License: Apache License 2.0
| Branch | Build Status(Jenkins) | Build Status(TravisCI) |
|---|---|---|
| master |  |
If you want to build carbon-apimgt from the source code:
git checkout mastercarbon-apimgt directory and run the following Maven command.mvn clean install
This include the task related to creating test cases for https://github.com/wso2/carbon-apimgt/blob/C5/components/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/wso2/carbon/apimgt/core/impl/APIStoreImpl.java
If an API is created and published with only a production endpoint, following error is occurred at the gateway. This seems to be an issue in the bal file generation template, where it fails to replace the place holder 'execute_endpoint' with the correct syntax.
ballerina.lang.errors:Error, message: org/wso2/carbon/apimgt/gateway/2bde7015-6b9a-4169-83c4-97b3300f9d5a.bal:22: undefined function 'execute_endpoint'
at deployService(:0)
at deployService(org/wso2/carbon/apimgt/gateway/utils/APICoreUtil.bal:230)
at apimPublisherEventListner.onMessage(org/wso2/carbon/apimgt/gateway/apimPublisherEventListner.bal:50)
We are giving a lifecycle state not an action for "action" parameter. "action" parameter should be a verb not a state.
POST http://localhost:9090/api/am/publisher/v1/apis/change-lifecycle?action=Published&apiId=5d88cd9a-b8d1-423d-9751-60da0031d7df HTTP/1.1
Authorization: Bearer c2d376d4-3ff1-43e2-bd42-1532f120b2d5
We should either change the parameter name or use a verb as an "action" paramter.
This include the task related to creating test cases for https://github.com/wso2/carbon-apimgt/blob/C5/components/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/wso2/carbon/apimgt/core/impl/APIPublisherImpl.java
HTTP Status code 200 (OK) is return when performing DELETE operation on /api/am/publisher/v1.0/apis/{uuid} , even with an invalid api id(UUID)
Sample CURL for re-producing the issue
curl 'https://localhost:9292/api/am/publisher/v1.0/apis/3998d80d-b63f-498e-b5bc-4df7802f0e92sample_1234' -X DELETE -H 'Pragma: no-cache' -H 'Origin: https://localhost:9292' -H 'Accept-Encoding: gzip, deflate, br' -H 'Accept-Language: en-US,en;q=0.8' -H 'Authorization: Bearer 062a9dea-7fd2-302b' -H 'Accept: application/json' -H 'Cache-Control: no-cache' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36' -H 'Cookie: WSO2_AM_TOKEN_MSF4J=-a848-9e5dc83b74c1' -H 'Connection: keep-alive' -H 'Referer: https://localhost:9292/publisher/apis' -H 'DNT: 1' --compressed --insecure
Getting following error when updating policies due to invalid endpoint URL provided during API creation.
Need to add input validations in both UI level and REST API.
[2017-07-10 20:35:04,979] WARN {org.wso2.msf4j.internal.MSF4JMessageProcessor} - Unmapped exception java.lang.NullPointerException
at org.wso2.carbon.apimgt.core.impl.APIPublisherImpl.validateEndpoints(APIPublisherImpl.java:361)
at org.wso2.carbon.apimgt.core.impl.APIPublisherImpl.updateAPI(APIPublisherImpl.java:453)
at org.wso2.carbon.apimgt.rest.api.publisher.impl.ApisApiServiceImpl.apisApiIdPut(ApisApiServiceImpl.java:955)
at org.wso2.carbon.apimgt.rest.api.publisher.ApisApi.apisApiIdPut(ApisApi.java:375)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.wso2.msf4j.internal.router.HttpMethodInfo.invoke(HttpMethodInfo.java:132)
at org.wso2.msf4j.internal.MSF4JMessageProcessor.dispatchMethod(MSF4JMessageProcessor.java:139)
at org.wso2.msf4j.internal.MSF4JMessageProcessor.lambda$receive$0(MSF4JMessageProcessor.java:81)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)This include the task related to creating test cases for https://github.com/wso2/carbon-apimgt/blob/C5/components/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/wso2/carbon/apimgt/core/impl/UserAwareAPIStore.java
This include the task related to creating test cases for https://github.com/wso2/carbon-apimgt/blob/C5/components/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/wso2/carbon/apimgt/core/impl/EventLogger.java
Need to implement authentication logic in Basic Authenticator when the username and password are provided.
We need an API from IS side to invoke and get the user authenticated.
This include the task related to creating test cases for https://github.com/wso2/carbon-apimgt/blob/C5/components/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/wso2/carbon/apimgt/core/impl/JWTWithRSASignatureImpl.java
The UI related to the API permissions should be completed.
Currently the refresh token is saved as a single http only cookie. We need to save this by splitting it into two parts in order to mitigate csrf attacks.
Replace currently scattered stylings with react-md library components.
PRs,
[1] ecb5da3
Hi,
I develop the apimt to all in one, and I set the Maximum Backend Throughput is 5, but I can request umlimited
This issue is created to address the responsive issues in PR #3852
When requesting an authorization code or an access token, a space separated scopes list is used.
Currently, we send the scope keys as a space separated list, but when concerning userability perspective, using scope names is preferable. But what if a scope name has a space? Hence, cannot use the scope name.
So need to come up a mapping from the IS side to display the scope names for the corresponding scope keys.
The ApiMgtDAO has this method with an String parameter, but it is not the subscriberName, its the ID.
public static Subscriber getSubscriber(String subscriberName)
This task is is to create test cases for https://github.com/wso2/carbon-apimgt/blob/C5/components/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/wso2/carbon/apimgt/core/impl/FunctionTrigger.java
Currently the /export and /import APIs don't have scopes set. This makes these resources accessible to anyone. We need to make these resources protected using scopes.
this will throw
[2017-04-17 11:39:18,359] ERROR {org.wso2.carbon.apimgt.rest.api.store.impl.ApplicationsApiServiceImpl} - Error while deleting application: a61952c1-8417-4606-b1d9-3bb7511ca554 org.wso2.carbon.apimgt.core.exception.APIManagementException: Error occurred while deleting the application - a61952c1-8417-4606-b1d9-3bb7511ca554
at org.wso2.carbon.apimgt.core.impl.APIStoreImpl.deleteApplication(APIStoreImpl.java:611)
at org.wso2.carbon.apimgt.core.impl.UserAwareAPIStore.deleteApplication(UserAwareAPIStore.java:57)
at org.wso2.carbon.apimgt.rest.api.store.impl.ApplicationsApiServiceImpl.applicationsApplicationIdDelete(ApplicationsApiServiceImpl.java:74)
at org.wso2.carbon.apimgt.rest.api.store.ApplicationsApi.applicationsApplicationIdDelete(ApplicationsApi.java:44)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.wso2.msf4j.internal.router.HttpMethodInfo.invoke(HttpMethodInfo.java:132)
at org.wso2.msf4j.internal.MSF4JMessageProcessor.dispatchMethod(MSF4JMessageProcessor.java:139)
at org.wso2.msf4j.internal.MSF4JMessageProcessor.lambda$receive$0(MSF4JMessageProcessor.java:81)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.wso2.carbon.apimgt.core.exception.APIMgtDAOException: org.h2.jdbc.JdbcSQLException: Referential integrity constraint violation: "CONSTRAINT_E1: PUBLIC.AM_SUBSCRIPTION FOREIGN KEY(APPLICATION_ID) REFERENCES PUBLIC.AM_APPLICATION(UUID) ('a61952c1-8417-4606-b1d9-3bb7511ca554')"; SQL statement:
DELETE FROM AM_APPLICATION WHERE UUID = ? [23503-192]
at org.wso2.carbon.apimgt.core.dao.impl.ApplicationDAOImpl.deleteApplication(ApplicationDAOImpl.java:355)
at org.wso2.carbon.apimgt.core.impl.APIStoreImpl.completeWorkflow(APIStoreImpl.java:836)
at org.wso2.carbon.apimgt.core.impl.APIStoreImpl.deleteApplication(APIStoreImpl.java:605)
... 13 more
Caused by: org.h2.jdbc.JdbcSQLException: Referential integrity constraint violation: "CONSTRAINT_E1: PUBLIC.AM_SUBSCRIPTION FOREIGN KEY(APPLICATION_ID) REFERENCES PUBLIC.AM_APPLICATION(UUID) ('a61952c1-8417-4606-b1d9-3bb7511ca554')"; SQL statement:
DELETE FROM AM_APPLICATION WHERE UUID = ? [23503-192]
at org.h2.message.DbException.getJdbcSQLException(DbException.java:345)
at org.h2.message.DbException.get(DbException.java:179)
at org.h2.message.DbException.get(DbException.java:155)
at org.h2.constraint.ConstraintReferential.checkRow(ConstraintReferential.java:426)
at org.h2.constraint.ConstraintReferential.checkRowRefTable(ConstraintReferential.java:443)
at org.h2.constraint.ConstraintReferential.checkRow(ConstraintReferential.java:318)
at org.h2.table.Table.fireConstraints(Table.java:967)
at org.h2.table.Table.fireAfterRow(Table.java:985)
at org.h2.command.dml.Delete.update(Delete.java:101)
at org.h2.command.CommandContainer.update(CommandContainer.java:98)
at org.h2.command.Command.executeUpdate(Command.java:258)
at org.h2.jdbc.JdbcPreparedStatement.execute(JdbcPreparedStatement.java:201)
at com.zaxxer.hikari.proxy.PreparedStatementProxy.execute(PreparedStatementProxy.java:44)
at com.zaxxer.hikari.proxy.HikariPreparedStatementProxy.execute(HikariPreparedStatementProxy.java)
at org.wso2.carbon.apimgt.core.dao.impl.ApplicationDAOImpl.deleteApplication(ApplicationDAOImpl.java:351)
... 15 more
Is there no support to upload the WSDL to publish a service? Only import via http?
Hi,
I am getting below issue with api manager 1.9.1
XMLHttpRequest cannot load https://xxxxxxxxx:8243/login/1.0.0/*. Response for preflight has invalid HTTP status code 403
My CORS configuration inside api-manager.xml is
<!--Configuration to enable/disable sending CORS headers from the Gateway-->
<Enabled>true</Enabled>
<!--The value of the Access-Control-Allow-Origin header. Default values are
API Store addresses, which is needed for swagger to function.-->
<Access-Control-Allow-Origin>*</Access-Control-Allow-Origin>
<!--Configure Access-Control-Allow-Methods-->
<Access-Control-Allow-Methods>GET,PUT,POST,DELETE,OPTIONS</Access-Control-Allow-Methods>
<!--Configure Access-Control-Allow-Headers-->
<Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type,api_key,SOAPAction</Access-Control-Allow-Headers>
</CORSConfiguration>
Could anyone please tell me what should be the solution for this ?
Currently, UUF does not support this and it is addressed in https://github.com/wso2/carbon-uuf/issues/160 and https://github.com/wso2/carbon-uuf/issues/166.
When building the product-apimgt we copy the org.wso2.carbon.apimgt.store.feature and org.wso2.carbon.apimgt.publisher.feature features into <PRODUCT_HOME>/wso2/lib/feature/ without excludin the node_modules directory.
node_modules directly should have been excluded at the first place rather than coping and removeign it afterword [1] .
This feature enables API Store users to gain access to multiple other related applications (publisher/admin-portal), depending on the permissions, without having to repeatedly authenticate themselves when they are authenticated against one application (store).
Delete apis from publisher application
This include the task related to creating test cases for https://github.com/wso2/carbon-apimgt/blob/C5/components/apimgt/org.wso2.carbon.apimgt.core/src/main/java/org/wso2/carbon/apimgt/core/impl/AbstractAPIManager.java
Hi,
Carbon-apimgt 1.2.5 was shipped with API Manager 1.9.1 release. However we found 1.2.5 was not tagged.
Since user management happens through IS in C5, we call the SCIM endpoint in IS to retrieve user information. In such case, when retrieving the roles of the admin user, the user ID should be known. But in IS SCIM api, the admin is not considered as a SCIM user and hence it does not have an ID.
Therefore as a workaround, in the current code of APIM, we have considered admin as a special user and skipped getting roles when the user is admin.
The issue was reported in mail thread [1], and is tracked as an IS redmine issue in [2]. Refer [3] for the mail thread on feature implementation.
All the special admin user checks that are in the code should be removed when the issue tracked in [2] is resolved.
[1] [Dev][Architecture][IS][APIM] Providing a SCIM Id for admin user in SCIM
[2] https://redmine.wso2.com/issues/6390
[3] [Architecture] [IS] SCIM Support for Admin Users
This main task is divided into sub tasks as follows
An error occurred saying entries method not found in FF 46.0.1 when navigating to API details page.
This was caused by missing util method entries in Object class (Which has introduced in ES7)
Used in Here:
Object.entries(NavBar.CONST)As recommended in MDN either we have to include the polyfill or strict to ES6.
Hi Team!
I want use dynamic endpoints like described at wso2/product-apim#1194.
There is an example described here : http://stackoverflow.com/questions/20199200/wso2-dynamically-adding-an-endpoint-to-loadbalance-endpoint
For example, Eureka Client provides a dynamic list of available servers so we could balance between them.
Any help.
Thanks.
With the current implementation, When a request fails with authentication during a data fetch, users get redirect to login page to get new access token and set it in a cookie,
After the login process, it throws user back to the /{context}/apis page, but not the location where he was originally redirected to the login page.
We need to set query param along with the redirection and send the user back to their original path after a successful login.
The block login.jag from wso2am-1.9.1/repository/deployment/server/jaggeryapps/store/modules/user/logn.jag logout method is doing nothing;
i want to build wso2 emm submodule repository. how to check submodule repository of wso2emm
Currently in APIM, when trying to get the consumer key/secret of an already existing DCR application by providing the application name, it does not return the details of the existing application.
But when we try to create a new application with an already existing name, it returns the data of the existing application.
Should be able to get the existing application details by providing the consumer key.
Messages displayed by ant message helper function are shown by the header in the app, Please find the attached screenshot for more details.
We cannot compare application contexts as in the link [1], since they can change.
Similar places should be fixed.
This place [2] is also related to this issue.
A user needs to click exactly on the text in order to trigger the page load, even though, the tab is shown as a clickable area, the click action is only triggered when clicking on the text.
Where is this class now?
I see that there is a potential circular dependency between the specified modules.
In fact, you refer to a stub module for example:
stub = new APIAuthenticationServiceStub(ServiceReferenceHolder.getContextService().getClientConfigContext(),
getServiceEndpointToClearCache(environment, "APIAuthenticationService"))
How to load the correct module during execution?
Shall we use a standard JWT library like Nimbus to handle JWT?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.