All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fixed an incorrect path DOCUMENTATION-8196

This section explains how to attach a custom workflow to the application creation operation in the WSO2 API Manager (WSO2 API-M). First, see Workflow Extensions for information on different types of workflow executors.

Attaching a custom workflow to application creation allows you to control the creation of applications within the Store. An application is the entity that holds a set of subscribed  API's that would be accessed by a authorization key specified for that praticular application. Hence, controlling the creation of these applications would be a decision based on the oragnization's requirement. Some example use cases would be

  • Review the information of the application by a specific reviewer before the application is created.
  • The application creation would be offered as a paid service.
  • The application creation should be allowed only to users who are in a specific role.
Localtab Group
Localtab
activetrue
idUsingEI
titleUsing WSO2 EI
Note

Note that this documentation is based on WSO2 EI 6.1.1

Tip

Before you begin, if you have changed the API Manager's default user and role, make sure you do the following changes:

  • Give the correct credentials in the <BPS_HOME>/repository/conf/epr files.
    • Change the credentials of the workflow configurations in the registry resource _system/governance/apimgt/applicationdata/workflow-extensions.xml.
    • Point the database that has the API Manager user permissions to
    BPS
    • EI.
    • Share any LDAPs
    , if exist.
  • Change the user credentials in <APIM_HOME>/repository/conf/api_manager.xml file.
  • Change the .ht file of the relevant human task.
  • Change the allowedRoles parameter in the <APIM_HOME>/repository/deployment/server/jaggeryapps/admin/site/conf/site.json file.
    • that exist.
    • Unzip the <API-M>/business-processes/application-creation/HumanTask/ApplicationsApprovalTask-1.0.0.zip file, update the role as follows in the ApplicationsApprovalTask.ht file,

      Code Block
      titleFormat
      <htd:argument name="role">    
      	[new-role-name]
      </htd:argument> 
    • Zip the ApplicationsApprovalTask-1.0.0 folder.

    Configuring the Business Process Server

    1. Download WSO2 Enterprise Integrator.  Please note that this documentation is based on WSO2 EI 6.1.1.

      Tip

      Before you begin configuring EI, please update your EI 6.1.1 pack using WUM. For more information, see Updating WSO2 Products.

      • Import the EI server's public cert into the API-M's client-trustore.jks keystore. For instructions on importing, see Creating New Keystores.
    2. Set an offset of 2 to the default EI port in <EI_HOME>/wso2/business-process/conf/carbon.xml file. This prevents port conflicts that occur when you start more than one WSO2 product on the same server. For more information, see Changing the Default Ports with Offset

      Code Block
      languagexml
      <Offset>2</Offset>
      Tip

      Tip: If you change the EI port offset to a value other than 2 or run WSO2 API-M and WSO2 EI on different machines (therefore, want to set the hostname to a different value than localhost), you need to search and replace the value 9765 in all the files ( .epr ) inside the <API-M_HOME>/business-processes directory with the new port (i.e., the value of 9763 + <port-offset>).

    3. Open the <EI_HOME>/wso2/business-process/conf/humantask.xml  file and <EI_HOME>/wso2/business-process/conf/b4p-coordination-config.xml file and set the TaskCoordinationEnabled property to true.

      Code Block
      languagexml
      <TaskCoordinationEnabled>true</TaskCoordinationEnabled>
    4. Copy the following from the <API-M_HOME>/business-processes/epr directory to the <EI_HOME>/wso2/business-process/repository/conf/epr directory. 

      Note
      • If the <EI_HOME>/wso2/business-process/repository/conf/epr  directory does not exist, create it. 

      • Make sure to give the correct credentials in the  <EI_HOME>/wso2/business-process/repository/conf/epr  files.


      • Update the <EI_HOME>/business-processes/epr/ApplicationCallbackService.epr file according to API Manager.

        Code Block
        <wsa:Address>https://localhost:8243/services/WorkflowCallbackService</wsa:Address>
      • Update the <EI_HOME>/business-processes/epr/ApplicationService.epr file according to EI.

        Code Block
        <wsa:Address>http://localhost:9765/services/ApplicationService</wsa:Address>
    5.  Start the EI server and sign in to its management console (https://<Server Host>:9443+<port offset>/carbon).

      Warning

      If you are using Mac OS with High Sierra, you may encounter following warning when login into the Management console due to a compression issue exists in High Sierra SDK.

      Code Block
      WARN {org.owasp.csrfguard.log.JavaLogger} -  potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:xxx.xxx.xx.xx, method:POST, uri:/carbon/admin/login_action.jsp, error:required token is missing from the request)

      To avoid this issue open the <EI_HOME>/wso2/business-processconf/tomcat/catalina-server.xml file and change the compression="on" to compression="off" in Connector configuration.Restart the EI server.

    6. Select Processes > Add and upload the <API-M_HOME>/business-processes/application-creation/BPEL/ApplicationApprovalWorkFlowProcess_1.0.0.zip file to EI. 
      This is the business process archive file.
      Image Added
    7. Select Add under the Human Tasks menu and upload the <API-M_HOME>/business-processes/application-creation/HumanTask/ApplicationsApprovalTask-1.0.0.zip file to EI. 
      This is the human task archived file.
    Localtab
    idUsingBPS
    titleUsing WSO2 BPS
    Tip

    Before you begin, if you have changed the API Manager's default user and role, make sure you do the following changes:

    • Change the credentials of the workflow configurations in the registry resource _system/governance/apimgt/applicationdata/workflow-extensions.xml.
    • Point the database that has the API Manager user permissions to BPS.
    • Share any LDAPs, if exist.
    • Unzip the <API-M>/business-processes/application-creation/HumanTask/ApplicationsApprovalTask-1.0.0.zip file, update the role as follows in the ApplicationsApprovalTask.ht file, and ZIP the ApplicationsApprovalTask-1.0.0 folder.

      Code Block
      titleFormat
      <htd:argument name="role">    
      	[new-role-name]
      </htd:argument> 

    Configuring the Business Process Server

    1. Download WSO2 Business Process Server.

    ...

    1. Set an offset of 2 to the default BPS port in <BPS_HOME>/repository/conf/carbon.xml file. This prevents port conflicts that occur when you start more than one WSO2 product on the same server.

    ...

    1. For more information, see Changing the Default Ports with Offset

      Code Block
      languagexml
      <Offset>2</Offset>
      Tip

      Tip: If you change the BPS port offset to a value other than 2 or run

    ...

    1. WSO2 API

    ...

    1. -M and WSO2 BPS on different machines (therefore, want to set the hostname to a different value than localhost), you

    ...

    1. need to search and replace the value 9765 in all the files ( .epr ) inside the <APIM_HOME>/business-processes

    ...

    1. directory with the new port (i.e., the value of 9763 +

    ...

    1. <port-offset>).

    2. Open

    ...

    1. the <BPS_HOME>/repository/conf/humantask.xml

    ...

    1.  file and <BPS_HOME>/repository/conf/b4p-coordination-config.xml

    ...

    1.  file and set

    ...

    1. the TaskCoordinationEnabled

    ...

    1.  property to true.

      Code Block
      languagexml
      <TaskCoordinationEnabled>true</TaskCoordinationEnabled>
    2. Copy the following from

    ...

    1. the <API-M_HOME>/business-processes/epr

    ...

    1.  directory to

    ...

    1. the <BPS_HOME>/repository/conf/epr

    ...

    1.  directory. 
      If the <BPS_HOME>/repository/conf/epr

    ...

    1.  directory does not exist, create it. 

    ...

    • ApplicationService.epr
    • ApplicationCallbackService.epr

    ...

    1. Note

      Make sure to give the correct credentials in the  <BPS_HOME>/repository/conf/epr  files.

      • Update the <API-M_HOME>/business-processes/epr/ApplicationCallbackService.epr file according to API Manager.

        Code Block
        <wsa:Address>https://localhost:8243/services/WorkflowCallbackService</wsa:Address>
      • Update the <API-M_HOME>/business-processes/epr/ApplicationService.epr file according to BPS.

        Code Block
        <wsa:Address>http://localhost:9765/services/ApplicationService</wsa:Address>
    2. Start the BPS server and sign in to the management console (https://<Server Host>:9443+<port-offset>/carbon).   

    ...

    1. Warning

      If you are using Mac OS with High Sierra, you may encounter following warning when login into the Management console due to a compression issue exists in High Sierra SDK.

      Code Block
      WARN {org.owasp.csrfguard.log.JavaLogger} -  potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:xxx.xxx.xx.xx, method:POST, uri:/carbon/admin/login_action.jsp, error:required token is missing from the request)

      To avoid this issue open <BPS_HOME>/repository/conf/tomcat/catalina-server.xml and change the compression="on" to compression="off" in Connector configuration and restart the BPS.

    2. Select Processes > Add and upload

    ...

    1. the <APIM_HOME>/business-processes/application-creation/BPEL/ApplicationApprovalWorkFlowProcess_1.0.0.zip

    ...

    1.  file to BPS. 
      This is the business process archive file.

    ...

    1. Image Added

    ...

    1. Select Add under

    ...

    1. the Human Tasks

    ...

    1.  menu and upload

    ...

    1. the <APIM_HOME>/business-processes/application-creation/HumanTask/ApplicationsApprovalTask-1.0.0.zip

    ...

    1.  file to BPS. 
      This is the human task archived file.


    Configuring

    ...

    WSO2 API Manager

    Open the <APIM<API-M_HOME>/repository/deployment/server/jaggeryapps/admin/site/conf/site.json file and configure "workFlowServerURL" under "workflows" to point to the EI/BPS server (e.g."workFlowServerURL": "https://localhost:9445/services/")

    ...

    First, enable the application creation workflow.

    1. Log Sign in to APIM WSO2 API-M management console (https://<Server-Host>:9443/carbon) and select Browse under Resources.
    2. Go to the /_system/governance/apimgt/applicationdata/workflow-extensions.xml resource, disable the Simple Workflow Executor, and enable WS Workflow Executor. Also In addition, specify the service endpoint where the workflow engine is hosted and the credentials required to access the said service via basic authentication (i.e., username/password based authentication).

      Code Block
      languagehtml/xml
      <WorkFlowExtensions>
      ...
          <ApplicationCreation executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationCreationWSWorkflowExecutor">
               <Property name="serviceEndpoint">http://localhost:9765/services/ApplicationApprovalWorkFlowProcess/</Property>
               <Property name="username">admin</Property>
               <Property name="password">admin</Property>
               <Property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</Property>
          </ApplicationCreation>
      ... 
      </WorkFlowExtensions>
      Tip

      Note that all All the workflow process services of the EI/BPS run on port 9765 because you changed its default port (9763) with an offset of 2.

      The application creation WS Workflow Executor is now engaged.

    3. Go to the API Store, click Applications and create a new application.
      It invokes the application creation process and creates a Human Task instance that holds the execution of the BPEL process until some action is performed on it.    
      Note the message that appears You will see the following application details stating "Waiting for approval" if the BPEL is invoked correctly, saying indicating that the request is successfully submitted. 
      Log Image Added

    4. Also, if you go to the application listing page, you will see the status of the application is stated as "INACTIVE(Waiting for approval)"

      Image Added

    5. Sign in to the Admin Portal (https://localhost:9443/admin), list all the tasks for application creation and approve the task. It resumes the BPEL process and completes the application creation.

    6. Go back to the Applications page on the in WSO2 API Store and see the created application. 

      Whenever a user tries to create an application in the API Store, a request is sent to the workflow endpoint. Given below is a sample:

      Code Block
      languagehtml/xml
      <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wor="http://workflow.subscription.apimgt.carbon.wso2.org">
         <soapenv:Header />
         <soapenv:Body>
            <wor:createApplication xmlns:wor="http://workflow.application.apimgt.carbon.wso2.org">
               <wor:applicationName>application1</wor:applicationName>
               <wor:applicationTier>Gold</wor:applicationTier>
               <wor:applicationCallbackUrl>http://webapp/url</wor:applicationCallbackUrl>
               <wor:applicationDescription>Application 1</wor:applicationDescription>
               <wor:tenantDomain>wso2.com</wor:tenantDomain>
               <wor:userName>user1</wor:userName>
               <wor:workflowExternalRef>c0aad878-278c-4439-8d7e-712ee71d3f1c</wor:workflowExternalRef>
               <wor:callBackURL>https://localhost:8243/services/WorkflowCallbackService</wor:callBackURL>
            </wor:createApplication>
         </soapenv:Body>
      </soapenv:Envelope>

      Elements of the above configuration are described below:

      ElementDescription
      applicationName
      Name of the application the user creates.
      applicationTier
      Throttling tier of the application.
      applicationCallbackUrl
      When the OAuth2 Authorization Code grant type is applied, this is the endpoint on which the callback needs to happen after the user is authenticated. This is an attribute of the actual application registered on the API Store.
      applicationDescription
      Description of the application
      tenantDomain
      Tenant domain associated with the application (domain of the user creating the application).
      userName
      username
      Username of the user creating the application.
      workflowExternalRef
      The unique reference against which a workflow is tracked. This needs to be sent back from the workflow engine to the API Manager at the time of workflow completion.
      callBackURL

      At the time of workflow completion, the workflow engine sends the workflow-completion request

      is sent

      to this URL

      by the workflow engine

      . This property is configured in the <callBackURL> element in the api-manager.xml file.