Introduction WSO2 and Liferay
WSO2 is an open source full life cycle API management solution that can be run anywhere. It can be deployed on-premise, in a private cloud, is available as a cloud service, or deployed hybrid, where its components can be deployed and deployed across multiple cloud infrastructures and onsite.
It is made up of a cloud-native API gateway and provides a Kubernetes operator to easily convert raw microservices into managed APIs.
API Manager integrates with service meshes and provides a complete management plane and a control plane to manage, monitor, and monetize APIs and API products.
Liferay is an open-source system, which is mainly used to enable the corporate extranet and intranet, such as a web application framework or content management framework (CMS).
Uses a language in Java, allows extensive support for extensions and plugins that allow proper integration into CMT
WSO2 together with Liferay allows the coordinated integration of services by completing the functionality as a CMS keeping both dynamic and dynamic pages editable, displaying corporate information, the specific rate system, its simplified update by means of a dashboard, implementation of third-party information services by part of API using WSO2 dynamically, and also the information of alerts through API that updates the platform dynamically, configurable forms or connecting with third-party services, implementation of route plans through Open Trip, Open Streets, Nominatim and Photon, multi-language and with a back-office that allows the configuration of portlets, structures, and templates.
Description of WS02
The open-source manager is a complete enterprise-class API management solution that combines easy API access and full control.
It is an API management system reusable by the different CTM systems and interconnected with the already developed Liferay system through communication channeling and monitoring.
Key points of the system:
- Security: Requires execution tokens compatible with the OAuth2 standard.
- Flow Control: Validates API execution quotas defined at multiple levels.
- Analytics: Stores events, launches real-time alerts, and performs batch analysis for query tables of key indicators.
- Ease of Publication: Application of Management of the complete life cycle of API
- Ease of Consumption: Application of API Store with tools to promote the developer community.
From an architectural point of view it is made up of the following components:
- Publisher (Backoffice Application): API publishing application.
- Developer Portal (The API marketplace): API consumer application.
- Gateway (API runtime): Component that verifies conditions and sends the request to the backend.
- Key Manager (API key management): Token validation component.
- Analytics (API Analytics & alerts): Event reception and analysis component.
- Traffic Manager (API throttling & traffic management): Execution quota validation component.
WSO2 is licensed under Apache version 2 (open source) with a broad international and Spanish-speaking community that was created in 2006.
One of the highlights of WS02 is the ability to custom design APIs with short development cycles. being able to collect comments from the developers themselves before implementing (API Fist Design). The design of the APIs can be done from the publishing interface facilitating intuitive development or by importing OpenAPI and Swagger.
APIs in their initial prototype life cycle can offer controlled access through a user-level system to do limited live testing, additionally, a simulated implementation can be done using JavaScript.
WSO2 allows the publication of REST, SOAP, JSON, and XML style services as API, additionally you can use the GraphQL service as a managed API, use preferred IDE and CI / CD tools for quality control with continuous development and testing.
This system allows to publish the API and regulate its use in a controlled way, implementing in Kubernetes using its specific operator, or in Istio for the service mesh, it can publish APIs with multilevel endpoints and having complex functionality such as subscriptions, creation of applications and Generally, customizable workflows with application management and access with level-restricted visibility control, with evolving lifecycles that allow for organic creation, publishing, locking, or retiring of versions.
Key points of the system:
- Publish APIs and API products for 3rd parties
- Creation of different gateways in the API
- Use of security OAuth2.0, OIDC, authentication by API key, TLS, among others, using JSON tokens that restrict access to domains or IP avoiding attacks, define custom security policies
- Implementation of measures to detect abnormal system use through artificial intelligence and machine learning.
- Traffic management allowing resources to be scaled through gateways in the API that routes traffic from applications to services.
- Scalability through microservices architecture by Microgateway.
In conclusion, it is a horizontally and vertically scalable system with easy deployment via cluster protocols using community-proven routing infrastructure, ensuring not only continuous evolutionary development but also high performance with minimal latency and security of the services and control and monitoring of use.
Integration WS02 and Keycloak
Keycloak is an open-source software product that makes the following functionalities available to applications and services:
- Single-Sign-On and Single-Sign Out for web applications and Apps.
- OpenID Connect, OAuth 2.0 and SAML support.
- Identity Brokering — Authentication via external OpenID connector or SAML Identity Providers.
- Social Login — Enable login management Google, GitHub, Facebook, Twitter, and other social media solutions.
- User Federation — Synchronization of users from LDAP and Active Directory servers or RDBMS.
- Kerberos bridge — Automatically authenticate users who are logged on to a Kerberos server.
- Administration console for centralized management of users, roles, role/user mapping, clients (applications), and configuration.
- Account management console that allows users to centrally manage their accounts.
- Theme support — Personalize all the pages of the different workflows (login, account, admin, email, and welcome).
- Two-factor Authentication — Support for TOTP / HOTP via Google Authenticator or FreeOTP.
- Login flows — configurable login flow in a single click, optional user self-registration, password recovery, email verification, mandatory password update, etc.
- Session management — Administrators and users themselves can view and manage user sessions.
- Token mappers — Mapping of the attributes of users, roles, etc., as one wishes in the token. Let's enrich the token.
- Revocation policies for realm, applications, and users.
- CORS Support — Client adapters that have incorporated support for CORS.
- Service Provider Interfaces (SPI) — an SPI framework that allows customization of various aspects of the server. Authentication flows, user federation providers, protocol mappers, and much more.
- Client adapters for JavaScript applications, WildFly servers, JBoss EAP, Fuse, Tomcat, Jetty, Spring, etc.
The integration of WS02 and Keycloack allows the extension of the functionality as an identity provider in a more secure way by means of federated identity providers, which reduces development time and server loads by not requiring implementation in Java, as with WS02, in the case of the use of federated identities WSO2 will work as the key manager, generating the token and managing, but the authentication by Keycloak and the authorization by means of WSO2
The system will be used additionally as manager of the keys of third parties, allowing an additional layer of security in which the KeyManager and KeyValidator interface will be used, controlling key management, authentication and authorization, and all roles. In this case, implementation via Java is necessary.
The key point of this configuration is to enable the combination of WSO2 with Keycloak as an interconnected system whereby in the WSO2 configuration panel the SSO will be configured to work with the OpenID-Connect client in Keycloack, generating the federated identity.
In conclusion, this integration will allow multiprotocol interconnectivity through the integration of the Liferay + WSO2 + Keycloak ecosystem. WSO2
Monitoring
allows to collect data streams in real-time, being able to easily observe, accumulate and process data from multiple simultaneous streams with the objective to detect patterns of behavior or inspect results from different levels of focus:
- Real-time (alerts): analysis and correlation of data from various sources to detect anomalies, monitoring of KPI compliance or detection of fraud, being instantly informed through alerts.
- Batch processing: operations and techniques to summarize and add data.
- Predictive: Based on past data, being able to predict the future by creating machine learning models and being able to predict future events based on past events.
- Interactive (queries): Data collected and processed is analyzed through queries.
WSO2 supports both batch and real-time processing. The processing engine can monitor up to 100k events per second with high availability, zero data loss, and zero downtime. It supports complex sequences and processes of event processing such as filters, sequence aggregations, patterns, non-occurrence or anomaly detection, being able us to correlate and analyze millions of events per second in real-time.
Transformations and legacy systems
With continuous evolutionary development, the service provider may have specific attributes in which the user may have an old or incomplete identifier, in this case, the identity bus can transform the call received by the service provider. identity and adapt it to the format required by the system.
With this system of transformations, we can guarantee compatibility during the evolutionary development of the different systems, reducing the possibility of denials of service or errors due to changes in the systems.
Integration of WSO2 with Swagger
Swagger enables developers to describe the API message, generating API schema documentation, and simplify connecting clients to APIs.
Through keys WSO2 API Manager will integrate the Swagger code, allowing the following functionality in development:
- Open-source with numerous functional modules:
- free collection of HTML, Javascript, and CSS asset dependencies that dynamically generate documentation
- definition in the annotations and the logic of Java to automatically generate a JSON description
- template-based engine to generate code in different languages allowing the use of Spanish and Majorcan
- Swagger node.js provides Swagger JSON automatically generated for node.js
WSO2 API Manager 1.4 is compatible with Swagger. With the Swagger integration, WSO2 API Manager 1.4 loads the Swagger user interface for each API and will display the automatically generated documentation. The API creator or publisher can customize the API parameters and documentation.
References:
https://www.yenlo.com/wso2/wso2-api-manager
https://dzone.com/articles/swagger-wso2-api-manager
https://docs.wso2.com/display/EI660/Generating+an+API+using+Swagger
https://docs.wso2.com/display/AM210/Create+and+Publish+an+API+from+Swagger+definition
https://docs.wso2.com/display/IntegrationPatterns/Message+Transformation
https://www.chakray.com/es/wso2-ei-tutorial-message-transformers-and-builders/
https://es.slideshare.net/wso2.org/desafiando-las-transformaciones-con-wso2-esb
