[Apiman-user] applications without plans?
Eric Wittmann
eric.wittmann at redhat.com
Wed Oct 14 13:44:58 EDT 2015
> Yes, I understand why that is necessary.
> This is because the service is being called directly through the service
> owner's "path". e.g.
> /apiman-gateway/ServiceOwnerOrg/service/1.0
> Might it (in principle) be possible to access the service through the
> the application owners "path" e.g
> /apiman-gateway/AppOwnerOrg/AppName/ServiceOwnerOrg/service/1.0
Not at present. It's technically possible, but would require some core
changes to how the gateway processes the inbound request.
> Yes, that might work. A sort of delegating authenticator that delegates
> to the appropriate realm based on a header param.
> But it would not allow each organisation to provide custom policies.
> e.g. I have in mind that an individual organisation might want to add
> user based rate limiting to prevent one of its users using all the
> organisation's quota.
One possibility is that each Organization that wants to 'consume' the
service could create their own version of it. This would allow each Org
to configure the service with whatever policies are necessary. Each
org's service would simply point to managed endpoint of the canonical
service in apiman.
For example:
* Organization "Foo" publishes a public service named "bar"
-> the Implementation endpoint is set to http://real-api.com/bar
-> service is configured with some policies, optionally
* Organization "A" publishes a public service named "bar"
-> the Implementation endpoint is set to
http://apiman:8080/apiman-gateway/Foo/bar/1.0
-> org-specific policies can be configured here
* Organization "B" does the *same* thing that A did, but with different
policies
* Organization "C" does the *same* thing that A did, but with different
policies
* Etc
Note: apiman 1.1.8.Final has a bug in the CachingESRegistry which will
actually cause the above to fail, but it will work fine in 1.1.9.Final
-Eric
More information about the Apiman-user
mailing list