I am using wso2 microgateway to proxy our backend api. I need to write a logging interceptor which can log the access events and auth/security related logging events to a separate log file.
From the sample java interceptor, I could understand that the wso2 mgw uses slf4j api and binds to java util logging api. The logs are written to microgateway.log file in the gateway runtime tool.
What is the best way to accomplish this requirement?
Related
What are the alternatives available while using WSO2 Identity server as PDP?
If we use WSO2 ESB, its creating one extra layer..
So what benefits we will get by using it? If we use Sun's XACML API to send and receive request and response in some class which act as PEP then would it be bad design?
It is not needed to use the WSO2 ESB as a PEP. You can write you own PEP to integrate with your application. As an example, if your application is an java web application, you can write your own PEP client to call the EntitlementService.
Advantage of using WSO2 ESB is that, It can act as Security Gateway for you all type of requests. It can do authentication/security protocol switching and more.. It has an extensible architecture.. If your all idea is to only to use WSO2ESB as PEP, I do not think it is worth. ESB is also calling EntitlementService of the WSO2IS. Therefore you can directly call it from your application. You can write simple PEP client using java. You can find java client from here and you can integrate it with your application as PEP. There are some place that have been done it. Please find one from here. In his sample, command line client calling the EntitlementService
I have an internal webservice exposed in SOAP/HTTP. What I am trying to achieve using API manager is to expose my internal SOAP based webservice over different protocols like XML, JSON etc.
Does WSO2 API manager have that capability.
Thanks and Regards
Privin Thomas
If you wish to transform the incoming message into a different format for the backend. This can be done using the underlying ESB capabilities of the API Manager - there are actualy several ways. IMHO, the easiest way to do this is with Mediation Extensions. For information on adding a Mediation Extension to an API, please see the documentation here:
https://docs.wso2.com/display/AM170/Adding+Mediation+Extensions
WSO2 APIM by default supports OAuth2 for securing APIs. If I want to secure my APIs with other standard mechanisms such as BASIC or custom authorization mechanism(eg: based on xml body elements values of request), what is the approach I should follow?
In documentation it tells about writing a custom handler link . I guess this handler is invoked at transport level which will apply for all the API requests over that transport ??.
Does APIM supports adding other security(eg:Basic) mechanisms for each API when an API is added by publisher? and if so does that happen inside the ESB proxy service sequence or before it hits the proxy service?
The API Manager UI supports only OAuth based security, you can modify the synapse configuration of the API to support Basic auth to validate based on HTTP header. Customer authentication can be supported through handler. A reference to the handler has to be included in each API that you want to secure using the custom logic. This can be done by modifying the synapse config of the API.
You need write custom authentication handler and set as an handler configuration for that specific API
A backend service needs to know the user for the service call. Reading through the API 1.6.0 documentation I have configured it to generate JWT and removed and republished my services as stated. Running tests, I am not seeing the JWT being passed to the backed service in the response headers in Fiddler. I am not using the ESB or Identity services from WSO2.
What am I missing?
JWT information should be passed in the header under the parameter X-JWT-Assertion. The Content is been encoded. Use TCPMon to intercept the request and see if the API Manager is actually passing the JWT. This would be a good starting point to debug.
From what I've read and experienced, the API Manager 1.3.1 only generates proxies. However, I would like to proxy a back-end SOAP service with a SOAP service proxy and have the proxy implement a WS-Policy with a WS-SecurityPolicy.
Is there built-in support for this in API Manager 1.3.1?
Will there be support for this in the next version of API Manager?
If no, then what steps would I take to have the API Publisher and Store apps recognize SOAP proxies?
I hope that API Manager is not the ideal way to start to implement your use case. You should use Enterprise Serivce bus which provides the UI and necessary other tools to implement the scenario.
You can install the required features (Which is pre installed in ESB) to API manager and use those features. But you can just go ahead with WSO2 ESB as it is.
http://docs.wso2.org/wiki/display/ESB402/Secure+Proxy+Template
in wso2esb, itself contains throttling [1]/analytics[2] support.You can check the documentation on how to enable the throttling for proxies. If you like to use APIManager, define a proxy in another instance(like ESB) and provide that as endpoint when you create an API. But that proxy has to handle REST calls..
But from my understanding, you can simply use wso2esb.
[1]http://docs.wso2.org/wiki/pages/viewpage.action?pageId=15471353
[2]http://docs.wso2.org/wiki/display/ESB451/Statistics