parameters according to the instance information.
    i. <StreamProcessorServerURL> 
       <protocol>://<hostname>:<port>
        Ex:    <StreamProcessorServerURL>tcp://192.168.104.68:7612</StreamProcessorServerURL>
    ii. <    StreamProcessorRestApiURL>
          https://<host>:<port>
      Ex:-    <StreamProcessorRestApiURL>https://192.168.104.68:7444</StreamProcessorRestApiURL>

Then you need to configure the PostgreSQL Database. Please follow the following steps.


  1. First, you need to install PostgreSQL.
  2. Log in to the Postgre user using the following command.
    sudo -u postgres psql
  3. Create a stats_db using the following command.
    create database stats_db

Configure the Dashboard profile in Analytics node.

Configure the dashboard profile.

  1. Open the <API-M_ANALYTICS_HOME>/conf/dashboard/deployment.yaml file.
  2. Edit the APIM_ANALYTICS_DB section according to the following example.
    #Data source for APIM Analytics
     - name: APIM_ANALYTICS_DB
        description: Datasource used for APIM Analytics
        jndiConfig:
         name: jdbc/APIM_ANALYTICS_DB
        definition:
         type: RDBMS
         configuration:
           jdbcUrl: 'jdbc:postgresql://192.168.104.73:5432/stats_db'
           username: gayantha
           password: gayantha
           driverClassName: org.postgresql.Driver
           maxPoolSize: 50
           idleTimeout: 60000
           connectionTestQuery: SELECT 1
           validationTimeout: 30000
           isAutoCommit: false

Configure the worker profile.

  1. Open the <API-M_ANALYTICS_HOME>/conf/worker/deployment.yaml file.
  2. Edit the APIM_ANALYTICS_DB section according to the following example.
    name: APIM_ANALYTICS_DB description: "The datasource used for APIM statistics aggregated data." jndiConfig: name: jdbc/APIM_ANALYTICS_DB definition: type: RDBMS configuration: jdbcUrl: 'jdbc:postgresql://192.168.104.73:5432/stats_db' username: gayantha password: gayantha driverClassName: org.postgresql.Driver maxPoolSize: 50 idleTimeout: 60000 connectionTestQuery: SELECT 1 validationTimeout: 30000 isAutoCommit: false
  3. Open the <API-M_ANALYTICS_HOME>/conf/dashboard/deployment. yaml file. Configure WSO2AM_MGW_ANALYTICS_DB to the same database as APIM_ANALYTICS_DB in the /conf/worker/deployment.yaml file.
  4. Create the AM_USAGE_UPLOADED_FILES table in the WSO2AM_STATS_DB database using the following query.
    CREATE TABLE IF NOT EXISTS AM_USAGE_UPLOADED_FILES (
    FILE_NAME varchar(255) NOT NULL,
    FILE_TIMESTAMP TIMESTAMP(0) DEFAULT CURRENT_TIMESTAMP,
    FILE_PROCESSED smallint DEFAULT 0,
    FILE_CONTENT BYTEA DEFAULT NULL,
    PRIMARY KEY (FILE_NAME, FILE_TIMESTAMP)
    );

Setting up the PostgreSQL driver.

  1. Download the PostgreSQL JDBC driver from here.
  2. Go to the <API-M_ANALYTICS_HOME>/bin directory. Run the command given below, to generate the converted file in the <API-M_ANALYTICS_HOME>/lib directory.
    ./jartobundle.sh <PATH_TO_PostgreSQL_JDBC_JAR> ../lib
Posted by at No comments:

Sunday, January 14, 2018

Customizing permissions for WSO2 products.

This article is explaining how to add custom permission and retrieve those permitted in WSO2 products.

How to add custom permissions to the current permission tree in WSO2 products.


There are two methods for adding custom permissions.

Method 1.
You can add application-specific permissions to the current registry permission tree by creating a new service provider.

To do so,

  • Go to Management console -> Main -> Service Providers -> Add Enter Service Provider name, then expand role/permission configuration. (https://localhost:9443/carbon)
  • As it added you can find a new role. It is created for this service provider.
  • Then it will edit the service providers that you created to add Permissions. Go to 'Role/Permission Configuration'.
  • Add new Permission for application and click ‘Update’
  • To verify the permission is added, go to ‘permission tree’ at Home > Configure > Users and Roles > Roles > Permissions.
Method 2.
You can add new permissions to the existing permission tree through the registry browse in the Management Console. 

To do so,


  • Go to Main -> Resources -> Browse -> /_system/governance/permission Add Collection, then set the property to the created collection.
  • Make sure Name should be a "name" when set the property under the property section.
  • Click the add button.

Retrieve assigned permissions of the role



You can use getRolePermissions() operation of the UserAdmin service to retrieve the assigned permissions of a role.
  • Set the <HideAdminServiceWSDLs> element to false in the <PRODUCT_HOME>/repository/conf/carbon.xml file.
  • Run the server using this command "sh wso2server.sh -DosgiConsole"
  • When the server is started, hit the enter/return key several times to get the OSGI shell in the console.
  • In the OSGI shell, type: osgi> listAdminServices.
  • Use this WSDL for invoking the login method.
http://localhost:9763/services/AuthenticationAdmin?wsdl


  • After you invoke the login method you will get a JSESSIONID as a response.
  • Then you can invoke the getRolePermissions method using this JSESSIONID.
  • For invoking getRolePermissions method use this WSDL .

https://<HOST>:8243/services/UserAdmin?wsdl

😉 When you invoke these methods from SOAPUI please change the port number to 9443.









Posted by



at





No comments:
  







































          

        

          

        

Saturday, December 2, 2017


          

        









Customize error response message - WSO2 API-Manager













Customize the response message when a token is invalid or expired.







In WSO2 API-Manager all failure messages will hit the auth failure handler. So that you can customize the response message by editing auth_failure_handler.xml file. You can find this XML file from <APIM_HOME>/repository/deployment/server/synapse-configs/default/sequences directory. 








    

  • When the token is invalid or expired, you will get 900901 error codes. So that you need to set it to the filter to filter out the error response message. 
    • 





<sequence name="_auth_failure_handler_" xmlns="http://ws.apache.org/ns/synapse">
    <property name="error_message_type" value="application/json"/>
    <filter source="get-property('ERROR_CODE')" regex="900901">
      <then>
          <sequence key="sample"/>
          <drop/>
      </then>
      <else>
      </else>
    </filter>
    <sequence key="_build_"/>
</sequence>









In above sequence filter condition remains the same message goes to then element. The messages that do not match the filter criteria message goes through else element. 







Then create a sample.xml file in the same directory.  



Add these configurations to sample.xml file.










<sequence xmlns="http://ws.apache.org/ns/synapse" name="sample">
<payloadFactory media-type="json">
 <format>
     {
     "transaction_id": "ABC",
     "desc": "Success"
      }
 </format>
</payloadFactory>
<property name="RESPONSE" value="true" />
<header name="To" action="remove" />
<property name="NO_ENTITY_BODY" scope="axis2" action="remove" />
<property name="ContentType" scope="axis2" action="remove" />
<property name="Authorization" scope="transport" action="remove" />
<property name="Access-Control-Allow-Origin" value="*" scope="transport" />
<property name="Host" scope="transport" action="remove" />
<property name="Accept" scope="transport" action="remove" />
<property name="X-JWT-Assertion" scope="transport" action="remove" />
<property name="HTTP_SC" value="403" scope="axis2"/>
<property name="messageType" value="application/json" scope="axis2" />

<send/>
</sequence>









You can add your JSON response message under the <format> tag.







How to customize the response for specific APIs.



You can  customize the response to specific APIs  by adding two nested filters to 
<APIM_HOME>/repository/deployment/server/synapse-configs/default/sequences/auth_failure_handler.xml
 file. 








    

  • Add API names which you want to keep the original XML response to the outer filter.
    • 






<sequence name="_auth_failure_handler_" xmlns="http://ws.apache.org/ns/synapse">



     <property name="error_message_type" value="application/xml"/>



    <filter source="$ctx:SYNAPSE_REST_API" regex="admin--Test2:v1.0 | admin--Test1:vv1.0">



        <then>



          <sequence key="_build_"/>



        </then>



        <else>



          <filter source="get-property('ERROR_CODE')" regex="900901">



            <then>



                <sequence key="sample"/>



                <drop/>



            </then>



            <else>



            </else>



          </filter>



        </else>



    <sequence key="_build_"/>



      </filter>



</sequence>









In above sequence, we can filter out specific APIs which we want to customize the response from API name.




















Posted by



at





3 comments:
  







































        

      









Subscribe to:
Posts (Atom)