Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Replaced DAS with SP

This section introduces handlers and using an example, explains how to write a custom handler:

...

  • CORSRequestHandler:  Sets the CORS headers to the request and executes the CORS sequence mediation logic. This handler is thereby responsible for returning the CORS headers from the gateway or routing the requests to the backend and letting the backend send the CORS headers.
  • APIAuthenticationHandler: Validates the OAuth2 bearer token used to invoke the API. It also determines whether the token is of type Production or Sandbox and sets MessageContext variables as appropriate. 
  • APIThrottleHandler: Throttles requests based on the throttling policy specified by the policyKey property. Throttling is applied both at the application level as well as subscription level.
  • APIMgtUsageHandler: Publishes events to WSO2 Data Analytics Server Stream Processor (WSO2 DASSP) for collection and analysis of statistics. This handler only comes to effect if API usage tracking is enabled. See the Working with Analytics section for more information.
  • APIMgtGoogleAnalyticsTrackingHandler: Publishes events to Google Analytics. This handler only comes into effect if Google analytics tracking is enabled. See Integrating with Google Analytics for more information.

  • APIManagerExtensionHandler : Triggers extension sequences. By default, the extension handler is listed at last in the handler chain, and therefore is executed last. You cannot change the order in which the handlers are executed, except the extension handler. To configure the API Gateway to execute extension handler first, uncomment the <ExtensionHandlerPosition> section in the <APIM_HOME>/repository/conf/api-manager.xml file and provide the value top. This is useful when you want to execute your own extensions before our default handlers in situations like  doing additional security checks such as signature verification on access tokens before executing the default security handler.  
    See Adding Mediation Extensions.

...

Message logging is handled by APIManagerExtensionHandler for API Manager 1.9.1 and above. Addition to the above mentioned Handlers, APILogMessageHandler has introduced from API Manager version 1.9.1 onwardsAPILogMessageHandler is a sample handler that comes with WSO2 API Manager that can be used for logging.

...

  1. Build the custom authenticaor code downloaded previously, and copy the resulting jar to <API-M_HOME>/repository/components/dropins directory.

  2. Engage the custom handler using the API template as explained below:
    You can engage a custom handler to all APIs at once or only to selected APIs. To engage a custom handler to APIs, you need to add the custom handler with its logic in the <APIM_HOME>/repository/resources/api_templates/velocity_template.xml file. 

    Note

    It is not recommended to update the API source code via the source view UI or file system when engaging a custom handler to selected APIs, because the customizations get overridden by the publisher updates. 

    For example, the following code segment adds the custom authentication handler that you wrote earlier to the velocity_template.xml file while making sure that it skips the default  APIAuthenticationHandler  implementation:

    Code Block
    <handler class="org.wso2.carbon.apimgt.custom.authentication.handler.CustomAPIAuthenticationHandler" />
       #foreach($handler in $handlers)
          #if(!($handler.className == "org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"))
           <handler xmlns="http://ws.apache.org/ns/synapse" class="$handler.className">
            #if($handler.hasProperties())
                #set ($map = $handler.getProperties() )
                #foreach($property in $map.entrySet())
                    <property name="$!property.key" value="$!property.value"/>
                #end
            #end
           </handler>
         #end
        #end
</handlers>

    You can select to which API(s) you need to engage the handler. Given below is an example of adding only the CustomAPIAuthenticationHandler to the sample PizzaShackAPI.

    Code Block
    languagexml
    <handlers xmlns="http://ws.apache.org/ns/synapse">
#if($apiName == 'admin--PizzaShackAPI')
    <handler class="org.wso2.carbon.sample.auth.CustomAPIAuthenticationHandler"/>
#end
#foreach($handler in $handlers)
    #if($apiName != 'admin--PizzaShackAPI' || !($handler.className == "org.wso2.carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler"))
        <handler xmlns="http://ws.apache.org/ns/synapse" class="$handler.className">
            #if($handler.hasProperties())
                #set ($map = $handler.getProperties() )
                #foreach($property in $map.entrySet())
                    <property name="$!property.key" value="$!property.value"/>
                #end
            #end
        </handler>
    #end
#end
</handlers>
  3. Restart the API Manager server.

...