All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: https://wso2.org/jira/browse/DOCUMENTATION-7625

...

Given below is an example implementation:. Please find the complete project archive org.wso2.carbon.test.authenticator.zip. You can download, unzip and build the project using maven and Java 7/8. 

Code Block
languagehtml/xml
package org.wso2.carbon.test;

import org.apache.synapse.MessageContext;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.AbstractHandler;

import java.util.Map;

public class CustomAPIAuthenticationHandler extends AbstractHandler {

    public boolean handleRequest(MessageContext messageContext) {
        try {
            if (authenticate(messageContext)) {
                return true;
            }
        } catch (APISecurityException e) {
            e.printStackTrace();
        }
        return false;
    }

    public boolean handleResponse(MessageContext messageContext) {
        return true;  
    }

    public boolean authenticate(MessageContext synCtx) throws APISecurityException {
        Map headers = getTransportHeaders(synCtx);
        String authHeader = getAuthorizationHeader(headers);
        if (authHeader.startsWith("userName")) {
            return true;
        }
        return false;
    }

    private String getAuthorizationHeader(Map headers) {
        return (String) headers.get("Authorization");
    }

    private Map getTransportHeaders(MessageContext messageContext) {
        return (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext().
                getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
    }
}

Engaging the custom handler

  1. Build the custom authenticaor code downloaded previously, and copy the resulting jar to <API-M_HOME>/repository/components/dropins directory.
  2. Engage the custom handler using the API template as explained below:
    You can engage a custom handler to all APIs at once or only to selected APIs. To engage a custom handler to APIs, you need to add the custom handler with its logic in the <APIM_HOME>/repository/resources/api_templates/velocity_template.xml

...

  1.  file

    Note

    It is not recommended to update the API source code via the source view UI or file system when engaging a custom handler to selected APIs, because the customizations get overridden by the publisher updates. 

    For example, the following code segment adds the custom authentication handler that you wrote earlier to

...

  1. the velocity_template.xml file while making sure that it skips the default  APIAuthenticationHandler  implementation:

    Code Block
    <handler class="org.wso2.carbon.apimgt.custom.authentication.handler.CustomAPIAuthenticationHandler" />
           #foreach($handler in $handlers)
              #if(!($handler.className == "org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"))
               <handler xmlns="http://ws.apache.org/ns/synapse" class="$handler.className">
                #if($handler.hasProperties())
                    #set ($map = $handler.getProperties() )
                    #foreach($property in $map.entrySet())
                        <property name="$!property.key" value="$!property.value"/>
                    #end
                #end
               </handler>
             #end
            #end
    </handlers>

    You can select to which API(s) you need to engage the handler. Given below is an example of adding only the CustomAPIAuthenticationHandler to the sample PizzaShackAPI.

    Code Block
    languagexml
    <handlers xmlns="http://ws.apache.org/ns/synapse">
    #if($apiName == 'admin--PizzaShackAPI')
        <handler class="org.wso2.carbon.sample.auth.CustomAPIAuthenticationHandler"/>
    #end
    #foreach($handler in $handlers)
        #if($apiName != 'admin--PizzaShackAPI' || !($handler.className == "org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"))
            <handler xmlns="http://ws.apache.org/ns/synapse" class="$handler.className">
                #if($handler.hasProperties())
                    #set ($map = $handler.getProperties() )
                    #foreach($property in $map.entrySet())
                        <property name="$!property.key" value="$!property.value"/>
                    #end
                #end
            </handler>
        #end
    #end
    </handlers>
  2. Restart the API Manager server.