Skip to main content

Posts

Showing posts from 2016

Generate JWT access tokens from WSO2 Identity Server

In Identity Server 5.2.0 we have created an interface to generate access tokens. Using that we have developed a sample to generate JWT tokens. You can find that sample under msf4j samples[1][2]. If you are build it as it is you will need to use Java 8 to build since msf4j is developed on Java 8. So you will need to run Identity Server on Java 8 as well. After building the project[2] please copy the jar inside target directory to $IS_HOME/repository/components/dropins/ directory. And then please add the following configuration to Identity.xml which is placed under $IS_HOME/repository/conf/identity/ folder inside tag OAuth . <IdentityOAuthTokenGenerator>com.wso2.jwt.token.builder.JWTAccessTokenBuilder</IdentityOAuthTokenGenerator> Then go to the database you used to store oauth tokens (This is the database pointed from the datasource you mentioned in the $IS_HOME/repository/conf/identity/identity.xml) and then alter the size of the column ACCESS_TOKEN of the tab...

WSO2 Identity Server 5.2.0 - Setup Multiple Attribute login with JDBC userstore

In WSO2 Products multiple attribute login (login with either email or username for example) can be done with LDAP Userstore manager with simply by changing some configurations. But with JDBC Userstore manager we need some customization to achieve that. We can achieve that by using Implementing a custom userstore manager. In this blog entry I am going to make work with email and username. You can find the full sample here[1] . For login purposes To login to the server with multiple attributes, you will need to override doAuthenticate method and doGetExternalRoleListOfUser method. Following are the overridden methods for login. @Override public boolean doAuthenticate(String attribute, Object credential) throws UserStoreException { if (!checkUserNameValid(attribute)) { return false; } if (!checkUserPasswordValid(credential)) { return false; } if (UserCoreUtil.isRegistryAnnonymousUser(attribute)) { log.error(...

Improving the new relic handler to push api input and output Parameters

In previous post I described how to publish API traffic to new relic[1]. I have done some modifications to the handler to cater $subject. You will need to change the code to match your exact requirements. And I did some improvements to the code as well. Please find my modified code attachment[2]. I have added following code segments to the handler let me describe of each segment. Following segment is to build message when POST type is used. Otherwise inside handler we will get an empty envelop. try { RelayUtils.buildMessage(((Axis2MessageContext)messageContext).getAxis2MessageContext()); } catch (Exception e) { log.warn("Error occured while building message"); if(log.isDebugEnabled()){ log.debug("Exception thrown while building message", e); } } Here I push data to new relic, each parameter as a different column. So please change the code as it match your requirement. Following code segment will extract post da...

Integrate New Relic with WSO2 API Manager

In WSO2 API Manager, we have two transports. HTTP servlet transport and Passthru / NIO transport. All the web application requests are handled through HTTP servlet transport which is on 9763 port and 9443 port with ssl and here we are using tomcat inside WSO2 products. All the service requests are served via Passthru / NIO transport which is on 8082 and 8243 with ssl. When we integrate API Manager with new relic in the way discussed in blog posts [5],[6], new relic only detects the calls made to tomcat transports. So we couldn’t get the API calls related data OOTB. But by further analyzing new relic APIs I managed to find a workaround for this problem. New relic supports publishing custom events via their insights api[1]. So what we can do is publish these data via custom API handler[2]. Following is a sample implementation of a handler that I used to test the scenario. I will attach the full project herewith[7]. I have created an osgi bundle with this implementation so after building ...

Setting up Single node Kubernetes Cluster with Core OS bare metal

You might know already there is an official documentation to follow to setup a Kubernetes cluster on Core OS bare metal. But when do that specially single node cluster, I found some gaps in that documentation [1] . And another reason for this blog post is to get everything into one place. So this blog post will describe how to overcome the issues of setting up a single node cluster. Installing Core OS bare metal. You can refer to doc [2]  to install core os.  First thing is about users. Documentation [2]  tells you how to create a user without password. To login as that user you will need ssh keys. So to create a user with username password, you can use a cloud-config.yaml file. Here is a sample. #cloud-config users: - name: user passwd: $6$SALT$3MUMz4cNIRjQ/Knnc3gXjJLV1vdwFs2nLvh//nGtEh/.li04NodZJSfnc4jeCVHd7kKHGnq5MsenN.tO6Z.Cj/ groups: - sudo - docker Here value for passwd is a hash value. One of the below methods can be used...

Create an application in WSO2 App Cloud using Maven Plugins

In Application Development life cycle continuous integration is an important factor. How easy to get something deployed which is built in a build server. You can simply use maven exec plugin to run Curl commands to call rest apis. Following is an example. Before call the create application api we need to call login api and get created a logged in session. To do that we need to call login api with -c cookies and we need to call create application api with -b cookies. <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>exec-maven-plugin</artifactId> <version>1.2</version> <executions> <execution> <id>login</id> <phase>deploy</phase> <goals> <goal>exec</goal> </goals> <configuration> <executable>c...

Oauth custom basic authenticator with WSO2 IS 5.1.0

WSO2 Identity Server supports Oauth2 authorization code grant type with basic authentication OOTB. But basic authentication is done only with WSO2 user store. So there could be use cases that basic authentication has to be done against some other system. In this case you follow below steps to achieve your requirement. First you need to create an class which extends AbstractApplicationAuthenticator and implements LocalApplicationAuthenticator. Because this class is going to act as your application authenticator so it needs to be an implementation of application authenticator interface and to achieve this it needs to be a local authenticator as well. [2] public class CustomBasicAuthenticator extends AbstractApplicationAuthenticator implements LocalApplicationAuthenticator {   Then you need to override the initiateAuthenticationRequest method so you can redirect to the page to enter user and password. In my sample I redirected to the page that is used by our default basi...

Adding a servlet to Orion (Eclipse Cloud IDE) from a package built using maven.

Orion is an open source project and it is under the Eclipse Cloud Development top-level project. It’s an cloud IDE which is available online and also which can be hosted in on premise. [1] [2]. Orion can work with git repos, create git repos or work with local code same as Eclipse. Orion has two repos. For the backend server code [2] and for the client / ui code [3]. Orion server is an osgi server based on eclipse equinox. But the problems are they have not implemented the dropins concept. Because of that adding an external bundle to Orion Server is not straightforward. We have to edit the bundles.info to add a bundle to Orion server. And Orion is using jetty for the servlets. As mentioned Orion is working with Jetty and to add a servlet via a bundle is easy if we use eclipse itself to develop and bundle the package. But if we use maven to build it then the problems arises. What we have to do is add an entry to plugins.xml and package the plugins.xml to the bundle we are creating....