In some cases, there can be a requirement to share the application and its subscription among the set of specific users. Let's say this is the admin users in the organizations. Such a requirement can be required in cases where admin needs to troubleshoot client applications and it’s subscriptions. At the moment application sharing feature enable on users in the same group of the organizations. How it is different from this is, with default application sharing feature, all the users in the group can view the applications. With customization approach, this will not allow all the users but enable only to the users who belong to the roles those are defined when an application creates. With original implementation, an application can have multiple groups and it is denoted as an organization claim. With customization, we consider it as the roles that can be viewable. Hence users should have the same roles in order to view and it is not visible if standard users among the group. Once this customization is applied, the original feature gets removed and you will not be able to share among the group.
This customization can be achieved by extending the default DefaultGroupIDExtractorImpl class or implementing the original NewPostLoginExecutor class interface. In the default implementation what it does is, it return the group ID’s belongs to login users. Then it keeps in the session and used when group ID related operations are performed. In this customization, we can override claim retrieval codes and add role retrieving codes. So it is an easy task and we can just replace the claim retrieval codes with roles listing logics.
We can create a new maven project and import the APIM dependencies of the target version. In this case, I’m trying with APIM 2.5.0 and its carbon component version is 6.3.95.
Following dependencies need to be imported into the project. We can simply reuse the original component pom as the parent pom, then all the required versions and repository get inherit to your project. Then component pom.xml will look like this.
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.rukspot.samples</groupId> <artifactId>com.rukspot.samples.appsharing</artifactId> <version>1.0-SNAPSHOT</version> <parent> <groupId>org.wso2.carbon.apimgt</groupId> <artifactId>carbon-apimgt</artifactId> <version>6.3.95</version> </parent> <dependencies> <dependency> <groupId>org.wso2.carbon.apimgt</groupId> <artifactId>org.wso2.carbon.apimgt.api</artifactId> </dependency> <dependency> <groupId>org.wso2.carbon.apimgt</groupId> <artifactId>org.wso2.carbon.apimgt.impl</artifactId> </dependency> </dependencies> </project>
We can implement the group id extractor class with new name RoleIDExtractorImpl. And it’s implementation look like this.
Once the project implementation is done,
<APIStore> <GroupingExtractor>com.rukspot.samples.appsharing.RoleIDExtractorImpl</GroupingExtractorg> </APIStore>
With this, a user will be able to define which roles need to be had for users to see their application. So this must be able by the application owner by defining the roles when they create an application. If there is a requirement to admin to mandate this and see all the application, we can change the HTML and add default role to the required. And also you can hide them in the UI when you list them. Also, you can add another application creation workflow to add the required roles. Also, UI still shows you the Groups field. You can change the locale or subtheme to make it meaningful like visible roles etc.
Complete project can be found in here