wso2 / product-apim Goto Github PK

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.

Home Page: http://wso2.github.io/

License: Apache License 2.0

Java 92.79% Shell 0.39% Batchfile 0.32% CSS 0.37% JavaScript 1.79% HTML 0.12% XSLT 0.07% Scala 0.02% Jupyter Notebook 0.03% Python 0.23% Handlebars 0.02% Mustache 0.42% Jinja 2.28% Less 1.17%

api-gateway gateway apis api-management rest synapse microservices

product-apim's Introduction

WSO2 API Manager

WSO2 API Manager (WSO2 API-M) is a powerful platform for creating, managing, consuming, and monitoring web APIs. It combines tried and tested SOA best practices with modern day API management principles to solve a wide range of enterprise challenges associated with API provisioning, governance, and integration.

WSO2 API Manager consists of several loosely coupled modules.

    * API Publisher
    * API Developer Portal
    * API Gateway
    * API Key Manager
    * API Traffic Manager

The API publisher module allows API publishers to easily define APIs and manage them using a strong governance model that consists of well-established concepts such as, versioning and lifecycles. API consumers can use the API Developer Portal to discover published, production-ready APIs and access them in a secure and reliable manner using unique API keys. The built-in API Gateway module provides powerful tools to secure and control the load on individual APIs.

WSO2 API Manager is based on the revolutionary WSO2 Carbon [Middleware a' la carte] framework. All the major features have been developed as reusable Carbon components.

To learn more about WSO2 API Manager please visit http://wso2.com/products/api-manager.

Key Features

Design and Prototype APIs

- Design APIs, gather developer's feedback before implementing (API First Design).
- Design can be done from the publishing interface or by importing an existing Swagger definition.
- Deploy a prototyped API, provide early access to APIs, and get early feedback.
- Mock API implementation using Javascript.
- Support publishing SOAP, REST, JSON, and XML style services as XML.

Create a Developer Portal of All the Available APIs

- Graphical experience similar to Android Marketplace or Apple App Store.
- Browse APIs by provider, tags, or name.
- Self-registration to developer community to subscribe to APIs.
- Subscribe to APIs and manage subscriptions on per-application basis.
- Subscriptions can be at different service tiers based on the expected usage levels.
- Role based access to API Developer Portal, which helps to manage public and private APIs.
- Manage subscriptions per-developer.
- Browse API documentation, download helpers for easy consumption.
- Comment on and rate APIs.
- Forum for discussing API usage issues (Available soon in a future version).
- Try APIs directly on the Developer Portal.
- Internationalization (i18n) support.

Publishing and Governing API use

- Publish APIs to external consumers and partners, as well as internal users.
- Supports publishing multiple protocols including SOAP, REST, JSON, and XML style services as APIs.
- Manage API versions and deployment status by version.
- Govern the API lifecycle (publish, deprecate, retire).
- Attach documentation (files, external URLs) to APIs.
- Provision and Manage API keys.
- Track consumers per API.
- One-click deployment to API Gateway for immediate publishing.

Control Access and Enforce Security

- Apply Security policies to APIs (authentication and authorization).
- Rely on OAuth2 standard for API access (implicit, authorization code, client, SAML, IWA Grant type).
- Restrict API access tokens to domains/IPs.
- Block a subscription and restrict a complete application.
- Associate API available to system defined service tiers.
- Leverage XACML for entitlements management and fine grained authorization.
- Configure Single Sign-On (SSO) using SAML 2.0 for easy integration with existing web apps.
- Powered by WSO2 Enterprise Service Bus (WSO2 ESB).

Route API Traffic

- Supports API authentication with OAuth2.
- Extremely high performance pass-through message routing with sub-millisecond latency.
- Enforce rate limiting and throttling policies for APIs by consumer.
- Horizontally scalable with easy deployment into cluster using proven routing infrastructure.
- Scales to millions of developers/users.
- Capture all statistics and push to pluggable analytics system.
- Configure API routing policies with capabilities of WSO2 Enterprise Service Bus.
- Powered by WSO2 Enterprise Service Bus.

Manage Developer Community

- Self-sign up for API consumption.
- Manage user account including resetting password.
- Developer interaction with APIs via comments and ratings.
- Support for developer communication via forums (Available soon in a future version).
- Powered by WSO2 Identity Server (WSO2 IS).

Govern Complete API Lifecycle

- Manage API lifecycle from cradle to grave: create, publish, block, deprecate, and retire.
- Publish both production and sandbox keys for APIs to enable easy developer testing.
- Publish APIs to partner networks such as ProgrammableWeb (Available soon in a future version).
- Powered by WSO2 Governance Registry (WSO2 G-Reg).

Monitor API Usage and Performance

- All API usage published to pluggable analytics framework.
- Out-of-the-box support for the WSO2 Analytics Platform and Google Analytics.
- View metrics by user, API, and more.
- Customized reporting via plugging reporting engines.
- Monitor SLA compliance.
- Powered by WSO2 Data Analytics Server (WSO2 DAS).

Pluggable, Extensible, and Themeable

- All components are highly customizable through styling, theming, and open source code.
- Developer Portal implemented with React.
- Pluggable to third-party analytics systems and billing systems (Available soon in a future version).
- Pluggable to existing user stores including JDBC and LDAP.
- Components usable separately. 
- Developer Portal can be used to front APIs that are routed through third-party gateways such as, Intel Expressway Service Gateway.
- Support for Single Sign On (SSO) using SAML 2.0 for easy integration with existing web apps.

Easily Deployable in Enterprise Settings

- Role based access control (RBAC) for managing users and their authorization levels.
- Developer Portal can be deployed in DMZ for external access with the Publisher inside the firewall for private control.
- Different user stores for developer focused Developer Portal and internal operations in the publisher.
- Integrates with enterprise identity systems including LDAP and Microsoft Active Directory.
- Gateway can be deployed in DMZ with controlled access to WSO2 Identity Server (for authentication/authorization) and governance database behind a firewall.

Support for Creating Multi-tenanted APIs

- Run a single instance and provide API Management to multiple customers.
- Share APIs between different departments in a large enterprise.

Publishing and Governing API Use

- Document an API using Swagger.
- Restrict API access tokens to domains/IPs.
- Ability to block a subscription and restricting a complete application.
- Ability to revoke access tokens.
- Separate validity period configuration for application access token.
- OAuth2 authorization code grant type support.
- Configuring execution point of mediation extensions.

Monitor API Usage and Performance

- Improved dashboard for monitoring usage statistics (Filtering data for a date range, More visually appealing widgets).

System Requirements

Minimum memory - 2GB
Processor - Pentium 800MHz or equivalent at minimum
Java 11 or higher
The Management Console requires you to enable Javascript of the Web browser, with MS IE 7. In addition to JavaScript, ActiveX should also be enabled with IE. This can be achieved by setting your security level to medium or lower.
Apache Ant is required to compile and run the sample clients. Apache Ant 1.7.0 version is recommended.
To build WSO2 API Manager from the source distribution, it is necessary that you have JDK 11 and Maven 3.0.4 or later.

Installation & Running

Extract the wso2am-4.3.0.zip and go to the 'bin' directory
Run the api-manager.sh or api-manager.bat script based on you operating system.
Access the respective WSO2 API-M interfaces
- API Publisher web application is running at - https://localhost:9443/publisher
  You may sign in to the Publisher using the default administrator credentials (username: admin, password: admin).
- Developer Portal web application is running at - https://localhost:9443/devportal
  You may sign in to the Developer Portal using the default administrator credentials (username: admin, password: admin).

Documentation

Online product documentation is available at: https://apim.docs.wso2.com/en/latest/

Support

WSO2 Inc. offers a variety of development and production support programs, ranging from Web-based support up through normal business hours, to premium 24x7 phone support.

For additional support information please refer to http://wso2.com/support

For more information on WSO2 API Manager please visit https://wso2.com/api-management/

Survey On Open Source Community Communication

WSO2 wants to learn more about our open source software (OSS) community and your communication preferences to serve you better.

In addition, we may reach out to a small number of respondents to ask additional questions and offer a small gift.

Link to survey: https://forms.gle/h5q4M3K7vyXba3bK6

Known Issues of WSO2 API Manager

All known issues of WSO2 API Manager are filed at:

https://github.com/wso2/api-manager/issues

Issue Tracker

Help us make our software better. Please submit any bug reports or feature requests through GitHub:

https://github.com/wso2/api-manager/issues

Crypto Notice

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

The following provides more details on the included cryptographic software:

Apache Rampart : http://ws.apache.org/rampart/
Apache WSS4J : http://ws.apache.org/wss4j/
Apache Santuario : http://santuario.apache.org/
Bouncycastle : http://www.bouncycastle.org/

product-apim's People

Contributors

Stargazers

Watchers

Forkers

ruwany nipuni fulin87 tharindu1st dgem laki88 himasha nisalaniroshana hsupunw lakmali sambaheerathan binalip vijithaekanayake-zz vishanth apremalal dineshjweerakkody jamiewalters madusankapremaratne abimarank kalumallii shashikap sanjeewa-malalgoda lrobot pulasthi ranga-siriwardena sergerehem sanethd thushara35 nisalanirmana harsha89 udarakr nadeesha5814 rasika bhathiya thusithak vinok88 malinthaprasan thilinicooray prabathariyaratna chamindias lakshani suhand gitter-badger warunap irhamiqbal rushmin lsdeva madusankap sewmi001 ruks enzo-cappa gsroberts phamthaithinh lasithasd varra4u ravihansa3000 tharikagithub praminda ayyoob nuwanw apdwivedi1208 callkalpa bmanjari dongwh chamilaadhi gusmao zhuangxiaozhao lalankea upekkaa dinusha92 isharac casperrox sidias hancy2013 lingwest sayi21cn dimuthud krishanthasamaraweera maheshakya manuri erandiganepola nectoc amalkasubasinghe rswijesena digiwes catweisun hunterfu gstreetman mfine2 westernsugarapps lahiru823 alexw10 franklu918 veritashub yasassri jsdjayanga dominik-baranowski rajeev3001 samgregoost rnavagamuwa

product-apim's Issues

Can anyone look into questions asked in stackoverflow?

There are quite a few questions unanswered there... Wondering if we have an active/supportive community for this project...

Thanks.

[C5][Publisher][REST API] 200 OK response return when deleting an api with invalid api id

Please refer: wso2/carbon-apimgt#4278

integration with billing engine

In relation to integration with the billing-engine can you find out how the subscription plans are defined so that it can automatically synchronize with the billing system?
The example gives the user the ability to create plans but this must be the responsibility of the publishers of the api, not to those who consume it.

I would also like to integrate the billing system directly on the store but I see that the old instance is no longer functioning because the code are change below

API Manager v 2.1.0 - WSO2Registry error followed by too many connections exception

Hi,

First of all i would like to congratulate your team for this enormouse platform.

I am using the API Manager version 2.1.0 and and trying to analyze it for production deployment.
In this process I have performed stress api testing on an instance of APi Manager ver 2.1.0 and discovered a memory leak[1] with an exception about too many connection. It seems that at some point of time within some components, the database connections are not closed properly resulting in following exception[1]. This is my perception, then please investigate better by following the steps below.

Operating System : Windows 10 Pro, installed memory 16GB, Intel(R) Core(TM)i7-3740QM CPU @2.70 GHz

Steps to reproduce.

Start an instance of APi manager 2.1.0 (using the configurations in attached zip file api-manager.xml, master-datasources.xml). I downloaded WS02 API manager v 2.1.0 from http://wso2.com/api-management/
I am using Mysql database using driver (mysql-connector-java-5.1.42.jar) copied in components/lib folder.
I created WorldBank - 1.0.0 API - GET (/countries/{code}) following the tutorial provider by publisher component.
I have created apache-jmeter ver 3.2 test file (WorlBankAPITest.jmx, attached) to perform load testing.
The test worked fine until 61793 samples before throwing exception in [1].

Please let me know if something is unclear while trying to reproduce the issue.

Best regards

[1]

[2017-07-25 12:09:18,256] ERROR - WSO2Registry Error while fetching the resource gov:/apimgt/statistics/ga-config.xml
org.wso2.carbon.registry.core.exceptions.RegistryException: Failed to start new registry transaction.
at org.wso2.carbon.registry.core.jdbc.dataaccess.JDBCTransactionManager.beginTransaction(JDBCTransactionManager.java:97)
at org.wso2.carbon.registry.core.jdbc.EmbeddedRegistry.beginTransaction(EmbeddedRegistry.java:443)
at org.wso2.carbon.registry.core.jdbc.EmbeddedRegistry.resourceExists(EmbeddedRegistry.java:631)
at org.wso2.carbon.registry.core.caching.CacheBackedRegistry.resourceExists(CacheBackedRegistry.java:376)
at org.wso2.carbon.registry.core.session.UserRegistry.resourceExistsInternal(UserRegistry.java:774)
at org.wso2.carbon.registry.core.session.UserRegistry.access$800(UserRegistry.java:61)
at org.wso2.carbon.registry.core.session.UserRegistry$9.run(UserRegistry.java:757)
at org.wso2.carbon.registry.core.session.UserRegistry$9.run(UserRegistry.java:754)
at java.security.AccessController.doPrivileged(Native Method)
at org.wso2.carbon.registry.core.session.UserRegistry.resourceExists(UserRegistry.java:754)
at org.wso2.carbon.mediation.registry.WSO2Registry.getResource(WSO2Registry.java:599)
at org.wso2.carbon.mediation.registry.WSO2Registry.getRegistryEntry(WSO2Registry.java:437)
at org.apache.synapse.registry.AbstractRegistry.getResource(AbstractRegistry.java:94)
at org.apache.synapse.config.SynapseConfiguration.getEntry(SynapseConfiguration.java:837)
at org.apache.synapse.core.axis2.Axis2MessageContext.getEntry(Axis2MessageContext.java:259)
at org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtGoogleAnalyticsTrackingHandler.handleRequest(APIMgtGoogleAnalyticsTrackingHandler.java:83)
at org.apache.synapse.rest.API.process(API.java:325)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:90)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:69)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:304)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:78)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:325)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:158)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Too many connections
at sun.reflect.GeneratedConstructorAccessor183.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
at com.mysql.jdbc.Util.getInstance(Util.java:408)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:918)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3973)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:3909)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:873)
at com.mysql.jdbc.MysqlIO.proceedHandshakeWithPluggableAuthentication(MysqlIO.java:1710)
at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1226)
at com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2194)
at com.mysql.jdbc.ConnectionImpl.connectOneTryOnly(ConnectionImpl.java:2225)
at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2024)
at com.mysql.jdbc.ConnectionImpl.(ConnectionImpl.java:779)
at com.mysql.jdbc.JDBC4Connection.(JDBC4Connection.java:47)
at sun.reflect.GeneratedConstructorAccessor180.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at com.mysql.jdbc.Util.handleNewInstance(Util.java:425)
at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:389)
at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:330)
at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)
at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)
at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:701)
at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:635)
at org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:188)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:128)
at org.wso2.carbon.registry.core.jdbc.dataaccess.JDBCTransactionManager.beginTransaction(JDBCTransactionManager.java:80)

1.zip

Publisher Redirection is not correct

In API Manager 3.0.0, when you first navigate to the publisher home page (https://localhost:9292/publisher/), it redirects you to https://localhost:9292/publisher/apis. When there are no APIs in the system this page shows an empty listing. If there are no APIs in the system or if there is none the particular user can see, the system should be redirected to https://localhost:9292/publisher/api/create/home

Putting host address in the Request Target of HTTP requests causes query parameters to be dumped

Request that does not work

tcpdump trace:

# Incoming request

10:05:25.598366 IP 10.254.78.0.43154 > api-manager-rc-9ba3b.8280: Flags [P.], seq 2438838108:2438838564, ack 2130919342, win 985, options [nop,nop,TS val 1606674803 ecr 1606668326], length 456

POST http://apimanager.sid-sec:8280/t/operator.seeed/api/servicemanager/1.0.0/deployments?applicationID=47ec2d04-8969-40ee-a533-2807965914aa HTTP/1.1
Accept-Encoding: gzip, deflate
userAgent: "marketgw-1.0.0-RC3"
Host: apimanager.sid-sec:8280
userID: [email protected]
userGroups: group-public
Authorization: Bearer aaa8192ef297278f85b68bd4a1f8e020
User-Agent: spray-can/1.3.3
Content-Type: application/json; charset=UTF-8
Content-Length: 1


# Outgoing request

10:05:25.878610 IP api-manager-rc-9ba3b.37066 > 10.10.10.237.http: Flags [P.], seq 871498147:871501861, ack 2502574994, win 732, options [nop,nop,TS val 1606675174 ecr 1606668348], length 3714

POST /api/servicemanager/1.0.0/deployments HTTP/1.1
userGroups: group-public
X-JWT-Assertion: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlpESTNOVE5sWWpFMVpEZzNNMlJsTWpreFptTmtZV1prWldWaE1qaG1aamN6WWpoa00yWTVNUSJ9.eyJpc3MiOiJ3c28yLm9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTQ3ODY4NjgyNTg2NiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9zdWJzY3JpYmVyIjoic3Vic2NyaWJlckBvcGVyYXRvci5zZWVlZCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25pZCI6IjIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwcGxpY2F0aW9ubmFtZSI6IlNwYXJrSW5EYXRhR1ciLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwcGxpY2F0aW9udGllciI6IlVubGltaXRlZCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBpY29udGV4dCI6Ii90L29wZXJhdG9yLnNlZWVkL2FwaS9zZXJ2aWNlbWFuYWdlci8xLjAuMCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMC4wIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJPRFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTl9VU0VSIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9lbmR1c2VyIjoiZ2F0ZXdheVVzZXJAb3BlcmF0b3Iuc2VlZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2VuZHVzZXJUZW5hbnRJZCI6IjIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2VtYWlsYWRkcmVzcyI6ImdhdGV3YXlVc2VyQHNwYXJraW5kYXRhLmNvbSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZnVsbG5hbWUiOiJnYXRld2F5VXNlciIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZ2l2ZW5uYW1lIjoiZ2F0ZXdheVVzZXIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2lkZW50aXR5L2FjY291bnRMb2NrZWQiOiJmYWxzZSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvbGFzdG5hbWUiOiJnYXRld2F5VXNlciIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvcm9sZSI6IkFkbWluaXN0cmF0b3IsSW50ZXJuYWwvZXZlcnlvbmUiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL3VzZXJuYW1lIjoiZ2F0ZXdheVVzZXIifQ.J2VvP0IZYhs-tQtc5cY2omnA9LfE6jIwbrrjrnuaa406OLsQ1J2mvJcbRkyggD_RyHm0td2JDNhQRpicP5LS1FwhBSVZZEtOcKe5mm8OJOIUMkT7biitZA7LdfjgUvxPSRE9wzzBZi9eCNF53Bs6laTBDWCU_Uj7XN5w0qcFAyE
assertion: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlpESTNOVE5sWWpFMVpEZzNNMlJsTWpreFptTmtZV1prWldWaE1qaG1aamN6WWpoa00yWTVNUSJ9.eyJpc3MiOiJ3c28yLm9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTQ3ODY4NjgyNTg2NiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9zdWJzY3JpYmVyIjoic3Vic2NyaWJlckBvcGVyYXRvci5zZWVlZCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25pZCI6IjIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwcGxpY2F0aW9ubmFtZSI6IlNwYXJrSW5EYXRhR1ciLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwcGxpY2F0aW9udGllciI6IlVubGltaXRlZCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBpY29udGV4dCI6Ii90L29wZXJhdG9yLnNlZWVkL2FwaS9zZXJ2aWNlbWFuYWdlci8xLjAuMCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMC4wIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJPRFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTl9VU0VSIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9lbmR1c2VyIjoiZ2F0ZXdheVVzZXJAb3BlcmF0b3Iuc2VlZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2VuZHVzZXJUZW5hbnRJZCI6IjIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2VtYWlsYWRkcmVzcyI6ImdhdGV3YXlVc2VyQHNwYXJraW5kYXRhLmNvbSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZnVsbG5hbWUiOiJnYXRld2F5VXNlciIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZ2l2ZW5uYW1lIjoiZ2F0ZXdheVVzZXIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2lkZW50aXR5L2FjY291bnRMb2NrZWQiOiJmYWxzZSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvbGFzdG5hbWUiOiJnYXRld2F5VXNlciIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvcm9sZSI6IkFkbWluaXN0cmF0b3IsSW50ZXJuYWwvZXZlcnlvbmUiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL3VzZXJuYW1lIjoiZ2F0ZXdheVVzZXIifQ.J2VvP0IZYhs-tQtc5cY2omnA9LfE6jIwbrrjrnuaa406OLsQ1J2mvJcbRkyggD_RyHm0td2JDNhQRpicP5LS1FwhBSVZZEtOcKe5mm8OJOIUMkT7biitZA7LdfjgUvxPSRE9wzzBZi9eCNF53Bs6laTBDWCU_Uj7XN5w0qcFAyE
userAgent: "marketgw-1.0.0-RC3"
Accept-Encoding: gzip, deflate
userID: [email protected]
Content-Type: application/json; charset=UTF-8; charset=UTF-8
Transfer-Encoding: chunked
Host: services-manager-2.default:80
Connection: Keep-Alive
User-Agent: Synapse-PT-HttpComponents-NIO

As you can see, the API Manager dumps the query string (?applicationID=47ec2d04-8969-40ee-a533-2807965914aa) when forwarding the request:

POST http://apimanager.sid-sec:8280/t/operator.seeed/api/servicemanager/1.0.0/deployments?applicationID=47ec2d04-8969-40ee-a533-2807965914aa

# gets changed to

POST /api/servicemanager/1.0.0/deployments

Request that does work

Trace produced with the following cURL request:

curl -X POST \
    -H "userID: [email protected]" \
    -H "userGroups: group-public" \
    -H "Authorization: Bearer 7e553f59d4bcfc31c1a385d6d73f9cfe" \
    -H "Accept-Encoding: gzip, deflate" \
    -H 'userAgent: "marketgw-1.0.0-RC3"'\
    -H "Content-Type: application/json; charset=UTF-8" \
    -d "toto"\
    http://apimanager.sid-sec:8280/t/operator.seeed/api/servicemanager/1.0.0/deployments?applicationID=47ec2d04-8969-40ee-a533-2807965914aa

tcpdump trace:

# Incoming request

10:38:08.469938 IP 10.254.78.0.50584 > api-manager-rc-9ba3b.8280: Flags [P.], seq 1:439, ack 1, win 221, options [nop,nop,TS val 1608637675 ecr 1608637764], length 438

POST /t/operator.seeed/api/servicemanager/1.0.0/deployments?applicationID=47ec2d04-8969-40ee-a533-2807965914aa HTTP/1.1
User-Agent: curl/7.38.0
Host: apimanager.sid-sec:8280
Accept: */*
userID: [email protected]
userGroups: group-public
Authorization: Bearer 7e553f59d4bcfc31c1a385d6d73f9cfe
Accept-Encoding: gzip, deflate
userAgent: "marketgw-1.0.0-RC3"
Content-Type: application/json; charset=UTF-8
Content-Length: 4


# Outgoing request

10:38:08.602825 IP api-manager-rc-9ba3b.45728 > 10.10.10.237.http: Flags [P.], seq 1:4318, ack 1, win 221, options [nop,nop,TS val 1608637898 ecr 1608637959], length 4317

POST /api/servicemanager/1.0.0/deployments?applicationID=47ec2d04-8969-40ee-a533-2807965914aa HTTP/1.1
userGroups: group-public
X-JWT-Assertion: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlpESTNOVE5sWWpFMVpEZzNNMlJsTWpreFptTmtZV1prWldWaE1qaG1aamN6WWpoa00yWTVNUSJ9.eyJpc3MiOiJ3c28yLm9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTQ3ODY4Nzk1MDUzMywiaHR0cDovL3dzbzIub3JnL2NsYWltcy9zdWJzY3JpYmVyIjoic3Vic2NyaWJlckBvcGVyYXRvci5zZWVlZCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25pZCI6IjIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwcGxpY2F0aW9ubmFtZSI6IlNwYXJrSW5EYXRhR1ciLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwcGxpY2F0aW9udGllciI6IlVubGltaXRlZCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBpY29udGV4dCI6Ii90L29wZXJhdG9yLnNlZWVkL2FwaS9zZXJ2aWNlbWFuYWdlci8xLjAuMCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMC4wIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJPRFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlciI6InN1YnNjcmliZXJAb3BlcmF0b3Iuc2VlZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2VuZHVzZXJUZW5hbnRJZCI6IjIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2VtYWlsYWRkcmVzcyI6InN1YnNjcmliZXJAc3BhcmtpbmRhdGEuY29tIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9mdWxsbmFtZSI6InN1YnNjcmliZXIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2dpdmVubmFtZSI6InN1YnNjcmliZXIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2lkZW50aXR5L2FjY291bnRMb2NrZWQiOiJmYWxzZSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvbGFzdG5hbWUiOiJzdWJzY3JpYmVyIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9yb2xlIjoiQXBwbGljYXRpb24vc3Vic2NyaWJlcl9EZWZhdWx0QXBwbGljYXRpb25fUFJPRFVDVElPTixBcHBsaWNhdGlvbi9zdWJzY3JpYmVyX3RvdG9fUFJPRFVDVElPTixzdWJzY3JpYmVyLEFwcGxpY2F0aW9uL3N1YnNjcmliZXJfU3BhcmtJbkRhdGFHV19QUk9EVUNUSU9OLEludGVybmFsL2V2ZXJ5b25lLEFwcGxpY2F0aW9uL3N1YnNjcmliZXJfdGVzdF9TQU5EQk9YLEFwcGxpY2F0aW9uL3N1YnNjcmliZXJfdGVzdF9QUk9EVUNUSU9OIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy91c2VybmFtZSI6InN1YnNjcmliZXIifQ.eqouBE9UDMM0sHRi1O9BA2sDOL7M_svmF3ZRboJM7za9CVTZIpg7eWu1bWQrUjk6I88nFD3QsK0PyrG7Rn15jYRvm-NNTg1ONFZ_7nkwBI9JsShdgsipayhl0mSMwK1vyaIY5pUlB8v10Xsyq_28e3N0oGYAbKZHZSd95eIe4QY
Accept: */*
assertion: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlpESTNOVE5sWWpFMVpEZzNNMlJsTWpreFptTmtZV1prWldWaE1qaG1aamN6WWpoa00yWTVNUSJ9.eyJpc3MiOiJ3c28yLm9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTQ3ODY4Nzk1MDUzMywiaHR0cDovL3dzbzIub3JnL2NsYWltcy9zdWJzY3JpYmVyIjoic3Vic2NyaWJlckBvcGVyYXRvci5zZWVlZCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25pZCI6IjIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwcGxpY2F0aW9ubmFtZSI6IlNwYXJrSW5EYXRhR1ciLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwcGxpY2F0aW9udGllciI6IlVubGltaXRlZCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBpY29udGV4dCI6Ii90L29wZXJhdG9yLnNlZWVkL2FwaS9zZXJ2aWNlbWFuYWdlci8xLjAuMCIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEuMC4wIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy90aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJPRFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlciI6InN1YnNjcmliZXJAb3BlcmF0b3Iuc2VlZWQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2VuZHVzZXJUZW5hbnRJZCI6IjIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2VtYWlsYWRkcmVzcyI6InN1YnNjcmliZXJAc3BhcmtpbmRhdGEuY29tIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9mdWxsbmFtZSI6InN1YnNjcmliZXIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2dpdmVubmFtZSI6InN1YnNjcmliZXIiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2lkZW50aXR5L2FjY291bnRMb2NrZWQiOiJmYWxzZSIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvbGFzdG5hbWUiOiJzdWJzY3JpYmVyIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9yb2xlIjoiQXBwbGljYXRpb24vc3Vic2NyaWJlcl9EZWZhdWx0QXBwbGljYXRpb25fUFJPRFVDVElPTixBcHBsaWNhdGlvbi9zdWJzY3JpYmVyX3RvdG9fUFJPRFVDVElPTixzdWJzY3JpYmVyLEFwcGxpY2F0aW9uL3N1YnNjcmliZXJfU3BhcmtJbkRhdGFHV19QUk9EVUNUSU9OLEludGVybmFsL2V2ZXJ5b25lLEFwcGxpY2F0aW9uL3N1YnNjcmliZXJfdGVzdF9TQU5EQk9YLEFwcGxpY2F0aW9uL3N1YnNjcmliZXJfdGVzdF9QUk9EVUNUSU9OIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy91c2VybmFtZSI6InN1YnNjcmliZXIifQ.eqouBE9UDMM0sHRi1O9BA2sDOL7M_svmF3ZRboJM7za9CVTZIpg7eWu1bWQrUjk6I88nFD3QsK0PyrG7Rn15jYRvm-NNTg1ONFZ_7nkwBI9JsShdgsipayhl0mSMwK1vyaIY5pUlB8v10Xsyq_28e3N0oGYAbKZHZSd95eIe4QY
userAgent: "marketgw-1.0.0-RC3"
Accept-Encoding: gzip, deflate
userID: [email protected]
Content-Type: application/json; charset=UTF-8; charset=UTF-8
Transfer-Encoding: chunked
Host: services-manager-2.default:80
Connection: Keep-Alive
User-Agent: Synapse-PT-HttpComponents-NIO

4
toto

Analysis

It turns out that when the host address is present in the Request Target, the API Manager performs some extraction (to separate the host from the REST path and other things), but somehow "forgets" to extract the query parameters.

# works
POST /t/operator.seeed/api/servicemanager/1.0.0/deployments?applicationID=47ec2d04-8969-40ee-a533-2807965914aa

# does not work
POST http://apimanager.sid-sec:8280/t/operator.seeed/api/servicemanager/1.0.0/deployments?applicationID=47ec2d04-8969-40ee-a533-2807965914aa

Definition of the Request Target: RFC 7230 - section 5.3

So the exact description of the bug is that the API Manager does not support absolute-form Request Targets (only origin-form).

1.10.x build issue

There are no carbon.apimgt.version=5.0.5-SNAPSHOT, but after i changed to use 5.0.4, it reported below issue:

[INFO] --- carbon-p2-plugin:1.5.4:p2-profile-gen (p2-profile-generation-for-api-key-manager-profile) @ am-p2-profile ---
...
Installation failed.The installable unit org.wso2.carbon.apimgt.keymanager.feature.group/5.0.4 has not been found.

Application failed, log file location: D:\java-dev-tools\Maven\repository\org\eclipse\tycho\tycho-p2-runtime\0.13.0\eclipse\configuration\1469763788983.log

Publisher imple's isDocumentExists() check includes document source type and that cause issues.

There is an issue in API documentation update publisher impl. When trying to update the document source type it checks whether the API exists with the updating doc info. This brings an issue as the isDocumentExists function compares also the document source type (INLINE/URL/FILE). This returns false always as the document source type is changed now. So whenever we try to update a document source type, it throws an exception saying the document doesn't exist. isDocumentExist() method obviously doesn't need to check the document source type. Checking for other unique values is sufficient.

Where to put language files ?

Hello,

I made a french translation of the API manage store.

I would like to make the community benefit from this translation by integrating it into the deliverable of the api manager. However, after retrieving several GIT repositories I can not find where to drop those files (locale_fr.json and i18nResources_fr.json ).

Could you tell me in which GIT repository and in which directory I can push these files?

Thank you.

Regards,

Fabien T

I want

Blacklist Throttling Policy With IP Range Supporting

Blacklist condition/Block conditions in APIM 2.1.0 were limited to
-API Context,
-User
-Application
-Single IP

As an improvement IP range should be added to make blacklist/block conditions. When you provide starting IP and ending IP, those two IPs should be validated and added as block condition.

Couldn't edit the call back URL of an application, when that application shared among few users

I have followed the below steps to reproduce the issue.

Configure the APIM to sharing the applications and subscriptions among the users by following the steps mentioned in document [1].
Signup two users (user1 and user2) into API store with same organization name.
Create an application via user1 and add a callback URL and generate the production key.
Sign in to the API Store via user2 and can see the created application in step 3.
Edit the application name, tier of the created application in step 3 (via user2) without any issue.
When I tried to edit the callback URL of the application, via user2, I could see the attached exception in API manager and due to that
we can't edit the callback URL of the application via user2.

[1] - https://docs.wso2.com/display/AM200/Sharing+Applications+and+Subscriptions

[C5][Publisher][UI] LifeCycle State Change is denoted as opposite of it in the UI

The Lifecycle state change denoted is incorrect as it denote the opposite of the state change.

Changing LC from Undefined to created is denoted as Changing LC from created to undefined.
Changing LC from Created to Published is denoted as Changing LC form Published to created.

Please see the below snapshot for more details.

Test and certify functionality with latest postgresql

Is it possible to test and verify API Manager (2.1) with postgresql latest verison ( 9.6.x )

Sample API: Cannot subscribe to PizzaShackAPI - 1.0.0

When I hit subscribe, it gives the following erorror message.

What Can I do for that? I am a beginner for API manager.

wso2am-2.0.1-SNAPSHOT modify subscription tier save error

I run wso2 apim 2.0.1 snapshot on windows, and when i modify subscription tier and save, it report below exception, and although the bill plan changed , but the API still display FREE label.

 [2016-08-12 15:30:02,504] ERROR - EventProcessorAdminService Error while deleting the execution plan file
org.wso2.carbon.event.processor.core.exception.ExecutionPlanConfigurationException: Error while deleting the execution plan file
        at org.wso2.carbon.event.processor.core.internal.util.EventProcessorConfigurationFilesystemInvoker.delete(EventProcessorConfigurationFilesystemInvoker.java:124)
        at org.wso2.carbon.event.processor.core.internal.CarbonEventProcessorService.editActiveExecutionPlan(CarbonEventProcessorService.java:168)
        at org.wso2.carbon.event.processor.admin.EventProcessorAdminService.editActiveExecutionPlan(EventProcessorAdminService.java:94)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:497)
        at org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
        at org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
        at org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
        at org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
        at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
        at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:173)
        at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146)
        at org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
        at org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
        at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
        at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter.java:88)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.ui.filters.CSRFPreventionFilter.doFilter(CSRFPreventionFilter.java:88)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.ui.filters.CRLFPreventionFilter.doFilter(CRLFPreventionFilter.java:59)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
        at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
        at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
        at org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48)
        at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
        at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
        at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
        at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1749)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1708)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.nio.file.InvalidPathException: Illegal char <:> at index 2: /D:/emman/PROJECT/AA/apimgmt/wso2am-2.0.1-SNAPSHOT/repository/deployment/server/\executionplans
        at sun.nio.fs.WindowsPathParser.normalize(WindowsPathParser.java:182)
        at sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:153)
        at sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:77)
        at sun.nio.fs.WindowsPath.parse(WindowsPath.java:94)
        at sun.nio.fs.WindowsFileSystem.getPath(WindowsFileSystem.java:255)
        at java.nio.file.Paths.get(Paths.java:84)
        at org.wso2.carbon.event.processor.core.internal.util.EventProcessorUtil.validateFilePath(EventProcessorUtil.java:387)
        at org.wso2.carbon.event.processor.core.internal.util.EventProcessorConfigurationFilesystemInvoker.delete(EventProcessorConfigurationFilesystemInvoker.j
ava:109)
        ... 65 more
[2016-08-12 15:30:02,539] ERROR - ThrottlePolicyDeploymentManager Error while deploying policy to global policy server.Error while deleting the execution plan file
[2016-08-12 15:30:02,541]  INFO - subscription-policy-edit:jag SubscriptionPolicy [policyName=Gold, description=Allows 5000 requests per minute, defaultQuotaPolicy=QuotaPolicy [type=requestCount, limit=RequestCountLimit [requestCount=5000,
toString()=Limit [timeUnit=min, unitTime=1]]]rateLimitCount=-1, tenantId=-1234,ratelimitTimeUnit=NA]

Open redirect in redirect.gag

We get open redirect on APIM_HOME/repository/deployment/store/site/themes/wso2/templates/user/sign-up/redirector.jag
https://localhost:9443/store/site/themes/wso2/templates/user/sign-up/redirector.jag?redirectToHome=http%3A%2F%2F1432024300%2Fa%3F%2Fstore&tenant=null
API Manager 2.1.0
Can I make only context redirects (like a /store/somewhere) or restrict them to a domain name(s)?

Delete buttons are not working in Parameters of API definition (script error)

Environment

Product: wso2am-2.1.0 (for Windows x64)
Access URL (in local): https://localhost:9443/publisher/design?name=WorldBank&version=1.0.0&provider=admin

Description

Script error occurs when clicking delete buttons in Parameters panel.
Although objects and parameters are assigned and they are verified in Chrome Inspector, It can not read property. I have attached two screenshots on this issue.

Advanced Endpoint Configuration Unable to Save

I'm currently test driving WSO2 API Manager 2.0.0. I'm trying to save changes to the Advanced Endpoint Configuration under step 2 of the API creation (from the publishing portal), but I'm not seeing the changes being saved. You can access the Advanced Endpoint Configuration by clicking the "setting" icon either in Production Endpoint row or Sandbox Endpoint row.

[C5][Publisher] ExportAPI does not export APIs with no endpoints

The API for exporting APIs [3] return "API Not Found" for APIs that have no endpoints.

Related source files:

UI - add_tenant.jsp not rendering properly after logging in to carbon console with user - [email protected]

I observed a bug in wso2 after changing username from admin to [email protected]. The reason for doing this is to support Signature validation in dedicated mode.

OBSERVATION:

After making the change, when I logged in to carbon console to add a new tenant, the add_tenant.jsp https://localhost:9443/carbon/tenant-mgt/add_tenant.jsp page does not render properly.

The difference is that email address input is not displayed in the UI. So, when I try to submit the form, it gives a pop up saying “Please enter a valid email address.” (checked in Chrome and Mozilla)

Please find the attached screenshots to see the difference before change and after change.

AFFECT:

With [email protected], we would not be able to add a new tenant in WSO2 from UI. I don’t know whether it will work from api or not. Consequently, we would have to change back the user to admin for adding a new tenant and republish all the APIs which would be unnecessary overhead.

Please look into this issue and let me know the alternatives.

Who can provide the the downloading URL of API Manager 2.0.0

Call mediator

Hello,

I would like to know how the call mediator works??

Is it able to really call external API?

[UI][React] propType warning due to using deprecated API

Getting following warning message for using deprecated propType API in here (and several other places)

Warning: Accessing PropTypes via the main React package is deprecated. Use the prop-types package from npm instead.

As stated in documentation we would need to use the prop-types library instead.

Integration with service registry

APIM Gateway Routes client calls to services.
My requirement is to let APIM Gateway gets services locations from the service registry (Eureka, Apache Zookeeper, Consul, Etcd ...)

Is that possible?
Have you considered or planned this possibility?

see : wso2/msf4j#274 (comment)

Use Carbon Metrics in API Manager

We need to use Carbon Metrics and add useful metrics in the WSO2 API Manager to understand runtime behavior.

Providing support for changing application owner in APIM

In APIM 2.0.0 does not have a support to move application owner after creates the application. As per the use case, there should be a way to change existing application owner at least via the super admin or person who having admin privileges. Currently, there are two workarounds to achieve this.

adding same "organization" claim group to multiple users and then uses can share the subscription.
change the application owner in DB level.

But it is good to have feature support from UI level.

Thanks,
Chamara Silva

java.lang.IllegalStateException: I/O reactor has been shut down

We recently stood up a API manager 2.0 cluster and started running performance/load testing. At around 10K users we start seeing the below error and everything stops working. We have each component (key manager (1), traffic manager (1), gateway manager (1), gateway workers (3)) in a distributed state.

TID: [-1234] [] [2016-09-08 15:21:05,414] ERROR {org.apache.synapse.core.axis2.Axis2Sender} -  Unexpected error during sending message out {org.apache.synapse.core.axis2.Axis2Sender}
java.lang.IllegalStateException: I/O reactor has been shut down
    at org.apache.http.util.Asserts.check(Asserts.java:34)
    at org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor.connect(DefaultConnectingIOReactor.java:225)
    at org.apache.synapse.transport.passthru.connections.TargetConnections.getConnection(TargetConnections.java:97)
    at org.apache.synapse.transport.passthru.DeliveryAgent.submit(DeliveryAgent.java:159)
    at org.apache.synapse.transport.passthru.PassThroughHttpSender.invoke(PassThroughHttpSender.java:255)
    at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
    at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:185)
    at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:167)
    at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
    at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:566)
    at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:78)
    at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:544)
    at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:382)
    at org.apache.synapse.endpoints.HTTPEndpoint.send(HTTPEndpoint.java:85)
    at org.apache.synapse.mediators.builtin.SendMediator.mediate(SendMediator.java:118)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:95)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:57)
    at org.apache.synapse.config.xml.AnonymousListMediator.mediate(AnonymousListMediator.java:37)
    at org.apache.synapse.mediators.filters.FilterMediator.mediate(FilterMediator.java:203)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:95)
    at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:57)
    at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
    at org.apache.synapse.rest.Resource.process(Resource.java:325)
    at org.apache.synapse.rest.API.process(API.java:399)
    at org.apache.synapse.rest.RESTRequestHandler.apiProcess(RESTRequestHandler.java:125)
    at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:101)
    at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:69)
    at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:300)
    at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:75)
    at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
    at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:319)
    at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:152)
    at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

How to Intergrate?

I have a JAX-RS based RESTful web server. Now, I want put the WSO2 API Manager infront of it.
Can any one help by point out to some document to see how this can be done? I want this because I want REST APIs exposed by my REST Server to be authenticated and access controlled (RBAC). Any help on how to do this?

Also, what is the database associated with the WSO2 API manager stores? Is it to store the APIs with Access rights, Analytics of the WSO2 API Manager etc?

Any pointers would be of much help? I went through the video, but certain things are not clear. I want to integreate this with my REST Server only.

Please let me know.

I cannot login to carbon admin UI

I installed WSO2 AM(API Manager) 1.10.0 and used the user-mgt.xml from working AM 1.9.0 with LDAP enabled, but now I cannot login to carbon admin UI.

Please refer to this question:
http://stackoverflow.com/questions/38167243/i-installed-wso2-amapi-manager-1-10-0-and-used-the-user-mgt-xml-from-working-a

Any help is appreciated.

Error thrown when adding inline content to a INLINE type document

This error was occurred in function getDocumentationContent() in AbstractAPIManager.java when tried to view the inline content of a INLINE type doc. It is because the inline content value is null, when the document is just added. As the fix, we can add empty String as the inline content of the document, once the document is added. So the inline content is not null initially.

Throttling Limits does not work

SO2 API Manager 2.0.0 form source code，Throttling Limits does not work， Neither subscription nor app throttling policies are working

React.js based Publisher webapp with API creation and lifecycle management

How to configure APIGateway Environment in Publisher after clustering the gateway?

How to configure the ServerURL and GatewayEndpoint in Publisher and Store in clustering mode?

<Name>Production and Sandbox</Name>
<Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
<!-- Server URL of the API gateway -->
<ServerURL>https://localhost:${mgt.transport.https.port}${carbon.context}services/</ServerURL> gateway-manager host?
<!-- Admin username for the API gateway. -->
<Username>${admin.username}</Username>
<!-- Admin password for the API gateway.-->
<Password>${admin.password}</Password>
<!-- Endpoint URLs for the APIs hosted in this API gateway.-->
<GatewayEndpoint>http://${carbon.local.ip}:${http.nio.port},https://${carbon.local.ip}:${https.nio.port}</GatewayEndpoint>gateway-worker host?

Best Regards,
Leo

apim & iac

I think it would be outstanding to manage my published API as IaC so when my app changes in continuous delivery, so could the published API... and to limit the time in the web gui.

Terraform is a choice provisioner. Is WSO2 interested in creating an official Terraform Provider for APIM?

[C5][Publisher][UI] Fails to mount NavBar component in older browsers

Please refer the following issue for more details

Java NullPointer Exception -> when hitting a http://api/rsources/5*

Hi,

I am not sure if this is the right issue tracker because I acounter a strange behavior which I could not resolve or find any other useful information. We are running wso2 1.1.0.

A customer accessed one of the API's with an asterisk at the end (http://api/rsources/5*) the same applies also for the bang (!) at the end. He received the famous 0 Contant message in Swagger Console within the api mgmt.

It looks like the swagger console executes a preflight OPTIONS request to call to a wild card (*).

In the log file I found following Exception that this case is not handled gracefully.

Is this something other folks have encountered. Is this a configuration issue or what would be the best practise to prevend this.

`Java NullPointer Exception im Log-File

TID: [-1234] [] [2017-01-25 09:12:42,714] ERROR {org.apache.synapse.transport.passthru.ServerWorker} - Error processing OPTIONS reguest for : /fasta/v1/stations/7*. Error detail: null. {org.apache.synapse.transport.passthru.ServerWorker}
java.lang.NullPointerException
at org.apache.synapse.transport.passthru.Pipe$ByteBufferInputStream.waitForData(Pipe.java:418)
at org.apache.synapse.transport.passthru.Pipe$ByteBufferInputStream.read(Pipe.java:390)
at java.io.InputStream.read(InputStream.java:101)
at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1792)
at org.apache.commons.io.IOUtils.copyLarge(IOUtils.java:1769)
at org.apache.commons.io.IOUtils.copy(IOUtils.java:1744)
at org.apache.synapse.transport.passthru.util.RelayUtils.consumeAndDiscardMessage(RelayUtils.java:300)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleAuthFailure(APIAuthenticationHandler.java:196)
at org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler.handleRequest(APIAuthenticationHandler.java:161)
at org.apache.synapse.rest.API.process(API.java:322)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:86)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:65)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:295)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:83)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:317)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:149)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)`

Any help would be much appreciated...

Best
Felix

where the apimgt 7.0.0-snapshot

Hi,
For c5 branch, where can I find the apimgt 7.0.0-snapshot.jar.
I want to compile the c5 branch.

liuhf

Allow update source type of documents attached to an API

Currently cannot update the document source type. It logs error if tried. (In 2.1.0 too this was allowed.)

Localization problem

Hi,
When I tried to do localization in client-side Javascript files. I found that i18n.t() cannot translate strings with . and :. i18n treats . and : as special chareacters to split the original strings by default. And wso2 doesn't pass any arguement to override the default options.

What I did is changing the default options in i18next-1.5.9.js.

  63     var o = {
  64         lng: undefined,
  65         load: 'all',
  66         preload: [],
  67         lowerCaseLng: false,
  68         returnObjectTrees: false,
  69         fallbackLng: 'dev',
  70         detectLngQS: 'setLng',
  71         ns: 'translation',
  72         nsseparator: ':',
  73         keyseparator: '.',
  74         selectorAttr: 'data-i18n',
  75         debug: false,
  76

Ant messages are hidden by the page header

Please refer: wso2/carbon-apimgt#4273

Check the need for the resource /apis/{apiId}/gateway-config on the publisher REST API

A resource as /apis/{apiId}/gateway-config exists on the Publisher API. Need to check whether we need this for real.

Editing API's document which is of 'File' type gives errors.

(In the publisher, in a document of an API) Editing source type 'file' documents gives an error. We cannot edit a 'file' type document without changing(or re adding) the file. For instance, if we edit only the summary of such a document, but didn't change the source file, then the file name of that document becomes null. Then after that if we view the document and try to download it, it will be downloaded as 'null' file name.

Default label not attached when creating an API without specifying a label

Due to this, such APIs cannot be invoked since they are not deployed in any gateway.

We need to attach Default label if an API is created without a label,

Compatible workflow packs to be deployed in Enterprise Integrator

Regarding issue wso2/product-ei#78, due to the file structure changes in business-process component of EI, need workflow packs that are created to fit the updated file path.

"pizza-shack-api" folder has gone missing

The <APIM_HOME>/samples/PizzaShack/pizza-shack-api folder has gone missing since API Manager 2.0.0. Looks like the folder has gone missing in the master branch, but still exists in the 1.10.x branch. Please merge it back into master.

csrftoken validation fail.

the csrftoken parameters is not validation at the server side for null values. For Instance, If the user sends request with csrftoken completely removed is successfully processed by the server. Apparently. X-CSRFToken header is not used within the admin console. This void the usage of csrftoken throughout the application.

Can you please release a patch for this ?

Info log in GW after successful connection to APIM core

We need to put info log on $subject. If its retrying.... it should also print some info logs.

API to export execution plans generated from throttle policies

Invoking this API will get the available throttle policies from the database and generate Siddhi execution plans for each policy. Each execution plan will be writ tent to "
{execution plan.name}
.siddhi" file and an archive will be created containing all the execution plans files.

Secondary UserStore users cannot login to admin-dashboard using the username

Please find the below steps to recreate the issue.

Add secondary user store(wso2.com) to apim server
Create new role giving the permission to access admin dashboard.
Create new user(testuser) in secondary user store and assign the role to the user.
Try to logging to the system with new user credentials.

Expected Behaviour: user should be able to login, since he has required permissions.

Actual Behaviour:
user cannot login to the admin dashboard with,

username = testuser

but he can login with with the domain id as below,

username = WSO2.COM/testuser

email field

in the carbon application of rc3 version in this moment i can't see the email field when i add a tenant in the file
add_tenant.jsp