apim_4xx_support_multiple_analytics_publishers APIM manage workflow with multiple roles APIM 3.0.0 per API based subscription workflow Logging internal HTTP requests Log APIM analytics events to a file Monetization and sample with WSO2 API Manager 2.6.0 Share application and subscription among a set of specific groups or roles WSO2 APIM Correlating analytics event with correlationID APIM analytics distinguish production and sandbox traffic APIM 2.x.x analytics internal and analytics tuneup Configure APIM(Next release) Key Manager User stores APIM(Next release) working with key manager DAS 3.x Parse system variables to Spark Context Revoke OAuth application In APIM 2.1.0 Next WSO2 APIM powered by WSO2 Ballerina Configure WSO2 APIM Analytics on Cluster environment Configure WSO2 DAS 3.1.0 for WSO2 APIM 2.0.0 Analytics WSO2 APIM publishing custom statistics WSO2 APIM Error codes Working with WSO2 message tracer Use DAS admin service to query using Spark SQL Configure WSO2 APIM Analytics using XML WSO2 APIM Generating and Retrieving Custom Statistics Understanding WSO2 APIM Statistics Model Publishing WSO2 APIM 1.10.x Runtime Statistics to DAS with RDBMS Publishing_APIM_1100_Runtime_Statistics_to_DAS Aggregate functions with WSO2 DAS REST API Create a cApp for WSO2 DAS Debugging WSO2 Products using OSGI console. Publishing APIM Runtime Statistics to DAS Deploy cApp on WSO2 DAS How to configure and start the Accumulo minicluster How to setup DNS server on Ubuntu and Ubuntu server How to use Java Reflection how to install apache web server on ubuntu and ubuntu server How to install Mail server on Ubuntu and Ubuntu server How to install squirrelmail webmail client on Ubuntu and Ubuntu Server Pass and return String value to JNI method Pass and return numeric value to JNI method Calling a C Function from the Java Programming Language using JNI AXIS 2 Sample web service Client with maven and eclipse How to setup AXIS 2 with Apache Tomcat AXIS 2 Sample web service with maven and eclipse Robot framework Sample with Selenium Robot framework Custom Library Sample Behaviour-Driven Development with JBehave and Eclipse Play Audio with Netbeans and linking with LibVLC Implement LibVLC based player with QT-part2 Simple Audio playing sample with LibVLC How to install LibVLC on Ubuntu Implement LibVLC based player with QT-part1
Share application and subscription among a set of specific groups or roles

In some cases, there can be a requirement to share the application and its subscription among the set of specific users. Let's say this is the admin users in the organizations. Such a requirement can be required in cases where admin needs to troubleshoot client applications and it’s subscriptions. At the moment application sharing feature enable on users in the same group of the organizations. How it is different from this is, with default application sharing feature, all the users in the group can view the applications. With customization approach, this will not allow all the users but enable only to the users who belong to the roles those are defined when an application creates. With original implementation, an application can have multiple groups and it is denoted as an organization claim. With customization, we consider it as the roles that can be viewable. Hence users should have the same roles in order to view and it is not visible if standard users among the group. Once this customization is applied, the original feature gets removed and you will not be able to share among the group.

  1. Approach

    This customization can be achieved by extending the default DefaultGroupIDExtractorImpl class or implementing the original NewPostLoginExecutor class interface. In the default implementation what it does is, it return the group ID’s belongs to login users. Then it keeps in the session and used when group ID related operations are performed. In this customization, we can override claim retrieval codes and add role retrieving codes. So it is an easy task and we can just replace the claim retrieval codes with roles listing logics.

  2. Implementation

    We can create a new maven project and import the APIM dependencies of the target version. In this case, I’m trying with APIM 2.5.0 and its carbon component version is 6.3.95.

    Following dependencies need to be imported into the project. We can simply reuse the original component pom as the parent pom, then all the required versions and repository get inherit to your project. Then component pom.xml will look like this.

    <?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.rukspot.samples</groupId>
    <artifactId>com.rukspot.samples.appsharing</artifactId>
    <version>1.0-SNAPSHOT</version>

    <parent>
        <groupId>org.wso2.carbon.apimgt</groupId>
        <artifactId>carbon-apimgt</artifactId>
        <version>6.3.95</version>
    </parent>

    <dependencies>
        <dependency>
            <groupId>org.wso2.carbon.apimgt</groupId>
            <artifactId>org.wso2.carbon.apimgt.api</artifactId>
        </dependency>
        <dependency>
            <groupId>org.wso2.carbon.apimgt</groupId>
            <artifactId>org.wso2.carbon.apimgt.impl</artifactId>
        </dependency>
    </dependencies>
</project>

    We can implement the group id extractor class with new name RoleIDExtractorImpl. And it’s implementation look like this.

  3. Deployment

    Once the project implementation is done,

    • build the project with command mvn clean install.
    • Then copy com.rukspot.samples.appsharing-1.0-SNAPSHOT.jar in the target dir to wso2am-2.5.0/repository/components/lib dir.
    • Then we need to define the custom group ID extractor by editing api-manager.xml in wso2am-2.5.0/repository/conf/ as follow. 
      <APIStore>
    <GroupingExtractor>com.rukspot.samples.appsharing.RoleIDExtractorImpl</GroupingExtractorg>
</APIStore>
    4. Once done save and restart the server.
  4. Testing
    • Let's create 3 users with the following roles.
      • User1 - internal/subscriber
      • User2 - internal/subscriber
      • adminUser - internal/subscriber, admin
    • Create a following application with the group ID parameter
      • User1 - application name as app1 and Groups name as admin
      • User2 - application name as app2 and Groups name as admin
    • Then login to the store again with admin user and list the application.
    • You will be able to see the user1 and user2 applications in there.
  5. What's next

    With this, a user will be able to define which roles need to be had for users to see their application. So this must be able by the application owner by defining the roles when they create an application. If there is a requirement to admin to mandate this and see all the application, we can change the HTML and add default role to the required. And also you can hide them in the UI when you list them. Also, you can add another application creation workflow to add the required roles. Also, UI still shows you the Groups field. You can change the locale or subtheme to make it meaningful like visible roles etc.

    Complete project can be found in here[1]

  6. References
    1. https://github.com/ruks/apim-share-application
    2. https://docs.wso2.com/display/AM250/Sharing+Applications+Between+Multiple+Groups
2019-01-12 07:06:44 | Rukshan Chathuranga

Add Comment

* Required information
1000
Powered by Commentics

Comments (0)

No comments yet. Be the first!