Thursday, December 1, 2016


XACML Architecture


1. Its an access control policy language.
2. The Identity Server supports XACML 3.0, which is based on Balana XACML implementation.
3. The XACML engine of the WSO2 Identity Server has two major components, i.e., PAP and PDP. 


Eg: 

MyPolicy.xml
==========

<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="MyPolicy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
     <Target>
   <AnyOf>
            <AllOf>
  <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
         <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
         <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" 
                                            DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
  </Match>
     </AllOf>
  </AnyOf>
      </Target>
          <Rule Effect="Permit" RuleId="permit"/>
</Policy>


Request 
=======

https://localhost:9443/entitlement/Decision/pdp

Authorization         Basic YWRtaW46YWRtaW4=
Accept                   application/xml
Content-Type        application/xml


<Request CombinedDecision="false" ReturnPolicyIdList="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
    <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
        <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" IncludeInResult="false">
            <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
        </Attribute>
    </Attributes>
    <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
        <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false">
            <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">http://127.0.0.1/service/very_secure/</AttributeValue>
        </Attribute>
    </Attributes>
</Request>


Response
========

<Response xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
    <Result>
        <Decision>Permit</Decision>
        <Status>
            <StatusCode Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
        </Status>
    </Result>
</Response>

Thursday, October 27, 2016

Java Script Basics 


[1] Calling a function of another file from your javascript file

file 01:  graphinventor.js
=================

 console.log("-----------------------------------------Time Unit ");
 console.log("Previous Time Stamp ");


var test123 = function (data){
console.log("-----------------------------------------inside test123 ");
console.log(data)
alert("This is an alert" +data);

}

[3] https://datatables.net/manual/ajax

file 02: gadgetconf.js
===============

processData: function(data) {

console.log('data '+JSON.stringify(data));
 // in console of the browser (Ctrl+c) you see the content now as json data

console.log("------------------------");
test123(data);
console.log("------------------------");

}

main.js file (Loading graphinventor.js file first)
==========

       <!-- Custom -->
          <script src="js/graphinventor.js"></script>
          <script src="js/gadgetconf.js"></script>
          <script src="js/main.js"></script>

[2] Callback function is a function passed into another function.



Java Script Basics 


[1] Calling a function of another file from your javascript file

file 01:  graphinventor.js
=================

 console.log("-----------------------------------------Time Unit ");
 console.log("Previous Time Stamp ");


var test123 = function (data){
console.log("-----------------------------------------inside test123 ");
console.log(data)
alert("This is an alert" +data);

}

file 02: gadgetconf.js
===============

processData: function(data) {

console.log('data '+JSON.stringify(data));
 // in console of the browser (Ctrl+c) you see the content now as json data

console.log("------------------------");
test123(data);
console.log("------------------------");

}

main.js file (Loading graphinventor.js file first)
==========

       <!-- Custom -->
          <script src="js/graphinventor.js"></script>
          <script src="js/gadgetconf.js"></script>
          <script src="js/main.js"></script>

[2] Callback function is a function passed into another function.


Sunday, October 23, 2016

Json  Notes:  


Json Objects:


var me = {
"age" : "25",
"address" : "Kottawa",
"gender" : "male"
};


Json Arrays:


var family = [{
   "name" : "Dimuthu",
   "age" : "25",
   "gender" : "male"
},
{
   "name" : "Nadeesha",
   "age" : "25",
   "gender" : "male"
}];


JsonNeted Objects:


var family = {
   "Dimuthu" : {
       "sirname" : "Lanerolle",
       "age" : "25",
       "gender" : "male"
   },
   "Nadeesha" : {
       "sirname" : "Lanerolle",
       "age" : "25",
       "gender" : "male"
   }
}

Friday, October 21, 2016

Wso2 Server Error Tips
----------------------------

1. Starting wso2server gives below error ...

ERROR {org.opensaml.xml.XMLConfigurator} -  Can not create instance of org.opensaml.xml.schema.impl.XSAnyMarshaller
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at org.opensaml.xml.XMLConfigurator.createClassInstance(XMLConfigurator.java:360)
at org.opensaml.xml.XMLConfigurator.initializeObjectProviders(XMLConfigurator.java:240)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:182)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:166)
at org.opensaml.xml.XMLConfigurator.load(XMLConfigurator.java:143)
at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:224)
at org.opensaml.DefaultBootstrap.initializeXMLTooling(DefaultBootstrap.java:207)
at org.opensaml.DefaultBootstrap.bootstrap(DefaultBootstrap.java:100)
at org.apache.rahas.Rahas.init(Rahas.java:46)
at org.apache.axis2.context.ConfigurationContextFactory.initModules(ConfigurationContextFactory.java:252)
at org.apache.axis2.context.ConfigurationContextFactory.init(ConfigurationContextFactory.java:230)
at org.apache.axis2.context.ConfigurationContextFactory.createConfigurationContext(ConfigurationContextFactory.java:93)
at org.wso2.carbon.core.CarbonConfigurationContextFactory.createNewConfigurationContext(CarbonConfigurationContextFactory.java:65)
at org.wso2.carbon.core.init.CarbonServerManager.initializeCarbon(CarbonServerManager.java:398)
at org.wso2.carbon.core.init.CarbonServerManager.start(CarbonServerManager.java:219)
at org.wso2.carbon.core.internal.CarbonCoreServiceComponent.activate(CarbonCoreServiceComponent.java:94)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.dispatchEvent(BundleContextImpl.java:861)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:819)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:771)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:214)
at


Solution :

Download these 2 jars from Oracle and place inside Java\jdk1.7.0_10\jre\lib\security

[1] http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html








Sunday, October 9, 2016

Accessing H2 DB from the browser
----------------------------------------------

1. Navigate to  [Product_Home]/repository/conf/carbon.xml
2. Uncomment below.
 
  <H2DatabaseConfiguration>
        <property name="web" />
        <property name="webPort">8082</property>
        <property name="webAllowOthers" />
        <property name="webSSL" />
        <property name="tcp" />
        <property name="tcpPort">9092</property>
        <property name="tcpAllowOthers" />
        <property name="tcpSSL" />
        <property name="pg" />
        <property name="pgPort">5435</property>
        <property name="pgAllowOthers" />
        <property name="trace" />
        <property name="baseDir">${carbon.home}</property>
    </H2DatabaseConfiguration>


3. Navigate to your primary datasource which points to the H2 datasoure to identify username & password.

eg:

        <datasource>
            <name>WSO2_CARBON_DB</name>
            <description>The datasource used for registry and user manager</description>
            <jndiConfig>
                <name>jdbc/WSO2CarbonDB</name>
            </jndiConfig>
            <definition type="RDBMS">
                <configuration>
                    <url>jdbc:h2:./repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000</url>
                    <username>wso2carbon</username>
                    <password>wso2carbon</password>
                    <driverClassName>org.h2.Driver</driverClassName>
                    <maxActive>50</maxActive>
                    <maxWait>60000</maxWait>
                    <testOnBorrow>true</testOnBorrow>
                    <validationQuery>SELECT 1</validationQuery>
                    <validationInterval>30000</validationInterval>
                    <defaultAutoCommit>false</defaultAutoCommit>
                </configuration>
            </definition>
        </datasource>

4. Type in the browser-url        :      https://localhost:8280







Wednesday, September 21, 2016


Publishing API Runtime Statistics Using WSO2 DAS & WSO2 APIM
-------------------------------------------------------------------------------------------


Please note that for this tutorial I am using APIM 1.10.0 and DAS 3.0.1 versions.

WSO2 API Manager is a complete solution for designing and publishing APIs, creating and managing a developer community, and for securing and routing API traffic in a scalable way. It leverages proven components from the WSO2 platform to secure, integrate and manage APIs. In addition, it integrates with the WSO2 Analytics Platform, and provides out of the box reports and alerts, giving you instant insight into APIs' behavior.

In order for downloading WSO2 APIM click here.

WSO2 Data Analytics Server is a comprehensive enterprise data analytics platform; it fuses batch and real-time analytics of any source of data with predictive analytics via machine learning. It supports the demands of not just business, but Internet of Things solutions, mobile and Web apps.

In order for downloading WSO2 DAS click here.


Configuring WSO2 APIM
===================

1. Navigate to [APIM_HOME]/repository/conf/api-manager.xml and enable the below section.

<!-- For APIM implemented Statistic client for RDBMS -->

    <StatisticClientProvider>org.wso2.carbon.apimgt.usage.client.impl.APIUsageStatisticsRdbmsClientImpl</StatisticClientProvider>

2. Start APIM server. 

3. Login to dash-board. eg: https://localhost:9443/admin-dashboard. Select "Configure Analytics" & select enable checkbox. Configure as shown below.





Configuring WSO2 DAS
==================

1. In-order to prevent server startup conflicts we will start DAS with port offset value of 1.
To do so navigate to [DAS_HOME]/repository/conf and open carbon.xml file.

           <Offset>1</Offset>

2. Navigate to [DAS_HOME]/repository/conf/datasources/master-datasources.xml and add the below.

<datasource>
  <name>WSO2AM_STATS_DB</name>
  <description>The datasource used for setting statistics to API Manager</description>
  <jndiConfig>
    <name>jdbc/WSO2AM_STATS_DB</name>
    </jndiConfig>
  <definition type="RDBMS">
    <configuration>
      <url>jdbc:mysql://localhost:3306/TestStatsDB?autoReconnect=true&amp;relaxAutoCommit=true</url>
      <username>admin</username>
      <password>admin</password>
      <driverClassName>com.mysql.jdbc.Driver</driverClassName>
      <maxActive>50</maxActive>
      <maxWait>60000</maxWait>
      <testOnBorrow>true</testOnBorrow>
      <validationQuery>SELECT 1</validationQuery>
      <validationInterval>30000</validationInterval>
      </configuration>
    </definition>

</datasource>


** IMPORTANT
--------------------

Prio-adding this config you need to create a DB called 'TestStatsDB' in your mysql database &  and create required tables. To do so follow below instructions.

[1] Navigate to [APIM_HOME]/dbscripts/stat/sql  from your ubuntu console and select mysql.sql script.

type :   source [APIM_HOME]/dbscripts/stat/sql/mysql.sql

- Which will create the required tables for our scenario.

[2] Now navigate to [APIM_HOME]/repository/components/lib and add the required mysql connector jar from here.


Create / Publish / Invoke API
======================

1. Navigate to APIM Publisher and create an API. Publish it.

2. Navigate to APIM Store and subscribe to the API.

3. In the Publisher instance select created API and navigate to 'Implement' section and select

            Destination-Based Usage Tracking: enable





4. Invoke the API several times.


View API Statistics
==============


Navigate to APIM publisher instance. Select "Statistics" section. Enjoy !!!



PS ::

If you wanna do a load test scenario or just to play with Jmeter for your easy reference I have attached herewith a sample Jmeter script for 'Calculator API'.

<?xml version="1.0" encoding="UTF-8"?>
<jmeterTestPlan version="1.2" properties="2.8" jmeter="2.13 r1665067">
  <hashTree>
    <HTTPSamplerProxy guiclass="HttpTestSampleGui" testclass="HTTPSamplerProxy" testname="HTTP Request" enabled="true">
      <elementProp name="HTTPsampler.Arguments" elementType="Arguments" guiclass="HTTPArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
        <collectionProp name="Arguments.arguments"/>
      </elementProp>
      <stringProp name="HTTPSampler.domain">localhost</stringProp>
      <stringProp name="HTTPSampler.port">8280</stringProp>
      <stringProp name="HTTPSampler.connect_timeout"></stringProp>
      <stringProp name="HTTPSampler.response_timeout"></stringProp>
      <stringProp name="HTTPSampler.protocol"></stringProp>
      <stringProp name="HTTPSampler.contentEncoding"></stringProp>
      <stringProp name="HTTPSampler.path">/calc/1.0/subtract?x=33&amp;y=9</stringProp>
      <stringProp name="HTTPSampler.method">GET</stringProp>
      <boolProp name="HTTPSampler.follow_redirects">true</boolProp>
      <boolProp name="HTTPSampler.auto_redirects">false</boolProp>
      <boolProp name="HTTPSampler.use_keepalive">true</boolProp>
      <boolProp name="HTTPSampler.DO_MULTIPART_POST">false</boolProp>
      <stringProp name="HTTPSampler.implementation">HttpClient4</stringProp>
      <boolProp name="HTTPSampler.monitor">false</boolProp>
      <stringProp name="HTTPSampler.embedded_url_re"></stringProp>
    </HTTPSamplerProxy>
    <hashTree>
      <HeaderManager guiclass="HeaderPanel" testclass="HeaderManager" testname="HTTP Header Manager" enabled="true">
        <collectionProp name="HeaderManager.headers">
          <elementProp name="" elementType="Header">
            <stringProp name="Header.name">Authorization</stringProp>
            <stringProp name="Header.value">Bearer 2e431777ce280f385c30ac82c1e1f21c</stringProp>
          </elementProp>
        </collectionProp>
      </HeaderManager>
      <hashTree/>
    </hashTree>
  </hashTree>
</jmeterTestPlan>