[Dev] [C5] MSF4J Interceptors need to be configurable.

2016-12-06 Thread Ishara Cooray 
HI,

We are using MSF4J interceptor for securing REST APIs in API Manager. [1]
As for now Interceptor registration happens at the class level @Component
annotation as below.

@Component(
name =
"org.wso2.carbon.apimgt.rest.api.common.interceptors.OAUTH2SecurityInterceptor",
service = Interceptor.class,
immediate = true
)
The limitations here are

   1. it is not possible to have more than one interceptor that will
   dynamically pick when an api call is received(Because the order matters and
   we are not certain which interceptor will take into effect ).
   2. We cannot explicitly configure to use Custom interceptors because of
   the above[1] reason.

Do we have any plans for these limitations?

Thanks & Regards,
Ishara Cooray
Senior Software Engineer
Mobile : +9477 262 9512
WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [C5] MSF4J Interceptors need to be configurable.

2016-12-06 Thread Thusitha Thilina Dayaratne 
Hi Ishara,

As you have mentioned, with the current architecture we can't set the
specific interceptor for a particular service but rather to all services in
the registry. And also if there are multiple interceptors and one
interceptor returns false from its' preCaall then the invocation chain will
not continue further.

IMHO we have few options

   - We can implement a way to register specific interceptors to specific
   services
   - We can support JAX-RS Filters
   - We can provide a way to skip some interceptors for specific services

@Azeez WDYT?

Thanks
Thusitha


On Wed, Dec 7, 2016 at 10:56 AM, Ishara Cooray  wrote:

> HI,
>
> We are using MSF4J interceptor for securing REST APIs in API Manager. [1]
> As for now Interceptor registration happens at the class level @Component
> annotation as below.
>
> @Component(
> name = "org.wso2.carbon.apimgt.rest.api.common.interceptors.
> OAUTH2SecurityInterceptor",
> service = Interceptor.class,
> immediate = true
> )
> The limitations here are
>
>1. it is not possible to have more than one interceptor that will
>dynamically pick when an api call is received(Because the order matters and
>we are not certain which interceptor will take into effect ).
>2. We cannot explicitly configure to use Custom interceptors because
>of the above[1] reason.
>
> Do we have any plans for these limitations?
>
> Thanks & Regards,
> Ishara Cooray
> Senior Software Engineer
> Mobile : +9477 262 9512 <+94%2077%20262%209512>
> WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thusitha Dayaratne
Software Engineer
WSO2 Inc. - lean . enterprise . middleware |  wso2.com

Mobile  +94712756809
Blog  alokayasoya.blogspot.com
Abouthttp://about.me/thusithathilina

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [C5] MSF4J Interceptors need to be configurable.

2016-12-07 Thread Maduranga Siriwardena 
On Wed, Dec 7, 2016 at 12:52 PM, Thusitha Thilina Dayaratne <
thusit...@wso2.com> wrote:

> Hi Ishara,
>
> As you have mentioned, with the current architecture we can't set the
> specific interceptor for a particular service but rather to all services in
> the registry. And also if there are multiple interceptors and one
> interceptor returns false from its' preCaall then the invocation chain will
> not continue further.
>
> IMHO we have few options
>
>- We can implement a way to register specific interceptors to specific
>services
>- We can support JAX-RS Filters
>- We can provide a way to skip some interceptors for specific services
>
> In IS also we have this requirement to engage some interceptors for a set
of msf4j services and skip for others. For now the requirement is to enable
authentication for a set of endpoints and skip for others.
So we greatly appreciate if you can support this feature in the next
release.

Thanks,
Maduranga.


> @Azeez WDYT?
>
> Thanks
> Thusitha
>
>
> On Wed, Dec 7, 2016 at 10:56 AM, Ishara Cooray  wrote:
>
>> HI,
>>
>> We are using MSF4J interceptor for securing REST APIs in API Manager. [1]
>> As for now Interceptor registration happens at the class level @Component
>> annotation as below.
>>
>> @Component(
>> name = "org.wso2.carbon.apimgt.rest.a
>> pi.common.interceptors.OAUTH2SecurityInterceptor",
>> service = Interceptor.class,
>> immediate = true
>> )
>> The limitations here are
>>
>>1. it is not possible to have more than one interceptor that will
>>dynamically pick when an api call is received(Because the order matters 
>> and
>>we are not certain which interceptor will take into effect ).
>>2. We cannot explicitly configure to use Custom interceptors because
>>of the above[1] reason.
>>
>> Do we have any plans for these limitations?
>>
>> Thanks & Regards,
>> Ishara Cooray
>> Senior Software Engineer
>> Mobile : +9477 262 9512 <+94%2077%20262%209512>
>> WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thusitha Dayaratne
> Software Engineer
> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>
> Mobile  +94712756809 <+94%2071%20275%206809>
> Blog  alokayasoya.blogspot.com
> Abouthttp://about.me/thusithathilina
> 
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Maduranga Siriwardena
Software Engineer
WSO2 Inc; http://wso2.com/

Email: madura...@wso2.com
Mobile: +94718990591
Blog: http://madurangasblogs.blogspot.com/

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev