How to write sample class mediator to get system property and inject to...
Here i have added class mediator code and sample synapse configuration to get carbon server home property. To test this create java project and add following class mediator code file to...
View ArticleRead system property using proxy service deployed in WSO2 ESB
Here i have added sample synapse configuration to get carbon server home property and return it as response. Add this configuration and invoke proxy service. You will get carbon.home as...
View ArticleHow to modify JWT to retrieve subscriber details instead of end user - WSO2...
IN WSO2 API Manager JWT generated per API call. To generate we will use access token coming with the request. From this token we will retrieve token owner(person who generated token).Once we have token...
View ArticleEnable web service key validation and session affinity - WSO2 API Manager...
In clustered environment following issue can happen if we didn't enabled session affinity.TID: [0] [AM] [2015-11-01 23:31:42,819] WARN...
View ArticleClik here to view.
API Manager distributed deployment best practices - API gateway Deployment in...
Normally when we deploy API Manager in different zones we need to follow security related best practices. Here in this post we will briefly describe about API Manager gateway deployment in DMZ and...
View ArticleHow to change logged in user password in WSO2 Carbon based products
If you need to call user admin service and perform this operation you can use following information. Service URL https://sanjeewa-ThinkPad-T530:9443/services/UserAdmin PayLoad...
View ArticleHow to enable mutual SSL connection between WSO2 API Manager gateway and key...
In WSO2 API Manager we will do service calls from gateway to key manager to validate tokens.For this we will use key validation client. Lets add following code and build jar file.package...
View ArticleHow to use custom authentication header and pass it as auth header to back...
In this article we will describe how we can use custom authentication header and pass it as auth header to backend server.You can add a mediation extension [1], and have a custom global sequence in the...
View ArticleHow to hide actual backend wsdl by providing internal WSDL in WSO2 API Manager
In WSO2 API Manager we can provide wsdl when we create API. And users may be able to access it from UI. When we store API in registry we will rewrite endpoints to match with API created. But still...
View ArticleServer to server communication in WSO2 Carbon based products
Normally for server to server communication we use basic auth as security mechanism(user name and password). But for this communication we can use mutual SSL like mechanism(if need). In this case we...
View ArticleHow to reduce API Manager oauth token table growth and clean old tokens -...
With current model token table will not grow fast. AFAIR in API Manager 1.1.0 and 1.2.0 we had this problem due to having multiple active access tokens for same user/app combination. But according to...
View ArticleHow to generate custom JWT in WSO2 API Manager 1.8.0
In this post we will discuss how to use external implementation for JWT generating logic. Recently we introduce accessToken to generateToken() method available in AbstractJWTGenerator class which...
View ArticleConfigure WSO2 API Manager 1.8.0 with reverse proxy (with proxy context path)
Remove current installation of Nginxsudo apt-get purge nginx nginx-common nginx-fullInstall Nginxsudo apt-get install nginxEdit configurationssudo vi /etc/nginx/sites-enabled/defaultCreate ssl...
View ArticleHow to run WSO2 API Manager 1.8.0 with Java Security Manager enabled
In Java, the Security Manager is available for applications to have various security policies. The Security Manager helps to prevent untrusted code from doing malicious actions on the system.Here in...
View ArticleHow to write API Manager selenium test case to login publisher and view stats
In this article i will share sample code to login API publisher and view stats dashboard. You can use similar tests to test API Manager stats dash board related functionalities.Add following source to...
View ArticleSample JAX-RS web application to test Application servers for basic...
I have created web application[1] which we can use for security tests. With this rest service we can perform basic security tests like file copy, delete, system property read etc. Also added sample...
View ArticleClik here to view.
How to use account lock/ unlock feature in WSO2 API Manager 1.6.0
Create new user named testuser. Grant subscriber permission.Then install required features to APIM 1.6.0 and restarted serverThen locked test user as follows.Goto claim management UI and make...
View ArticleHow to implement custom JWT generator and custom claim retriever and link...
Here in this post we will discuss how to use custom code for JWT generation and Claims retrieve logic. I have explained custom JWT generation with API Manager 1.8.0 in this...
View ArticleHow to use two layer throttling in WSO2 API Manager
Create new tier definitionsHere in this post i will discuss how we can use two throttling policies at a given time for single API.When we have complex use cases we might need to apply different...
View ArticleHow to get custom error messages for authentication faliures in WSO2 API...
Here in this post i will discuss how we can generate custom error messages for auth failures. If you need to retrieve message in application/vnd.error+json format you need to add following parameter to...
View Article