This section introduces handlers and using an example, explains how to write a custom handler:
| Table of Contents |
|---|
Introducing Handlers
When an API is created, a file with its synapse configuration is added to the API Gateway. You can find it in the <APIM_HOME>/repository/deployment/server/synapse-configs/default/api folder. It has a set of handlers, each of which is executed on the APIs in the same order they appear in the configuration. You find the default handlers in any API's Synapse definition as shown below.
...
APIAuthenticationHandler:Validates the OAuth2 bearer token used to invoke the API. It also determines whether the token is of typeProductionorSandboxand setsMessageContextvariables as appropriate.APIThrottleHandler:Throttles requests based on the throttling policy specified by thepolicyKeyproperty. Throttling is applied both at the application level as well as subscription level.-
APIMgtUsageHandler:Publishes events to BAM for collection and analysis of statistics. This handler only comes to effect if API usage tracking is enabled. See Publishing API Runtime Statistics for more information. APIMgtGoogleAnalyticsTrackingHandler:Publishes events to Google Analytics. This handler only comes into effect if Google analytics tracking is enabled. See Integrating with Google Analytics for more information.APIManagerExtensionHandler:Triggers extension sequences. By default, the extension handler is listed at last in the handler chain, and therefore is executed last. To configure the API Gateway to execute extension handlers first, uncomment the<ExtensionHandlerPosition>section in the<APIM_HOME>/repository/conf/api-manager.xmlfile and provide the valuetop. This is useful when you want to execute your own extensions before our default handlers in situations like doing additional security checks such as signature verification on access tokens before executing the default security handler.
See Adding Mediation Extensions.
Writing a custom handler
Let's see how you can write a custom handler and apply it to the API Manager. In this example, we extend the authentication handler.
...
| Code Block | ||
|---|---|---|
| ||
package org.wso2.carbon.apimgt.gateway.handlers.security;
import org.apache.synapse.MessageContext;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.AbstractHandler;
import java.util.Map;
public class CustomAPIAuthenticationHandler extends AbstractHandler {
public boolean handleRequest(MessageContext messageContext) {
try {
if (authenticate(messageContext)) {
return true;
}
} catch (APISecurityException e) {
e.printStackTrace();
}
return false;
}
public boolean handleResponse(MessageContext messageContext) {
return true;
}
public boolean authenticate(MessageContext synCtx) throws APISecurityException {
Map headers = getTransportHeaders(synCtx);
String authHeader = getAuthorizationHeader(headers);
if (authHeader.startsWith("userName")) {
return true;
}
return false;
}
private String getAuthorizationHeader(Map headers) {
return (String) headers.get("Authorization");
}
private Map getTransportHeaders(MessageContext messageContext) {
return (Map) ((Axis2MessageContext) messageContext).getAxis2MessageContext().
getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
}
} |
Engaging the custom handler
You can engage the custom handler per API or to all APIs at once. To engage to all APIs, the recommended approach is to add it to the <APIM_HOME>/repository/resources/api_templates/velocity_template.xml file. Given below is how to engage handlers to a single API, by editing its source view.
...