I am new to wso2 api manager.I created my own service in that and i want to expose that service thru publisher of wso2. By using swagger its very difficult to generate the custom json request for post method.Suppose i want to create json below classes in swagger.In below classes one class contain list of other classes.Its very difficult and time consuming to generate the json for below classes in Swagger UI.
public class Student {
private String name;
private List<Address> address;
private List<PhoneNumber> phoneNumber;
}
public class Address{
private String street_name;
private String city;
private String state;
private String country;
}
public class PhoneNumber{
private Long mob_no;
private String type;
}
Is there any alternative to generate the json in WSo2 api manager or any api which generate the json for object.
Related
I am able to create a collection with the postman public API using the following endpoint:
POST https://api.getpostman.com/collections
In the Postman UI, there is the possibility to create a new collection for an API:
How can I do the same thing via Postman API?
I would imagine that there is supposed to be an endpoint like
POST https://api.getpostman.com/api/{{apiId}}/collections
I'm using the Quarkus Rest Client to communicate with an external service which uses two cookies to authenticate all requests. These two cookies are returned from an authentication API and from every subsequent API call. Is there a way to handle these cookies automatically? Currently I'm getting the cookies from the response object of the authentication API and I manually send them in every request using #CookieParam.
I haven’t try it, but can’t you do something like this:
//pseudo code !!!
#RestClient
public interface UsersClient {
#POST
String backendCall(#CookieParam("Token1") token1, #CookieParam("Token2") String token2)
#POST
Map<String,String> authenticate(String param)
default String makeCall(String param) {
var tokens = authenticate(param);
return backendCall(tokens.get(0), tokens.get(1));
}
}
From your service you inject this rest client and call the makeCall(...) method. That should authenticate you against your server, and use the tokens from the response and send these as cookies to the backend call.
Apologies for any mistakes in the code: I‘ve written it from my tablet. But I hope the idea is clear.
And also check the Microprofile Rest client documentation for more information:
https://download.eclipse.org/microprofile/microprofile-rest-client-2.0/microprofile-rest-client-spec-2.0.html#_sample_definitions
I need to determine if a request is for a sandbox or production environment in a WSO2 custom handler? How can I get that information?
public class CustomHandler extends AbstractHandler {
#Override
public boolean handleRequest(MessageContext messageContext) {
//GET Environment info...
Assume it is an unauthenticated request and it doesn't contain an access token.
The environment is always decided based on the access token. If the API is open it's by default sent to the production environment. See [1].
[1] https://github.com/wso2/carbon-apimgt/blob/6.x/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/security/oauth/OAuthAuthenticator.java#L197
I have developed a simple Spring boot and spring security for form login with the below configuration
#Configuration
#EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Autowired
private UserDetailsService userDetailsService;
#Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/registration").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
http.csrf().disable();
}
#Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder());
}
I have also created custom userDetailsService Implementation to get the user.
Now, When I login in from a web page using a login form, I am able to login successfully and able to access secured endPoints as well(I am able to see JSESSIONID as well in subsequent response.
But when I try to login via a different service(An Android app) using httpPost with url : http://localhost:9090/login, I can see that the user is authenticated.
But I am then unable to access the secured endPoints from the android app. The response returns back a HTML string(The login page data).
I can also not see the JSESSIONID in the response.
Overall, My configuration is working fine for web pages, but unable to get it worked from other api's.
It works when you use the web page login form because your UI and server are in the same domain. When Spring Security authenticates a user I believe it adds a session id to the cookie header so it is able to authenticate every request after you login. When hitting your Spring API from another domain, in this case your Android App, it is no longer in the same domain, so Spring Security won't add the session id to the cookie header. So to do what you want to do I believe you have to write your own authentication filter to add a cookie or header to the request. Here is a link that uses JSON Web Tokens to authenticate an api using spring boot.
https://auth0.com/blog/implementing-jwt-authentication-on-spring-boot/
I am creating a Java EE web service application. I am not sure on how to implement login:
Is it better for login to be implemented in a JAVA EE web service application by storing the UserPrincipal in the SessionContext and retrieving it every time a method is called programmatically to use
e.g say customer A buys a product, is it good programming practice to store the UserPrincipal in SessionContext, and retrieve the userid from it to use in the transaction,
or,
is it better to pass a token every time for each transaction and store all users logged in and the tokens issued in a table, so that when the purchase is done, the token can be used to retrieve the user id?
The most common way is to login once, authenticating user info (uname, password)with db,
then saving in a session the users data or the user role (for example, with session scoped bean).
That way the user data\ user role is persisted and is accessible when you need it (server side or client side)
public class UserSession implements Serializable {
// login-related fields
protected String userName;
protected String userPassword;
protected Object requestInfo;
//session related info
private Object sessionInfo ;
private boolean loggedIn;
/** This method tries to login the user
*/
private login (userName,password){
loggedIn = callDbAndAuthenticateUser(userName,password)
}
Define that bean scope to session, and update it on the session
In another bean or directly from the jsf page check the getter isLoggedIn to know if the user is logged.
Edit
You use ejb\rmi when you access the database.Those issues are not necessarily the same\related,
you can pass the credentials to the method you invoke remotely, or you can handle authorization at your local server and let your local authentication mechanism invoke the remote method.
AFAIK, best practice is to store USER_ID in the DB.