Showing posts with the label OpenSource

Secure Spring Boot REST API using Basic Authentication

This is the third post of my Spring Boot Blog post series. In the very first post, I talked about my experience with creating RESTFul Services using Spring Boot. Then I have expanded the sample to integrate with Swagger documentation. In this post, I am going to expand above sample with security aspect.

What is API Security

API Security is a wide area with many different definitions, meanings, and solutions. The main key terms in API security are Authorization, Authentication, Encryption, Federation, and Delegation. However, I am not going to talk about each of them here.

What is Authentication

Authentication is used to reliably determine the identity of an end user and give access to the resources based on the correctly identified user.

What is Basic Authentication

Basic Authentication is the simplest way to enforce access controling to resources. Here, the HTTP user agent provides the username and the password when making a request. The string containing the username and password separ…

Introduction to WSO2 Registry Mounting

This post is based on the common questions raised about registry mounting and how it works etc. Below are the main questions people ask:

1). How mounting works?
2). What is the difference between Config Registry and Governance Registry?
3). Can I use databases other than H2 for Local Registry?
4). What is meant by mount path and target path?
5). Do I need to configure “remoteInstance” URL?
6). What should I use as the cacheId?

So let's start with how to configure a registry mount. When you are configuring the registry mount, you have to add the relevant data source to the master-datasources.xml file. In addition to that, you have to add mounting related configuration into the registry.xml file as well.

In the master-datasources.xml file you have to just configure a JDBC data source by providing JDBC URL, username, password, validation queries, connection optimization parameters, etc. An example data source entry will look like below.


Integrating Swagger with Spring Boot REST API

In the last post, I talked about my experience with creating RESTFul Services using Spring Boot. When creating a REST API, proper documentation is a mandatory part of it.

What is Swagger?

Swagger(Swagger 2) is a specification for describing and documenting a REST API. It specifies the format of the REST web services including URL, Resources, methods, etc. Swagger will generate documentation from the application code and handle the rendering part as well.

In this post, I am going to integrate Swagger 2 documentation into a Spring Boot based REST web service. So I am going to use Springfox implementation to generate the swagger documentation. If you want to know how to run/build Spring Boot project, please refer my previous post.

Springfox provides two dependencies to generate API Doc and Swagger UI. If you are not expecting to integrate Swagger UI into your API level, no need to add  Swagger UI dependency.


Manage Solr Data in WSO2 Server

Recently I was checking an issue faced by one of my colleague while automating WSO2 API Manager deployment. There, once the new pack is deployed by pointing to the existing databases, APIM Store didn't show existing APIs at once. It took some time to display all the existing APIs in the Store.

The APIs are retrieved using the Solr based indexing in APIM. Therefore, the main reason for this behavior is that a fresh pack doesn't have existing Solr data and it takes some time to complete the indexing. Until that indexing process is completed, it will not show API in the Store instantly.

To address this, you can follow one of the below approaches:

1). Backup existing Solr data (APIM_HOME/solr/data) from the existing deployment and added it to newly created pack.

2). Externalize Solr data directory. Solr data stored location can be configured via file located in the APIM_HOME/repository/conf/solr/registry-indexing directory. So you can update to stor…

Lifecycle Managment with Governance Publisher

WSO2 Governance Registry (WSO2 G-Reg) is a fully open source product for SOA governance. In G-Reg 5.0.0 release, we have introduced a revolutionary enterprise publisher and store for asset management. As I explained in my previous post, the Lifecycle of an asset is one of the critical requirements of enterprise asset management.

G-Reg Publisher Lifecycle Management: 

With WSO2 Governance Registry 5.3.0, we have introduced a new Lifecycle management feature for publisher application as well. After enabling lifecycle management in the publisher, you will be able to see new lifecycle management UI as below.

This lifecycle management can be enabled for one asset type or all the generic asset types(RXT based). If you are enabling this for all the assets, you have to change 'lifecycleMgtViewEnabled' value as true in the asset js file located in the GREG_HOME/repository/deployment/server/jaggeryapps/publisher/extensions/assets/default directory. By default, this publisher based lifecy…

How to clean Registry log (REG_LOG) table

If you are using WSO2 Governance Registry or API Manager product, you might be already aware that all the registry related actions are being logged. This REG_LOG table being read for Solr indexing(store and publisher searching). Based on the REG_LOG table entries we are indexing artifact metadata. However, with the time this table size might grow. So as a maintain step you can clean up obsolete records from that table.

So you can use below query to delete obsolete records from REG_LOG table.



WSO2 Governance Registry Lifecycle transition inputs

WSO2 Governance Registry (WSO2 G-Reg) is a fully open source product for governing SOA deployments, which provides many extension points to ensure your business policies. With G-Reg 5.0.0 release, we have introduced revolutionary UIs for enterprise asset management and discovery. 
The Lifecycle of an asset is one of the critical requirements of enterprise asset management and Lifecycle management is focused on various state changes in a given artifact through different phases. If you want to read more about this, please go through my article on "Governance Framework Extension Points."
So here I am going to talk about, one of the feature enhancements which we added for G-Reg 5.3.0. With G-Reg 5.3.0, we have introduced lifecycle transition input for G-Reg publisher. With lifecycle transition inputs, you will be able to parse custom inputs from a user who is doing lifecycle operation. 
As an example, you have integrated wso2 governance registry with API Management product using…

Test Your Web Service - POX

What is Web Service:

"Web Service" is described as a standardized way of communicating and integrating different systems. This communication primarily happens over HTTP.

When testing a Web Service, there are multiple tools and options available. With this "Test your Web Service" post, I am going to publish about few approaches to test a Web Service. In the first post, I use POX based approach to test it.

Testing Your Web Service using POX:

POX(Plain Old XML) means exchanging plain old XML documents over HTTP, and this is a subset of REST. Here you can parse values to the Web Service as URL query parameters.

In this post, I am going to use the Global Weather service available online in below URL. It can be named as the web service URL.

Web service URL :

 You can see the contract(WSDL) of the test web service by navigating to the below URL:

So there you can see this Web Se…

Service Discovery with WSO2 Governance Registry

This blog post explains about the service discovery capability of WSO2 Governance Registry. If you have heard about UDDI and WS-Discovery, we used those technologies to discover Services during 2009-2013 time.

What is UDDI:

UDDI stands for Universal Description, Discovery, and Integration. It is seen with SOAP and WSDL as one of the three foundation standards of web services. It uses Web Service Definition Language(WSDL) to describe the services.

What is WS-Discovery:

WS-Discovery is a standard protocol for dynamically discovering service endpoints. Using WS-Discovery, service providers multicast and advertise their endpoints with others.

Since most of the modern services are REST based, above two approaches are considered as dead nowadays. Both UDDI and WS-Discovery target for SOAP based services and they are very bulky. In addition to that, industry is moving from Service Registry concept to Asset Store(Governance Center), and people tend to use REST API and Discovery clients.

How Disc…

Maven Compiler Plugin

The Maven Compiler Plugin is used to compile the java source code of your project. The default compiler is javac and is used to compile Java sources. By modifying pom.xml file, you can customize the default behavior of Maven Compiler Plugin. 

Using Maven Compiler Plugin, you can compile the source code of a certain project to a different version of JVM than what you are currently using. EX: compile using JDK 1.8 and target JVM is 1.7. Default source setting is JDK 1.5, and the default target setting is JDK 1.5

Example configuration is as below:

<build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.5.1</version> <configuration> <source>1.7</source> <target>1.7</target> </configuration> </plugin> </plugins…

G-Reg and ESB integration scenarios for Governance

WSO2 Enterprise Service Bus (ESB) or WSO2 Enterprise Integrator(EI) products employs WSO2 Governance Registry for storing configuration elements and resources such as WSDLs, policies, service metadata, etc. By default, WSO2 ESB/EI shipped with embedded Registry, which is entirely based on the WSO2 Governance Registry (G-Reg). Further based on the requirements, you can connect to a remotely running WSO2 Governance Registry using a remote JDBC connection which is known as a ‘JDBC registry mount’.

Other than the Registry/Repository aspect of WSO2 G-Reg, its primary use cases are Design time governance and Runtime governance with seamless lifecycle management. It is known as Governance aspect of WSO2 G-Reg. So with this governance aspect of WSO2 G-Reg, more flexibility is provided for integration with WSO2 ESB/EI.

When integrating WSO2 ESB/EI with WSO2 G-Reg in governance aspect, there are three options available. They are:

1). Share Registry space with both ESB/EI and G-Reg
2). Use G-Re…

Lifecycle Management with WSO2 Governance Registry

SOA Lifecycle management is one of the core requirements for the functionality of an Enterprise Governance suite. WSO2 Governance Registry 5.2.0 supports multiple lifecycle management capability out of the box. Also, it gives an opportunity to the asset authors to extend the out of the box lifecycle functionality by providing their own extensions, based on the organization requirements. Further, the WSO2 Governance Registry supports multiple points of extensibility. Handlers, Lifecycles and Customized asset UIs(RXT based) are the key types of extensions available.


A lifecycle is defined with SCXML based XML element and that contains,
A name One or more statesA list of check items with role based access control One or more actions that are made available based on the items that are satisfied 
Adding a Lifecycle
To add a new lifecycle aspect, click on the Lifecycles menu item under the Govern section of the extensions tab in the admin console. It will show you a user interface …

How to disable Registry indexing

Sometimes people complain that they have seen background DB queries executed by some WSO2 products(EX: WSO2 API Manager Gateway profile). These query executions are not harmful, and those correspond to registry indexing task that runs in the background.

It is not required to enable indexing task for APIM 1.10.0 based Gateway or Key Manager nodes. So you can disable the indexing task by setting "startIndexing" parameter as false. This "startIndexing" parameter should be configured in the registry.xml file under "indexingConfiguration" section.

Ex: <indexingConfiguration> <startIndexing>false</startIndexing> ...... </indexingConfiguration>

WSO2 Governance Registry: Support for Notification

With WSO2 Governance Registry 5.x releases, now you can send rich email messages when email notification is triggered in WSO2 Governance Registry with the use of email templating support we have added. In the default implementation, administrator or any privileged user can store email templates in “/_system/governance//repository/components/org.wso2.carbon.governance/templates” collection and the template name must be same as the lower case of the event name.

For an example if you want to customize “PublisherResourceUpdated” event, template file should be as: “/_system/governance/repository/components/org.wso2.carbon.governance/templates/publisherresourceupdated.html”.

If you do not want to define event specific email templates, then you can add a template called “default.html”.

By default, $$message$$ message section in email templates will be replaced with the message generated in the event.

How can I plug my own template mechanism and modify the message?

You can override the def…

Java7: Strings in Switch Statements

Switch statements with String is long waiting enhancement which is requested 1995(Decade before I have joined to IT industry).

This String switch statement uses the equal operation to compare the String object in expression and label. Therefore String switch statement is case sensitive. Also according to the Java documentation, this switch statement is more efficient than if-else statements("Java compiler generates generally more efficient bytecode from switch statements").

public void stringSwitchStatement(String value) { switch (value) { case "Chandana": System.out.println("Input is Chandana"); break; case "OtherValue": case "OtherValue2": System.out.println("Other inputs : " + value); break; case "Test": System.out.println("Input is Test"); break; default: throw new IllegalArgumentException("Invalid input value : " + value); } }

Java7 : Multiple Catch Block with example

With JAVA SE 7, Multi-catch exceptions handling has been introduced and it is a convinent way for exception handling, since we can catch multiple exceptions using one catch block.

In the "Multi-catch" block each exception should be separated by pipe (|) charatcter and that will make code is more readable.

Read more : Working with Java SE 7 

Ex: public class SampleClass { public static void main(String[] args) { try { // Your code } catch (ParseException | IOException exception) { // inside the multie catch block } } }

What is WSO2 Governance Registry

Many SOA governance tools/solutions have not been matured over the years. However, SOA governance tools provided by WSO2 has been improved a lot during the last couple of years.

WSO2 Governance Registry provides enterprises with end-to-end SOA governance, which includes configuration governance, development process governance, design and runtime governance, and life cycle management. This enables IT professionals to streamline application development, testing and deployment processes. The latest WSO2 Governance Registry release (5.0), introduces a host of features to further enhance various aspects of SOA governance.
WSO2 Governance Registry (5.0) release has a new publisher and store user interfaces to publish and consume assets. Asset owners can publish the assets from the Publisher UI and manage the lifecycle of these assets from this UI, while consumers can discover them from the Store UI.

New features of WSO2 Governance Registry:
WSO2 Governance Registry is shipped with newly added …

Configure External Solr server with Governance Registry

In WSO2 Governance Registry 5.0.0, we have upgraded Apache Solr version into 5.2 release. With that you can connect WSO2 Governance Registry into an external Solr server or Solr cluster. External Solr integration provides features to gain comprehensive Administration Interfaces, High scalability and Fault Tolerance, Easy Monitoring and many more Solr capabilities.

Let me explain how you can connect WSO2 Governance Registry server with an external Apache Solr server.

1). First, you have to download Apache Solr 5.x.x from the below location.
Please note that we have only verified with Solr 5.2.0 and 5.2.1 versions only.

2). Then unzip Solr Zip file. Once unzipped, it's content will look like the below.

The bin folder contains the scripts to start and stop the server. Before starting the Solr server, you have to make sure JAVA_HOME variable is set properly. Apache Solr is shipped with an inbuilt Jetty server.

3). …

Remove duplicate XML elements using XSLT

Today I faced an issue where I am receiving a XML message with duplicate elements. So I wanted to remove those duplicate elements using some condition . For that I came up with a XSLT which does that.

My XML input:

<OurGuestsCollection  xmlns="">

Writing a Create API Executor for API.RXT

One of the use cases of the WSO2 Governance Registry is storing metadata information of different artifacts. In an Organization, there can be different metadata of different artifacts such their REST APIs, SOAP Services etc. In such a scenario you can use API and Service RXT which are available in the WSO2 Governance Registry to store metadata information.

With the use of API metadata which is stored in the WSO2 Governance Registry, you can publish APIs into WSO2 API Manager without accessing the web interface of the API Manager. This API creation is handled through lifecycle executor of the WSO2 Governance Registry. Once lifecycle state of the api publisher is reached, the executor will invoke Publisher REST API of the WSO2 API Manager and create the API. "Integrating with WSO2 API Manager" documentation explains about how to create an API using SOAP service meta data information.

If you want to create an API using the REST API metadata information available in the WSO2…