Thanks, Sanjeewa. I added this infor in [1]. Samuel, if relevant, please point to this section from the clustering guide too. This is about how to clear the API Gateway cache and the steps actually explain how to configure this in a clustered APIM setup.
[1] https://docs.wso2.org/display/AM170/Configuring+Caching#Claring API Gateway cache On Fri, May 23, 2014 at 1:19 AM, Sanjeewa Malalgoda <sanje...@wso2.com>wrote: > > > > On Mon, May 19, 2014 at 11:57 AM, Nirdesha Munasinghe > <nirde...@wso2.com>wrote: > >> Thanks for reporting. Doc JIRA created: >> https://wso2.org/jira/browse/DOCUMENTATION-842. >> >> >> On Sat, May 17, 2014 at 8:49 PM, Sanjeewa Malalgoda <sanje...@wso2.com>wrote: >> >>> Hi All, >>> We found following issues in gateway cache when we regenerate >>> application tokens from API store user interface(or calling revoke API). >>> >>> 01. If we generate new application access token from ui old tokens >>> remain as active in gateway cache. >>> 02. If we use revoke API deployed in gateway it will clear only super >>> tenants cache. >>> >>> hi Nirdesha, > Please note following change in this configurations. > >> To address these issues recently we introduced new parameter named >>> RevokeAPIURL. In distributed deployment we need to configure this parameter >>> in API key manager node. Then it will call API pointed by RevokeAPIURL >>> parameter. RevokeAPIURL parameter should be pointed to revoke API deployed >>> API gateway nodes. If it is gateway cluster we can point to one node. So >>> from this release on wards all revoke requests will route to oauth service >>> through revoke API deployed in API manager. When revoke response route >>> through revoke API cache clear handler will invoke. Then it will extract >>> relevant information form transport headers and clear associated cache >>> entries. In distributed deployment we should configure followings. >>> >>> 01. In key manager node, point gateway API revoke end point as follows. >>> <!-- This the API URL for revoke API. When we revoke tokens revoke >>> requests should go through this >>> API deployed in API gateway. Then it will do cache >>> invalidations related to revoked tokens. >>> In distributed deployment we should configure this property in key >>> manager node by pointing >>> gateway https url. Also please note that we should point gateway >>> revoke service to key manager--> >>> <RevokeAPIURL>https:// >>> ${carbon.local.ip}:${https.nio.port}/revoke</RevokeAPIURL> >>> >>> 02. In API gateway revoke API should be pointed to oauth application >>> deployed in key manager node. >>> <api name="_WSO2AMRevokeAPI_" context="/revoke"> >>> <resource methods="POST" url-mapping="/*" >>> faultSequence="_token_fault_"> >>> <inSequence> >>> <send> >>> <endpoint> >>> <address uri=" >>> https://keymgt.wso2.com:9445/oauth2/revoke"/> >>> </endpoint> >>> </send> >>> </inSequence> >>> <outSequence> >>> <send/> >>> </outSequence> >>> </resource> >>> <handlers> >>> <handler >>> class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/> >>> </handlers> >>> </api> >>> >>> We need to add this to our product documents as well. >>> >>> >>> Thanks, >>> sanjeewa. >>> -- >>> >>> *Sanjeewa Malalgoda* >>> WSO2 Inc. >>> Mobile : +94713068779 >>> >>> <http://sanjeewamalalgoda.blogspot.com/>blog >>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>> >>> >>> >> >> >> -- >> >> Thanks, >> >> Nirdesha Munasinghe, >> WSO2 Inc. >> Web:http://wso2.com >> >> Mobile: +94 776321920 >> > > > > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 > > <http://sanjeewamalalgoda.blogspot.com/>blog > :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> > > > -- Thanks, Nirdesha Munasinghe, WSO2 Inc. Web:http://wso2.com Mobile: +94 776321920
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
