I found a white paper the wso2 soa security gateway solution that builds a security gateway for SOA.
and in WSO2 API Manager Home page it says that:
It leverages proven, production-ready integration, security, and
governance components from the WSO2 Enterprise Service Bus, WSO2
Identity Server, and WSO2 Governance Registry. In addition, it
leverages the WSO2 Business Activity Monitor for Big Data analytics,
giving you instant insight into APIs behavior.
my question is: Does WSO2 API Manager do every thing mentioned in whitepaper document? if yes why the whitepaper is written? can we use WSO2 API Manager as an XML Gateway?
Given white paper has been published in 2011 and WSO2 API manger is resealed later 2012 and it is improving with the industry standards. All most all the aspects were covered in latest WSO2 API manger (v 1.7).
You can make use of WSO2 API manger or WSO2 ESB for XML Gateway.
Related
Good day
I have created my ESB project using the enterprise integration studio provided by wso2 and have also downloaded the API manager separately. Meanwhile when I start WSO2 API manager, API Publisher and developer dashboard open.
I just want to create WSO2 API Gateway. How can I achieve this also I want gateway should be access based.
Please assist me how can I proceed for the gateway implementation.
I only want the WSO2 API gateway.
WSO2 APIM is consist of 5 profiles as Gateway, Traffic Manager, Publisher, Store(Devportal in APIM 3.x series) and KM profiles. You can start an APIM with the default profile (if you started as sh wso2server.sh) and you can work with each profile. But if you want to start APIM as Gateway profile, then you need to start the server with "-Dprofile" mode as follows.
sh wso2server.sh -Dprofile=gateway-worker
You can read this document https://docs.wso2.com/display/AM260/Product+Profiles to aware of the profile of wso2 APIM.
And WSO2 has Micro GW product too, you can find more details about that MGW here https://docs.wso2.com/display/AM260/Working+with+the+API+Microgateway. You can download the form here https://wso2.com/api-management/api-microgateway/ and test.
In API Manager, I pass APIs in API Manager with respective services, also after reading documentacion of API Manager version 3.0.0 (https://apim.docs.wso2.com/en/latest/GettingStarted/overview/), I know in Publisher there exists a ESB, also in my case I work with this cases I think is part of ESB:
WSO2 OAuth Mediator(JAR).
File JSON by WSO2 OAuth Mediator, with endpoints referents to API's I'm cosuming.
In publisher page I add Custom Policies in request or response.
But existing WSO2 Enterprise Integrator (EI) version 6.6.0, this component have a ESB.
My questions are:
In my case, really I work with ESB?
How to integrate API Manager with EI?
WSO2 API Manager gateway is built on top of Synapse engine which is the same engine used in WSO2 EI (ESB). Using API Manager you can do simple mediation. But if you want to do any complex mediation, then you should use EI (ESB) along with API Manager.
To reduce the memory footprint we are looking for single installation for WSO2 IS and WSO2 ESB products, such that both WSO2 IS and WSO2 ESB can shares the same application server and resources. Is a single installation available for WSO2 IS and WSO2 ESB products?
Also I would like to know, can we customize the WSO2 IS/WSO2 ESB login page? Customization could be changes to the layout, labels, logos.
WSO2 API Manager is a complete solution for designing and publishing APIs, creating and managing a developer community, and for scalably routing API traffic.
It leverages proven, production-ready integration, security, and governance components from the WSO2 Enterprise Service Bus, WSO2 Identity Server, and WSO2 Governance Registry. In addition, it leverages the WSO2 Data Analytics Server for analytics, giving you instant insight into APIs behavior.
Since all WSO2 products are opensource, you can customize for your own purposes. You can find the source code in Github
We are already using mule ESB in our infrastructure. Can API manager of WSO2 use mule ESB as API gateway instead of WSO2 ESB. If YEs, Can somebody please help me with Steps.
I have doubt how to achieve throttling and Rate limiting features of API manager in mule ESB if replaced and how seamless integration is?
This is possible due to the pluggable architecture of WSO2 API Manager, but this is not straight forward. The Gateway component of the API Manager handles Token Validation, Throttling, Caching and Mediation. Of these features Token Validation is configurable out of the box with any external Token Validating component since it uses Web service calls since it has a Web Service interface. The other 3 features will require customization at code level in order to function with Mule ESB. Therefore this is not the most recommended approach.
WSO2 API Manager can be used without an external ESB instance out of the box. So that would be the best way to use it.
I am evaluating the WSO2 API Manager. From a security perspective I have a couple of question on the API Manager capabilities, which I was not able to find through the documentation:
Does WSO2 API Server support security features by detecting/checking the content on incoming messages for attacks, redirection/traffic routing? If yes, how does it support?
Do the GUI portals offered by WSO2 (API Portal, API Publisher, etc) enable protection against cross-site scripting, SQL injection and XML content or structural threats and viruses?
Thanks in advance.
Regards,
Ritwik
Yes, WSO2 API Manager's API Gateway is essentially an ESB and can check the content of incoming requests and detect message attacks. It is also possible to route traffic. You can direct access the API definition from the admin console of the API Manager (or directly from the file system)
Yes both the API Store and Publisher is secured against cross site scripting, SQL injection and XML content threats