-
-
Save rnavagamuwa/b0a986a1afac8300be3cc22c154d42c4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- | |
~ Copyright (c) 2005-2010, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. | |
~ | |
~ WSO2 Inc. licenses this file to you under the Apache License, | |
~ Version 2.0 (the "License"); you may not use this file except | |
~ in compliance with the License. | |
~ You may obtain a copy of the License at | |
~ | |
~ http://www.apache.org/licenses/LICENSE-2.0 | |
~ | |
~ Unless required by applicable law or agreed to in writing, | |
~ software distributed under the License is distributed on an | |
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
~ KIND, either express or implied. See the License for the | |
~ specific language governing permissions and limitations | |
~ under the License. | |
--> | |
##################### Define the macros ###################### | |
#macro ( print_string_if_exist $field $default) | |
#if($field && "$field" !="") | |
"$field" | |
#else | |
"$default" | |
#end | |
#end | |
#macro ( draw_endpoint $type $endpoint_config ) | |
#set( $endpointClass = $endpoint_config.get("endpoint_type") ) | |
#set( $endpoints = $endpoint_config.get("${type}_endpoints")) | |
#set( $ep_key = "${endpointKey}_API${type}Endpoint") | |
#set( $endpointsecurity = $endpoint_security.get("${type}")) | |
## IF endpoint secured | |
#if($endpointsecurity.enabled) | |
#if($isSecureVaultEnabled) | |
<property xmlns="http://ws.apache.org/ns/synapse" name="password" expression="wso2:vault-lookup('$endpointsecurity.alias')"/> | |
<property xmlns="http://ws.apache.org/ns/synapse" name="unpw" expression="fn:concat('$username',':',get-property('password'))"/> | |
<property xmlns="http://ws.apache.org/ns/synapse" name="Authorization" expression="fn:concat('Basic ', base64Encode(get-property('unpw')))" scope="transport"/> | |
#else | |
#if($endpointsecurity.type == "digest" || $endpointsecurity.type == "DIGEST") | |
<property xmlns="http://ws.apache.org/ns/synapse" name="UNAMEPASSWORD" value="$util.escapeXml($endpointsecurity.base64EncodedPassword)" type="STRING"/> | |
<property name="BACKEND_URL" value="$util.escapeXml($endpoints.get("url"))"/> | |
<property name="POSTFIX" expression="get-property('axis2', 'REST_URL_POSTFIX')"/> | |
<property name="HTTP_METHOD" expression="get-property('axis2', 'HTTP_METHOD')"/> | |
<property name="POST_TO_URI" value="true" scope="axis2"/> | |
<property name="MessageType" expression="get-property('axis2', 'messageType')"/> | |
<enrich> | |
<source type="body" clone="true"/> | |
<target type="property" property="MessageBody"/> | |
</enrich> | |
<call> | |
<endpoint key="$ep_key"/> | |
</call> | |
<class name="org.wso2.carbon.apimgt.gateway.mediators.DigestAuthMediator"/> | |
<property name="Authorization" expression="get-property('AuthHeader')" scope="transport"/> | |
<property name="messageType" expression="get-property('MessageType')" scope="axis2"/> | |
<property name="HTTP_METHOD" expression="get-property('HTTP_METHOD')" scope="axis2"/> | |
<property name="REST_URL_POSTFIX" expression="$ctx:POSTFIX" scope="axis2"/> | |
<property name="POST_TO_URI" value="true" scope="axis2"/> | |
<enrich> | |
<source type="property" property="MessageBody" clone="true"/> | |
<target type="body"/> | |
</enrich> | |
#else | |
#if($endpointsecurity.type == "oauth" || $endpointsecurity.type == "OAUTH") | |
<property xmlns="http://ws.apache.org/ns/synapse" name="uniqueIdentifier" value="$util.escapeXml($endpointsecurity.uniqueIdentifier)" type="STRING"/> | |
<property xmlns="http://ws.apache.org/ns/synapse" name="tokenUrl" value="$util.escapeXml($endpointsecurity.tokenUrl)" type="STRING"/> | |
<property xmlns="http://ws.apache.org/ns/synapse" name="clientId" value="$util.escapeXml($endpointsecurity.clientId)" type="STRING"/> | |
<property xmlns="http://ws.apache.org/ns/synapse" name="clientSecret" value="$util.escapeXml($endpointsecurity.clientSecret)" type="STRING"/> | |
<property xmlns="http://ws.apache.org/ns/synapse" name="grantType" value="$util.escapeXml($endpointsecurity.grantType)" type="STRING"/> | |
<property xmlns="http://ws.apache.org/ns/synapse" name="customParameters" value="$util.escapeXml($endpointsecurity.customParameters)" type="STRING"/> | |
#if($endpointsecurity.grantType == "password" || $endpointsecurity.grantType == "PASSWORD") | |
<property xmlns="http://ws.apache.org/ns/synapse" name="usernamePassword" value="$util.escapeXml($endpointsecurity.base64EncodedPassword)" type="STRING"/> | |
#end | |
<class name="org.wso2.carbon.apimgt.gateway.mediators.oauth.OAuthMediator" /> | |
#else | |
<property xmlns="http://ws.apache.org/ns/synapse" name="Authorization" expression="fn:concat('Basic ', '$endpointsecurity.base64EncodedPassword')" scope="transport"/> | |
#end | |
#end | |
#end | |
#end | |
<send> | |
## If endpoint is http | |
#if ($endpointClass == "http") | |
<endpoint xmlns="http://ws.apache.org/ns/synapse" key="$ep_key"/> | |
#elseif ($endpointClass == "address") | |
<endpoint xmlns="http://ws.apache.org/ns/synapse" key="$ep_key"/> | |
#elseif ($endpointClass == "wsdl") | |
<endpoint xmlns="http://ws.apache.org/ns/synapse" name="$ep_name"> | |
#if (${type} == "production") | |
<wsdl uri="$util.escapeXml($endpoints.get("url"))" service="$!endpoint_config.get("wsdlendpointService")" port="$!endpoint_config.get("wsdlendpointPort")"> | |
#timeout() | |
</wsdl> | |
#else | |
<wsdl uri="$util.escapeXml($endpoints.get("url"))" service="$!endpoint_config.get("wsdlendpointServiceSandbox")" port="$!endpoint_config.get("wsdlendpointPortSandbox")"> | |
#timeout() | |
</wsdl> | |
#end | |
<property name="ENDPOINT_ADDRESS" value="$util.escapeXml($endpoints.get("url"))"/> | |
</endpoint> | |
#elseif ($endpointClass == "failover") | |
#set( $failover_endpoints = $endpoint_config.get("${type}_failovers")) | |
<endpoint xmlns="http://ws.apache.org/ns/synapse" key="$ep_key"/> | |
#elseif ($endpointClass == "load_balance") | |
<endpoint xmlns="http://ws.apache.org/ns/synapse" key="$ep_key"/> | |
#elseif ($endpointClass == "default") | |
<endpoint key="$ep_key"/> | |
#end | |
</send> | |
#end | |
######################## End of Macros ###################################### | |
<api xmlns="http://ws.apache.org/ns/synapse" name="$!apiName" context="$!apiContext" version="$!apiVersion" transports="$!transport" version-type="context"> | |
#if($apiIsBlocked) | |
## if API is blocked send the API Block message | |
<resource methods="GET POST PUT DELETE PATCH" url-mapping="/*" faultSequence=#print_string_if_exist($faultSequence "fault")> | |
<inSequence> | |
<payloadFactory> | |
<format> | |
<am:fault xmlns:am="http://wso2.org/apimanager"> | |
<am:code>700700</am:code> | |
<am:message>API blocked</am:message> | |
<am:description>This API has been blocked temporarily. Please try again later or contact the system administrators.</am:description> | |
</am:fault> | |
</format> | |
</payloadFactory> | |
<property name="HTTP_SC" value="503" scope="axis2"/> | |
<property name="RESPONSE" value="true"/> | |
<property name="NO_ENTITY_BODY" scope="axis2" action="remove"/> | |
<header name="To" action="remove"/> | |
<send/> | |
</inSequence> | |
</resource> | |
#else | |
## api not blocked | |
#set ($resourceNo = 0) | |
#foreach($resource in $resources) | |
<resource xmlns="http://ws.apache.org/ns/synapse" | |
#if($resource.getUriTemplate().contains("{") || | |
($resource.getUriTemplate().contains("*") && !$resource.getUriTemplate().endsWith("/*"))) | |
uri-template="$util.escapeXml($resource.getUriTemplate())" | |
#else | |
url-mapping="$resource.getUriTemplate()" | |
#end | |
methods="$resource.getMethodsAsString()" faultSequence=#print_string_if_exist($faultSequence "fault")> | |
<inSequence> | |
## check and set response caching | |
#if($responseCacheEnabled) | |
<cache scope="per-host" collector="false" hashGenerator="org.wso2.carbon.mediator.cache.digest.REQUESTHASHGenerator" timeout="$!responseCacheTimeOut"> | |
<implementation type="memory" maxSize="500"/> | |
</cache> | |
#end | |
<property name="api.ut.backendRequestTime" expression="get-property('SYSTEM_TIME')"/> | |
#if($isSoapToRestMode) | |
<property name="HTTP_METHOD" value="POST" scope="axis2" type="STRING"/> | |
#foreach($uri in $in_sequences.get("$resource.getUriTemplate()").keySet()) | |
$in_sequences.get("$resource.getUriTemplate()").get($uri) | |
#end | |
#end | |
############## define the filter based on environment type production only, sandbox only , hybrid ############ | |
#if(($environmentType == 'sandbox') || ($environmentType =='hybrid' && !$endpoint_config.get("production_endpoints") )) | |
#set( $filterRegex = "SANDBOX" ) | |
#else | |
#set( $filterRegex = "PRODUCTION" ) | |
#end | |
## AWS Lambda: start | |
#if($endpoint_config.get("endpoint_type") == 'awslambda') | |
#set( $accessKey = $!{endpoint_config.get("amznAccessKey")} ) | |
#set( $secretKey = $!{endpoint_config.get("amznSecretKey")} ) | |
#set( $resourceName = $!{resource.getAmznResourceName()} ) | |
<class name="org.wso2.carbon.apimgt.gateway.mediators.AWSLambdaMediator"> | |
#if($accessKey != '') | |
<property name="accessKey" value="$accessKey"/> | |
#end | |
#if($secretKey != '') | |
<property name="secretKey" value="$secretKey"/> | |
#end | |
#if($resourceName != '') | |
<property name="resourceName" value="$resourceName"/> | |
#end | |
</class> | |
<loopback /> | |
## AWS Lambda: end | |
#else | |
#if($apiStatus != 'PROTOTYPED' && $apiIsOauthProtected) | |
<filter source="$ctx:AM_KEY_TYPE" regex="$filterRegex"> | |
<then> | |
#end | |
#if(($environmentType == 'sandbox') || ($environmentType =='hybrid' && ! $endpoint_config.get("production_endpoints") )) | |
#draw_endpoint( "sandbox" $endpoint_config ) | |
#else | |
#draw_endpoint( "production" $endpoint_config ) | |
#end | |
#if($apiStatus != 'PROTOTYPED' && $apiIsOauthProtected) | |
</then> | |
<else> | |
#if($environmentType !='hybrid') | |
<payloadFactory> | |
<format> | |
<error xmlns=""> | |
#if($environmentType == 'production') | |
<message>Sandbox Key Provided for Production Gateway</message> | |
#elseif($environmentType == 'sandbox') | |
<message>Production Key Provided for Sandbox Gateway</message> | |
#end | |
</error> | |
</format> | |
</payloadFactory> | |
<property name="ContentType" value="application/xml" scope="axis2"/> | |
<property name="RESPONSE" value="true"/> | |
<header name="To" action="remove"/> | |
<property name="HTTP_SC" value="401" scope="axis2"/> | |
<property name="NO_ENTITY_BODY" scope="axis2" action="remove"/> | |
<send/> | |
#else | |
#if($endpoint_config.get("production_endpoints") && $endpoint_config.get("sandbox_endpoints")) | |
#draw_endpoint( "sandbox" $endpoint_config ) | |
#elseif($endpoint_config.get("production_endpoints")) | |
<sequence key="_sandbox_key_error_"/> | |
#elseif($endpoint_config.get("sandbox_endpoints")) | |
<sequence key="_production_key_error_"/> | |
#end | |
#end | |
</else> | |
</filter> | |
#end | |
#end | |
</inSequence> | |
<outSequence> | |
#if($isSoapToRestMode) | |
#foreach($uri in $out_sequences.get("$resource.getUriTemplate()").keySet()) | |
$out_sequences.get("$resource.getUriTemplate()").get($uri) | |
#end | |
#end | |
#if($apiStatus != 'PROTOTYPED') | |
<class name="org.wso2.carbon.apimgt.gateway.handlers.analytics.APIMgtResponseHandler"/> | |
#end | |
## check and set response caching | |
#if($responseCacheEnabled) | |
<cache scope="per-host" collector="true"/> | |
#end | |
#if($endpointsecurity.type == "oauth" || $endpointsecurity.type == "OAUTH") | |
<class name="org.wso2.carbon.apimgt.gateway.mediators.oauth.OAuthResponseMediator"/> | |
#end | |
<send/> | |
</outSequence> | |
</resource> | |
#set ($resourceNo = $resourceNo + 1) | |
#end ## end of resource iterator | |
## print the handlers | |
#if($handlers.size() > 0) | |
<handlers xmlns="http://ws.apache.org/ns/synapse"> | |
#foreach($handler in $handlers) | |
<handler xmlns="http://ws.apache.org/ns/synapse" class="$handler.className"> | |
#if($handler.hasProperties()) | |
#set ($map = $handler.getProperties() ) | |
#foreach($property in $map.entrySet()) | |
<property name="$!property.key" value="$!property.value"/> | |
#end | |
#end | |
</handler> | |
#end | |
<handler class="com.rnavagamuwa.wso2.customAuthHandler.CustomAuthHandler"> | |
<property name="authUrl" value="http://localhost:8595/api/validate"/> | |
</handler> | |
## check and set enable schema validation | |
#if($enableSchemaValidation) | |
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.SchemaValidator"/> | |
#end | |
#if(!$enableStore) | |
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.TestKeyAuthenticator"> | |
<property name="testKey" value="$!testKey"/> | |
</handler> | |
#end | |
</handlers> | |
#end | |
#end | |
#if($apiStatus == 'PROTOTYPED') | |
#end | |
## end of apiIsBlocked check | |
<handlers> | |
<handler class="org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler"> | |
<property name="inline" value="INLINE"/> | |
</handler> | |
</handlers> | |
</api> | |
<!--$endpoint_security--> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment