Skip to main content

[WSO2 AM] APIStore User Signup as an approval process

In previous versions of WSO2 APIManager before 1.6.0, it was allowed any user who's accessible the running APIStore come and register to the app.But there will be requirement like,without allowing any user to signup by him/her self alone,first get an approve by a privileged user and then allow to complete app registration.Same requirement can be apply to application creation and subscription creation as well.To fulfill that,we have introduced workflow extension support for WSO2 APIManager and you can find the introductory post on this feature from my previous blog post on "workflow-extentions-with-wso2-am-160".

From this blog-post,I'll explain how to achieve simple workflow integration with default shipped resources with  WSO2 APIManager 1.6.0 and WSO2 Business Process Server 3.1.0 with targeting "user-signup" process.

Steps

  • First download the WSO2 APIManager 1.6.0[AM] binary pack from product download page.
  • Extract it and navigate to {AM_Home}/business-processes directory.You'll be find three sub-directories and browse "user-signup"  directory.You'll notice a bpel and a human task exist inside it.These bpel and human task created with WSO2 Business Process Server 3.1.0 and try downloading BPS 3.1.0 from product download page and extract it.
  • For further references,we'll keep APIM offset value as 0 and BPS offset value as 2 
              For BPS ->Change 2 in carbon.xml [{BPS_Home}/repository/conf]
              For AM- >Keep the default value
  • Copy /epr directory found in {AM_Home}/business-processes directory in to repository/conf folder of Business Process Server.
  • Then copy the UserApprovalTask-1.0.0.zip file located at {AM_Home}/business-processes/user-signup/HumanTask to {BPS_Home}repository/deployment/server/humantasks directory.
  • Then copy the UserSignupApprovalProcess_1.0.0.zip file located at {AM_Home}/business-processes/user-signup/BPEL to {BPS_Home}repository/deployment/server/bpel directory.
  • Then start Business Process Server 3.1.0 [BPS].Once you login to BPS management console,you'll see the BPEL and Human Task are successfully deployed in BPS as follow.
deployed user-signup bpel

deployed user-signup human task

  • Now,we have configured BPS server and it's time to configure AM with enabling triggering the BPS side deployed user-signup process.
  • Edit WSO2 APImanager configuration file to enable web service based workflow execution. For this we need to edit api-manager.xml located inside {AM_Home}/repository/conf.All work flow related configurations are located inside configuration section. Replace the existing content for WorkFlowExtension section for user-signup as follows. 
   <UserSignUp executor="org.wso2.carbon.apimgt.impl.workflow.UserSignUpWSWorkflowExecutor">
           <Property name="serviceEndpoint">http://localhost:9765/services/UserSignupProcess</Property>
           <Property name="username">admin</Property>
           <Property name="password">admin</Property>
           <Property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</Property>
      </UserSignUp>



  • Then start the AM server.Browse for APIStore [https://localhost:9443/store].Try registering a new user from signup link shown in /Store page.Say a user called lalaji tries to register as an APIStore subscriber.


  • Once the user submit user signup data a message similar to below saying "User account awaiting Administrator approval" will popup.




  • If the user lalaji try to login ,it will failed as still the user-signup process hasn't completed and it's waiting until get the approval from administrator.  


  • However,now the related business process has been triggered. You can view the created process instance by navigating to BPS management console [https://localhost:9445/carbon] and click on left menu Business Processes- >Instances as shown below.

  • The BPEL,we deployed in WSO2 BPS is having a simple flow as below.
trigger the process -> Execute the Human Task [Approve/Reject] ->Send response to APIM callback endpoint

  • Now the question coming,how we can execute the human task.Do we provide a custom UI to do this in WSO2 BPS side? No,but we have introduced a new web app called workflow-admin in APIM side to achieve this. 
  • Navigate to workflow-admin [https://localhost:9443/workflow-admin] web app from web browser and try login as a user who's having admin rights.
         NOTE- In the sample human task we written,we have allowed only to users having  admin  role to able to approve/disapprove task requests.So by default,only the users with admin  role will able to login to workflow-admin app.But if you need to plug your own bpel   and human task to APIM with allowing different user roles to accept/reject task requests he       still can use the new human task with this web app and the task allowed role can be                 configurable from web app itself.

And make sure,to share the users-stores between WSO2 AM and WSO2 BPS 

  • Once a user with admin role login to workflow-admin web app,he would see the pending tasks list which are waiting for approval by admin users.The logged in user can assign it to him,start the task then approve/reject the task request and finally complete the task.







  • Let's say,admin user approved above requested task from workflow-admin UI. Then the triggered process will be completed with calling the APIM callback endpoint and then the signup request sent user could able to login to APIStore successfully.


In similar manner,you can try the default shipping BPELs for subscription process and application creation process triggerred from APIStore UI as well.For more info,please refer the readme.txt located at {AM_Home}/business-processes directory.

NOTE- You can create your own bpels and human tasks with different flows on WSO2 BPS and then use with APIM.You can find more information on how to write business processes with WSO2 BPS,by reffering [1,2].

Additionally,you can plug your own custom workflow executor to APIM without using WSO2 BPS.For that please refer [3].

Comments

Popular posts from this blog

Convert an InputStream to XML

For that we can use DocumentBuilder class in java. By using the method parse(InputStream) ; A new DOM Document object will return. InputStream input; DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilder parser = factory.newDocumentBuilder(); Document dc= parser.parse(input); In the above code segment,by using the created Document object,the corresponding XML file for the inputStream can be accessed. References: http://www.w3schools.com/dom/dom_intro.asp http:// download.oracle.com/javase/1.4.2/docs/api/javax/xml/parsers/DocumentBuilder.html

Concat two xml values with XSLT

The use-case described in this blog-post,is there's an WSO2 ESB node setup to proxy an incoming message to a particular back-end endpoint.  Before delivering the message to the back-end endpoint,from the ESB node itself,this incoming message need to processed and change its inside xml payload format. For eg: Below is the incoming message <?xml version="1.0" encoding="UTF-8"?> <CinemaHall name="liberty"> <OwnerData> <Name>John Smith</Name> <openedDate>12/12/80</openedDate> <quality>good</quality> </OwnerData> <CinemaHallData> <rows>100</rows> <seats> <seat>50</seat> <seat>60</seat> </seats> </CinemaHallData> </CinemaHall> This message need to be changed as  below; <?xml version="1.0" encoding="UTF-8"?> <CinemaHall name="liberty"...

Passing end-user details from client to real backend endpoint via JWT token

In real-world business system,WSO2 API Manager useful on exposing company APIs, in a secured and controlled manner with the features provided by APIManager as; OAuth support [To secure API invocations] Throttling support [To control API invocations] Monitoring support [To track API usage] More technically what happening is when a user sends a particular API request,it will goes to WSO2 APIManager node and from there,the request will route to the real implemented back-end endpoint of the particular API and get back the response and returned it to the API invoked user. There can be a use-case,that this back-end endpoint may expect the details of API invoked user as to pass those details to some internal company usage  as; Additional authentication/authorization Track usage data from an internal system. So how to support above requirement from WSO2 AM. There comes the use of JSON Web Token[JWT] implementation done inside WSO2 AM. JWT is a means of representing claims to...