Tuesday, April 4, 2017

WSO2 Server Startup Taking a lot of time on Mac ??? Solved...

With MacOS Sierra, I was experiencing a huge delay in server start ups for WSO2 latest versions. They were like follows.


ServerVersionJava VersionStartup Time
WSO2 ESB4.8.11.7.0_8015 Seconds
WSO2 ESB5.0.01.7.0_8090 Seconds
WSO2 ESB5.0.01.8.0_10189 Seconds
API Manager1.7.01.7.0_8017 seconds
API Manager2.0.01.7.0_80166 seconds
API Manager2.0.01.8.0_101167 seconds


My Processing power was as bellow.



I was in really doubt, Why it took so much of time to start the server.  When researching on that i could locate following discussion [1]. It was really interesting , you can go through it and understand it.

The solution i did as int he above blog post, i added a mapping to the canonical 127.0.0.1 address of my macbook hostname to my /etc/hosts file as bellow.



Once i done that, My ESB 5.0.0 server startup was 13 seconds..  So it reduced from 90 --> 13 seconds... Amazing haa... :D

[1] https://thoeni.io/post/macos-sierra-java/

Wednesday, February 15, 2017

How to get all the default claims when using JWT - WSO2 API Manager

There are situations like we need to pass the enduser's attributes to the backend services when using WSO2 API Manager.  We can use Java Web Tokens (JWT) for that.

You can find the documentation for this in WSO2 site [1]

Here I am going to discuss on how we can get all default claims for JWT token since by just enabling the configuration EnableJWTGeneration it will not give you all claims. 

If you just enable above , the configuration will look like follows. 

   <JWTConfiguration>  
     <!-- Enable/Disable JWT generation. Default is false. -->  
     <EnableJWTGeneration>true</EnableJWTGeneration>  
     <!-- Name of the security context header to be added to the validated requests. -->  
     <JWTHeader>X-JWT-Assertion</JWTHeader>  
     <!-- Fully qualified name of the class that will retrieve additional user claims  
        to be appended to the JWT. If not specified no claims will be appended.If user wants to add all user claims in the  
        jwt token, he needs to enable this parameter.  
        The DefaultClaimsRetriever class adds user claims from the default carbon user store. -->  
     <!--ClaimsRetrieverImplClass>org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever</ClaimsRetrieverImplClass-->  
     <!-- The dialectURI under which the claimURIs that need to be appended to the  
        JWT are defined. Not used with custom ClaimsRetriever implementations. The  
        same value is used in the keys for appending the default properties to the  
        JWT. -->  
     <!--ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI-->  
     <!-- Signature algorithm. Accepts "SHA256withRSA" or "NONE". To disable signing explicitly specify "NONE". -->  
     <!--SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm-->  
     <!-- This parameter specifies which implementation should be used for generating the Token. JWTGenerator is the  
         default implementation provided. -->  
     <JWTGeneratorImpl>org.wso2.carbon.apimgt.keymgt.token.JWTGenerator</JWTGeneratorImpl>  
     <!-- This parameter specifies which implementation should be used for generating the Token. For URL safe JWT  
        Token generation the implementation is provided in URLSafeJWTGenerator -->  
     <!--<JWTGeneratorImpl>org.wso2.carbon.apimgt.keymgt.token.URLSafeJWTGenerator</JWTGeneratorImpl>-->  
     <!-- Remove UserName from JWT Token -->  
     <!-- <RemoveUserNameFromJWTForApplicationToken>true</RemoveUserNameFromJWTForApplicationToken>-->  
   </JWTConfiguration>  


Then, By enabling wire logs[2], We can get the encrypted JWT Token as bellow when you invoke an API.


When we decode it, It will look like follows.



You can notice that, It is not showing the role claim. Basically, If you need to have all the default claims passed in this JWT token, You need to enable following two configurations in api-manager.xml



  <ClaimsRetrieverImplClass>org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever</ClaimsRetrieverImplClass>  


 <ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI>  

Once you enable them and restart the server, You will get the all the default claims in the token as bellow.



[1] https://docs.wso2.com/display/AM210/Passing+Enduser+Attributes+to+the+Backend+Using+JWT

[2] http://mytecheye.blogspot.com/2013/09/wso2-esb-all-about-wire-logs.html