community/product-iots
1
0
Fork 0
mirror of https://repository.entgra.net/community/product-iots.git synced 2025-09-16 23:32:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
155867b334
product-iots/modules/distribution/src/repository/conf/api-manager.xml

546 lines
21 KiB
XML
Executable File
Raw Blame History

<?xml version="1.0"?>
<!--
~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<APIManager>
<!--
JNDI name of the data source to be used by the API publisher, API store and API
key manager. This data source should be defined in the master-datasources.xml file
in conf/datasources directory.
-->
<DataSourceName>jdbc/WSO2AM_DB</DataSourceName>
<!-- This parameter is used when adding api management capability to other products like GReg, AS, DSS etc.-->
<GatewayType>None</GatewayType>
<!-- This parameter is used to enable the securevault support when try to publish endpoint secured APIs. Values should be "true" or "false".
By default secure vault is disabled.-->
<EnableSecureVault>false</EnableSecureVault>
<!--
Database configuration used by API publisher, API store and API key manager.
When these components are deployed separately, each of them should have
separate database configurations pointing to the same physical database.
-->
<!--Database-->
<!--
JDBC connection string for the database.
-->
<!--<URL>jdbc:h2:repository/database/WSO2AM_DB</URL> -->
<!--
JDBC username for the database.
-->
<!--<Username>wso2carbon</Username>-->
<!--
JDBC password for the database.
-->
<!--<Password>wso2carbon</Password>
JDBC driver for the database.
-->
<!--<Driver>org.h2.Driver</Driver>
</Database>-->
<!--
Authentication manager configuration for API publisher and API store. This is
a required configuration for both web applications as their user authentication
logic relies on this.
-->
<AuthManager>
<!--
Server URL of the Authentication service
-->
<ServerURL>https://${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}/services/</ServerURL>
<!--
Admin username for the Authentication manager.
-->
<Username>admin</Username>
<!--
Admin password for the Authentication manager.
-->
<Password>admin</Password>
</AuthManager>
<!--
Configuration parameters for the API authentication handler. This is an optional
configuration for the API Gateway component.
-->
<APIConsumerAuthentication>
<!--
Name of the security context header to be added to the validated requests.
-->
<SecurityContextHeader>X-JWT-Assertion</SecurityContextHeader>
<!--
Fully qualified name of the class that will retrieve additional user claims
to be appended to the JWT. If not specified no claims will be appended.If user wants to add all user claims in the
jwt token, he needs to enable this parameter.
The DefaultClaimsRetriever class adds user claims from the default carbon user store.
-->
<!--ClaimsRetrieverImplClass>org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever</ClaimsRetrieverImplClass-->
<!--
The dialectURI under which the claimURIs that need to be appended to the
JWT are defined. Not used with custom ClaimsRetriever implementations. The
same value is used in the keys for appending the default properties to the
JWT.
-->
<!--ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI-->
<!--
Signature algorithm. Accepts "SHA256withRSA" or "NONE". To disable signing explicitly specify "NONE".
-->
<!--SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm-->
<!--
Enable/Disable JWT generation. Default is false.
-->
<!--EnableTokenGeneration>false</EnableTokenGeneration-->
<!--
Remove OAuth headers from outgoing message or keep with it.
-->
<!--RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeadersFromOutMessage-->
</APIConsumerAuthentication>
<!-- Primary/secondary login configuration for APIstore. If user likes to keep two login attributes in a distributed setup, to login the APIstore,
he should configure this section. Primary login doesn't have a claimUri associated with it. But secondary login, which is a claim attribute,
is associated with a claimuri.-->
<!-- <LoginConfig>
<UserIdLogin primary="true">
<ClaimUri></ClaimUri>
</UserIdLogin>
<EmailLogin primary="false">
<ClaimUri>http://wso2.org/claims/emailaddress</ClaimUri>
</EmailLogin>
</LoginConfig>-->
<!--
Credentials for the API gateway admin server. This configuration
is mainly used by the API publisher and store to connect to the API gateway and
create/update published API configurations.
-->
<APIGateway>
<!-- The environments to which an API will be published -->
<Environments>
<!-- Environments can be of different types. Allowed values are 'hybrid', 'production' and 'sandbox'.
An API deployed on a 'production' type gateway will only support production keys
An API deployed on a 'sandbox' type gateway will only support sandbox keys
An API deployed on a 'hybrid' type gateway will support both production and sandbox keys -->
<Environment type="hybrid">
<Name>Production and Sandbox</Name>
<!--
Server URL of the API gateway.
-->
<ServerURL>https://${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}/services/</ServerURL>
<!--
Admin username for the API gateway.
-->
<Username>admin</Username>
<!--
Admin password for the API gateway.
-->
<Password>admin</Password>
<!--
Endpoint URLs for the APIs hosted in this API gateway.
-->
<GatewayEndpoint>http://${carbon.local.ip}:${mgt.transport.http.port},https://${carbon.local.ip}:${mgt.transport.https.port}</GatewayEndpoint>
</Environment>
</Environments>
<!--
Enable/Disable token caching at gateway node.
-->
<EnableGatewayKeyCache>true</EnableGatewayKeyCache>
<!--
Enable/Disable API resource caching at gateway node.
-->
<EnableGatewayResourceCache>true</EnableGatewayResourceCache>
<!-- Header name can be configurable, as you preferred. When API invocation is restricted to access only for authorized domains,
client request should send his domain, as the value of this header.
-->
<ClientDomainHeader>referer</ClientDomainHeader>
</APIGateway>
<!--
Enable/Disable Usage metering and billing for api usage
-->
<EnableBillingAndUsage>false</EnableBillingAndUsage>
<!--
API usage tracker configuration used by the BAM data publisher and
Google Analytics publisher in API gateway.
-->
<APIUsageTracking>
<!--
Enable/Disable the API usage tracker.
-->
<Enabled>false</Enabled>
<!--
API Usage Data Publisher.
-->
<PublisherClass>org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher</PublisherClass>
<!--
Thrift port of the remote BAM server.
-->
<ThriftPort>7612</ThriftPort>
<!--
Server URL of the remote BAM/CEP server used to collect statistics. Must
be specified in protocol://hostname:port/ format.
An event can also be published to multiple Receiver Groups each having 1 or more receivers. Receiver
Groups are delimited by curly braces whereas receivers are delimited by commas.
Ex - Multiple Receivers within a single group
tcp://localhost:7612/,tcp://localhost:7613/,tcp://localhost:7614/
Ex - Multiple Receiver Groups with two receivers each
{tcp://localhost:7612/,tcp://localhost:7613},{tcp://localhost:7712/,tcp://localhost:7713/}
-->
<BAMServerURL>tcp://localhost:7612/</BAMServerURL>
<!--
Administrator username to login to the remote BAM server.
-->
<BAMUsername>admin</BAMUsername>
<!--
Administrator password to login to the remote BAM server.
-->
<BAMPassword>admin</BAMPassword>
<!--
JNDI name of the data source to be used for getting BAM statistics.This data source should
be defined in the master-datasources.xml file in conf/datasources directory.
-->
<!--DataSourceName>jdbc/WSO2AM_STATS_DB</DataSourceName-->
<!--
Data publishing stream names and versions of API requests, responses and faults. If the default values
are changed, the toolbox also needs to be changed accordingly.
-->
<Streams>
<Request>
<Name>org.wso2.apimgt.statistics.request</Name>
<Version>1.0.0</Version>
</Request>
<Response>
<Name>org.wso2.apimgt.statistics.response</Name>
<Version>1.0.0</Version>
</Response>
<Fault>
<Name>org.wso2.apimgt.statistics.fault</Name>
<Version>1.0.0</Version>
</Fault>
<Destination>
<Name>org_wso2_apimgt_statistics_destination</Name>
<Version>1.0.0</Version>
<BAMProfileName>bam-profile</BAMProfileName>
</Destination>
<Throttle>
<Name>org.wso2.apimgt.statistics.throttle</Name>
<Version>1.0.0</Version>
</Throttle>
<Workflow>
<Name>org.wso2.apimgt.statistics.workflow</Name>
<Version>1.0.0</Version>
</Workflow>
</Streams>
</APIUsageTracking>
<!--
API key validator configuration used by API key manager (IS), API store and API gateway.
API gateway uses it to validate and authenticate users against the provided API keys.
-->
<APIKeyValidator>
<!--
Server URL of the API key manager
-->
<ServerURL>https://${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}/services/</ServerURL>
<!--
Admin username for API key manager.
-->
<Username>admin</Username>
<!--
Admin password for API key manager.
-->
<Password>admin</Password>
<!--
Enable/Disable JWT caching.
-->
<EnableJWTCache>false</EnableJWTCache>
<!--
Enable/Disable API key validation information caching at key-management server
-->
<EnableKeyMgtValidationInfoCache>false</EnableKeyMgtValidationInfoCache>
<!--
Configurations related to enable thrift support for key-management related communication.
If you want to switch back to Web Service Client, change the value of "KeyValidatorClientType" to "WSClient".
In a distributed environment;
-If you are at the Gateway node, you need to point "ThriftClientPort" value to the "ThriftServerPort" value given at KeyManager node.
-If you need to start two API Manager instances in the same machine, you need to give different ports to "ThriftServerPort" value in two nodes.
-ThriftServerHost - Allows to configure a hostname for the thrift server. It uses the carbon hostname by default.
-->
<KeyValidatorClientType>ThriftClient</KeyValidatorClientType>
<ThriftClientPort>10397</ThriftClientPort>
<ThriftClientConnectionTimeOut>10000</ThriftClientConnectionTimeOut>
<ThriftServerPort>10397</ThriftServerPort>
<!--ThriftServerHost>localhost</ThriftServerHost-->
<EnableThriftServer>true</EnableThriftServer>
<!--
Scope used for marking Application Tokens. If a token is generated with this scope, they will be treated as Application Access Tokens
-->
<ApplicationTokenScope>am_application_scope</ApplicationTokenScope>
<!--
Specifies the implementation to be used for KeyValidationHandler. Steps for validating a token can be controlled by plugging in a custom KeyValidation Handler
-->
<KeyValidationHandlerClassName>org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler</KeyValidationHandlerClassName>
<!--
This parameter is used to specify Thrift server host name. In a distributed deployment we must set this parameter
if keymanager running on separate machine. Gateway use this parameter to connect key validation thrift service
-->
<!--ThriftServerHost>127.0.0.1</ThriftServerHost-->
<!--
Remove UserName from JWT Token
-->
<!-- <RemoveUserNameFromJWTForApplicationToken>true</RemoveUserNameFromJWTForApplicationToken>-->
<!-- Name of the token API -->
<TokenEndPointName>/oauth2/token</TokenEndPointName>
<!-- This the API URL for revoke API. When we revoke tokens revoke requests should go through this
API deployed in API gateway. Then it will do cache invalidations related to revoked tokens.
In distributed deployment we should configure this property in key manager node by pointing
gateway https url. Also please note that we should point gateway revoke service to key manager
-->
<RevokeAPIURL>https://${carbon.local.ip}:${https.nio.port}/revoke</RevokeAPIURL>
<!-- Whether to encrypt tokens when storing in the Database
Note: If changing this value to true, change the value of <TokenPersistenceProcessor> to
org.wso2.carbon.identity.oauth.tokenprocessor.EncryptionDecryptionPersistenceProcessor in the identity.xml -->
<EncryptPersistedTokens>false</EncryptPersistedTokens>
<ScopeWhitelist>
<Scope>device_scope</Scope>
</ScopeWhitelist>
</APIKeyValidator>
<!--
Settings related to managing API access tiers.
-->
<TierManagement>
<!--
Enable the providers to expose their APIs over the special 'Unlimited' tier which
basically disables tier based throttling for the specified APIs.
-->
<EnableUnlimitedTier>true</EnableUnlimitedTier>
</TierManagement>
<!--
Use this configuration to control the self-sign-up capability in API store.
-->
<SelfSignUp>
<!--
Enable or disable the self-sign-up feature.
-->
<Enabled>true</Enabled>
<!--
Self signed up users should be associated with a suitable subscriber
role for them to be able to access the API store portal. This required
parameter specifies which role should be used for that purpose. The role
specified here must have the '/permission/admin/manage/api/subscribe'
permission.
-->
<SubscriberRoleName>subscriber</SubscriberRoleName>
</SelfSignUp>
<!--
Use this configuration to control the number of APIs shown in API store.
-->
<APIStore>
<!--This property is used to indicate how we do user name comparision for token generation https://wso2.org/jira/browse/APIMANAGER-2225-->
<CompareCaseInsensitively>true</CompareCaseInsensitively>
<DisplayURL>false</DisplayURL>
<URL>https://${carbon.local.ip}:${mgt.transport.https.port}/store</URL>
<!--
This parameter specifies whether to display multiple versions of same
API or only showing the latest version of an API.
-->
<DisplayMultipleVersions>false</DisplayMultipleVersions>
<!--
This parameter specifies whether to display all the APIs
[which are having DEPRECATED/PUBLISHED status] or only display the APIs
with having their status is as 'PUBLISHED'
-->
<DisplayAllAPIs>false</DisplayAllAPIs>
<!--
This parameter specifies whether to display the comment editing facility or not.
Default is "true". If user wants to disable, he must set this param as "false"
-->
<DisplayComments>true</DisplayComments>
<!--
This parameter specifies whether to display the ratings or not.
Default is "true". If user wants to disable, he must set this param as "false"
-->
<DisplayRatings>true</DisplayRatings>
<!--
This parameter specifies the expiration time of the TagCache. TagCache will
only be created when this element is uncommented. When the specified
time duration gets elapsed ,tag cache will get re-generated.
-->
<!--TagCacheDuration>120000</TagCacheDuration-->
<!--
This parameter specifies whether Recently Added APIs will be loaded from the cache or not.
If there are multiple API modification during a short time period, better to disable cache.
-->
<EnableRecentlyAddedAPICache>false</EnableRecentlyAddedAPICache>
</APIStore>
<APIPublisher>
<DisplayURL>false</DisplayURL>
<URL>https://${carbon.local.ip}:${mgt.transport.https.port}/publisher</URL>
<!--
This parameter specifies enabling the capability of setting API documentation level granular visibility levels.
By default any document associate with an API will have the same permissions set as the API.With enabling below
property,it will show two additional permission levels as visible only to all registered users in a particular
domain or only visible to API doc creator
-->
<!--EnableAPIDocVisibilityLevels>true</EnableAPIDocVisibilityLevels-->
</APIPublisher>
<!--
Status observers can be registered against the API Publisher to listen for
API status update events. Each observer must implement the APIStatusObserver
interface. Multiple observers can be engaged if necessary and in such situations
they will be notified in the order they are defined here.
-->
<!--StatusObservers>
<Observer>org.wso2.carbon.apimgt.impl.observers.SimpleLoggingObserver</Observer>
</StatusObservers-->
<!--
Use this configuration Create APIs at the Server startup
-->
<StartupAPIPublisher>
<!--
Enable/Disable the API Startup Publisher
-->
<Enabled>false</Enabled>
<!--
Configuration to create APIs for local endpoints.
Endpoint will be computed as http://${carbon.local.ip}:${mgt.transport.http.port}/Context.
Define many LocalAPI elements as below to create many APIs
for local Endpoints.
IconPath should be relative to CARBON_HOME.
-->
<LocalAPIs>
<LocalAPI>
<Context>/resource</Context>
<Provider>admin</Provider>
<Version>1.0.0</Version>
<IconPath>none</IconPath>
<DocumentURL>none</DocumentURL>
<AuthType>Any</AuthType>
</LocalAPI>
</LocalAPIs>
<!--
Configuration to create APIs for remote endpoints.
When Endpoint need to be defined use this configuration.
Define many API elements as below to create many APIs
for external Endpoints.
If you do not need to add Icon or Documentation set
'none' as the value for IconPath & DocumentURL.
-->
<!--APIs>
<API>
<Context>/resource</Context>
<Endpoint>http://localhost:9764/resource</Endpoint>
<Provider>admin</Provider>
<Version>1.0.0</Version>
<IconPath>none</IconPath>
<DocumentURL>none</DocumentURL>
<AuthType>Any</AuthType>
</API>
</APIs-->
</StartupAPIPublisher>
<!--
When an API is invoked, a list of handlers get engaged to its execution flow. This
property defines the position of the Extension Handler.
Supported values: top, bottom
Defaults to: bottom
-->
<!--ExtensionHandlerPosition>top|bottom</ExtensionHandlerPosition-->
<!--Configuration to enable/disable sending CORS headers in the Gateway response
and define the Access-Control-Allow-Origin header value.-->
<CORSConfiguration>
<!--Configuration to enable/disable sending CORS headers from the Gateway-->
<Enabled>true</Enabled>
<!--The value of the Access-Control-Allow-Origin header. Default values are
API Store addresses, which is needed for swagger to function.-->
<Access-Control-Allow-Origin>https://localhost:9443,http://localhost:9763
</Access-Control-Allow-Origin>
<!--Configure Access-Control-Allow-Headers-->
<Access-Control-Allow-Headers>authorization,Access-Control-Allow-Origin,Content-Type</Access-Control-Allow-Headers>
</CORSConfiguration>
<!-- This property is there to configure velocity log output into existing Log4j carbon Logger.
You can enable this and set preferable Logger name.
-->
<!--VelocityLogger>VELOCITY</VelocityLogger-->
</APIManager>
Reference in New Issue View Git Blame Copy Permalink