Page History
...
Given below is an example implementation:. Please find the complete project archive org.wso2.carbon.test.authenticator.zip. You can download, unzip and build the project using maven and Java 7/8.
Code Block | ||
---|---|---|
| ||
package org.wso2.carbon.test; import org.apache.synapse.MessageContext; import org.apache.synapse.core.axis2.Axis2MessageContext; import org.apache.synapse.rest.AbstractHandler; import java.util.Map; public class CustomAPIAuthenticationHandler extends AbstractHandler { public boolean handleRequest(MessageContext messageContext) { try { if (authenticate(messageContext)) { return true; } } catch (APISecurityException e) { e.printStackTrace(); } return false; } public boolean handleResponse(MessageContext messageContext) { return true; } public boolean authenticate(MessageContext synCtx) throws APISecurityException { Map headers = getTransportHeaders(synCtx); String authHeader = getAuthorizationHeader(headers); if (authHeader.startsWith("userName")) { return true; } return false; } private String getAuthorizationHeader(Map headers) { return (String) headers.get("Authorization"); } private Map getTransportHeaders(MessageContext messageContext) { return (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext(). getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS); } } |
Engaging the custom handler
- Build the custom authenticaor code downloaded previously, and copy the resulting jar to <API-M_HOME>/repository/components/dropins directory.
Engage the custom handler using the API template as explained below:
You can engage a custom handler to all APIs at once or only to selected APIs. To engage a custom handler to APIs, you need to add the custom handler with its logic in the<APIM_HOME>/repository/resources/api_templates/velocity_template.xml
...
file.
Note It is not recommended to update the API source code via the source view UI or file system when engaging a custom handler to selected APIs, because the customizations get overridden by the publisher updates.
For example, the following code segment adds the custom authentication handler that you wrote earlier to
...
the
velocity_template.xml
file while making sure that it skips the defaultAPIAuthenticationHandler
implementation:Code Block <handler class="org.wso2.carbon.apimgt.custom.authentication.handler.CustomAPIAuthenticationHandler" /> #foreach($handler in $handlers) #if(!($handler.className == "org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler")) <handler xmlns="http://ws.apache.org/ns/synapse" class="$handler.className"> #if($handler.hasProperties()) #set ($map = $handler.getProperties() ) #foreach($property in $map.entrySet()) <property name="$!property.key" value="$!property.value"/> #end #end </handler> #end #end </handlers>
You can select to which API(s) you need to engage the handler. Given below is an example of adding only the
CustomAPIAuthenticationHandler
to the sample PizzaShackAPI.Code Block language xml <handlers xmlns="http://ws.apache.org/ns/synapse"> #if($apiName == 'admin--PizzaShackAPI') <handler class="org.wso2.carbon.sample.auth.CustomAPIAuthenticationHandler"/> #end #foreach($handler in $handlers) #if($apiName != 'admin--PizzaShackAPI' || !($handler.className == "org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler")) <handler xmlns="http://ws.apache.org/ns/synapse" class="$handler.className"> #if($handler.hasProperties()) #set ($map = $handler.getProperties() ) #foreach($property in $map.entrySet()) <property name="$!property.key" value="$!property.value"/> #end #end </handler> #end #end </handlers>
- Restart the API Manager server.