Hi Ruwan,
Please find my inline comments.
1. Is there a way to generalize the "BinaryFileStorage" out of
"MobileAppsConfiguration" tag, because this might be needed in some other
app types(say we support desktop apps) in future.
Yes it's possible to move this configuration out of MobileAppsConfiguration.
+1 for that.
2. FilePreciseLocation seems odd. Can we change it to "AbsoluteLocation",
no "File" prefix needed IMO.
This configuration was an already existing config in (mam-config.json)
and we just moved this to app-manager.xml in order to maintain configs in a
single file. I also think that renaming the config like AbsoluteLocation
makes sense.
3. "FileAPILocation", do we need this. Are we allowing this to be
configured, will this be a deployment configuration. I think not. Can we
just document this API so that other products like EMM knows which to call.
FileAPILocation configuration is introduced for one-time download link
generation purposes. We decided to make this configurable, since there is a
possibility of changing the API context on this Jaxrs API. As per the
offline discussion we had, we'll make only the API context configurable.
4. WhiteListed REST API, what is the security mechanism in place to prevent
unauthorized access?
We have introduced another Interceptors called
'PreAuthenticationInterceptor'[1] and there we identify whether the
incoming API request is for a whitelisted API (read the app-manager.xml to
identify whitelisted APIs) . If it is a whitelisted API, then a parameter
is set to incoming message to mark it as a whitelisted API call and in
OAuthInterceptor it skips the authentication. (We referred the whitelisted
API implementation in APIM)
[1] -
https://github.com/wso2/carbon-appmgt/blob/master/components/org.wso2.carbon.appmgt.rest.api.util/src/main/java/org/wso2/carbon/appmgt/rest/api/util/interceptors/PreAuthenticationInterceptor.java
On Thu, Jun 16, 2016 at 9:36 AM, Ruwan Abeykoon <ruw...@wso2.com> wrote:
> Hi AppM Team,
> Few comments,
> 1. Is there a way to generalize the "BinaryFileStorage" out of
> "MobileAppsConfiguration" tag, because this might be needed in some other
> app types(say we support desktop apps) in future.
> 2. FilePreciseLocation seems odd. Can we change it to "AbsoluteLocation",
> no "File" prefix needed IMO.
> 3. "FileAPILocation", do we need this. Are we allowing this to be
> configured, will this be a deployment configuration. I think not. Can we
> just document this API so that other products like EMM knows which to call.
> 4. WhiteListed REST API, what is the security mechanism in place to
> prevent unauthorized access?
>
> Cheers,
> Ruwan
>
> On Thu, Jun 16, 2016 at 12:06 AM, Thilini Shanika <thili...@wso2.com>
> wrote:
>
>> Hi EMM Team,
>>
>> We have added new configurations to default app-manager.xml [1] that we
>> shift with org.wso2.carbon.appmgt.core.feature
>> <https://github.com/wso2/carbon-appmgt/tree/master/features/org.wso2.carbon.appmgt.core.feature>
>> . Since you are maintaining a separate app-manager.xml in [1], please
>> add the following new configurations which are related with binary file
>> storage, one-time download link generation, and whitelisted REST Apis.
>>
>> 1. Binary file storage config - For mobile binary file (.apk and.ipa
>> files) storage location(FilePreciseLocation) and one-time mobile app
>> download REST API (FileAPILocation)configuration
>>
>> <MobileAppsConfiguration>
>> .............
>> <BinaryFileStorage>
>>
>> <FilePreciseLocation>${carbon.home}/repository/resources/mobileapps/</FilePreciseLocation>
>>
>> <FileAPILocation>/api/appm/store/v1.1/apps/mobile/binaries/one-time/</FileAPILocation>
>> </BinaryFileStorage>
>> </MobileAppsConfiguration>
>>
>> 2. WhiteListed REST API configuration - The APIs defined under this
>> config are whitelisted and can be accessed without OAuth security headers
>> <RESTAPI>
>> <!--Configure white-listed URIs of REST API. Accessing
>> white-listed URIs does not require credentials (does not require
>> Authorization header). -->
>> <WhiteListedURIs>
>> <WhiteListedURI>
>>
>> <URI>/api/appm/store/{version}/apps/mobile/binaries/one-time/{uuid}</URI>
>> <HTTPMethods>GET,HEAD</HTTPMethods>
>> </WhiteListedURI>
>> <WhiteListedURI>
>>
>> <URI>/api/appm/store/{version}/apps/static-contents/{fileName}</URI>
>> <HTTPMethods>GET,HEAD</HTTPMethods>
>> </WhiteListedURI>
>> <WhiteListedURI>
>>
>> <URI>/api/appm/store/{version}/apps/mobile/plist/{appId}/{uuid}</URI>
>> <HTTPMethods>GET,HEAD</HTTPMethods>
>> </WhiteListedURI>
>> </WhiteListedURIs>
>> </RESTAPI>
>>
>> 3. IosPlistPath config - This configuration value should point to new
>> REST API for to retrieve plist.
>>
>> <MDMConfig>
>> ...........
>> <Config
>> name="IosPlistPath">/api/appm/store/v1.1/apps/mobile/plist</Config>
>> </MDMConfig>
>>
>> [1] -
>> https://github.com/wso2/carbon-appmgt/blob/master/features/org.wso2.carbon.appmgt.core.feature/src/main/resources/config/app-manager.xml
>> [2] -
>> https://github.com/wso2/product-emm/blob/master/modules/distribution/src/repository/conf/app-manager.xml
>>
>>
>> Thanks
>> Thilini
>> --
>> Thilini Shanika
>> Senior Software Engineer
>> WSO2, Inc.; http://wso2.com
>> 20, Palmgrove Avenue, Colombo 3
>>
>> E-mail: tgtshan...@gmail.com
>>
>>
>> _______________________________________________
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com <http://wso2.com/> *
> *lean.enterprise.middleware.*
>
> email: ruw...@wso2.com
>
--
Thilini Shanika
Senior Software Engineer
WSO2, Inc.; http://wso2.com
20, Palmgrove Avenue, Colombo 3
E-mail: tgtshan...@gmail.com
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
