APIM manage workflow with multiple roles APIM 3.0.0 per API based subscription workflow Logging internal HTTP requests Log APIM analytics events to a file Monetization and sample with WSO2 API Manager 2.6.0 Share application and subscription among a set of specific groups or roles WSO2 APIM Correlating analytics event with correlationID APIM analytics distinguish production and sandbox traffic APIM 2.x.x analytics internal and analytics tuneup Configure APIM(Next release) Key Manager User stores APIM(Next release) working with key manager DAS 3.x Parse system variables to Spark Context Revoke OAuth application In APIM 2.1.0 Next WSO2 APIM powered by WSO2 Ballerina Configure WSO2 APIM Analytics on Cluster environment Configure WSO2 DAS 3.1.0 for WSO2 APIM 2.0.0 Analytics WSO2 APIM publishing custom statistics WSO2 APIM Error codes Working with WSO2 message tracer Use DAS admin service to query using Spark SQL Configure WSO2 APIM Analytics using XML WSO2 APIM Generating and Retrieving Custom Statistics Understanding WSO2 APIM Statistics Model Publishing WSO2 APIM 1.10.x Runtime Statistics to DAS with RDBMS Publishing_APIM_1100_Runtime_Statistics_to_DAS Aggregate functions with WSO2 DAS REST API Create a cApp for WSO2 DAS Debugging WSO2 Products using OSGI console. Publishing APIM Runtime Statistics to DAS Deploy cApp on WSO2 DAS How to configure and start the Accumulo minicluster How to setup DNS server on Ubuntu and Ubuntu server How to use Java Reflection how to install apache web server on ubuntu and ubuntu server How to install Mail server on Ubuntu and Ubuntu server How to install squirrelmail webmail client on Ubuntu and Ubuntu Server Pass and return String value to JNI method Pass and return numeric value to JNI method Calling a C Function from the Java Programming Language using JNI AXIS 2 Sample web service Client with maven and eclipse How to setup AXIS 2 with Apache Tomcat AXIS 2 Sample web service with maven and eclipse Robot framework Sample with Selenium Robot framework Custom Library Sample Behaviour-Driven Development with JBehave and Eclipse Play Audio with Netbeans and linking with LibVLC Implement LibVLC based player with QT-part2 Simple Audio playing sample with LibVLC How to install LibVLC on Ubuntu Implement LibVLC based player with QT-part1
APIM manage workflow with multiple roles
  1. Introduction

    When API is configured for workflow, only a set of users(users with admin role) can manage the tasks. But there can be use cases to manage some tasks by different user types or roles. As an example, if multiple departments manage APIs in a single tenant and workflow need to be managed within that department. In such cases, each workflow task only needs to be visible to admin users of that logical department.

    By default, this cannot be achieved without customization. Hence this document explains how to achieve subscription management in such a deployment. So the following tasks are discussed in this document.

    • Workflow executor
    • Customize the BPEL process
    • Customize HumanTask
  2. Prerequisites
    • WSO2 API Manager 3.0.0
    • WSO2 Enterprise Integrator 6.5.0
    • Configure API Manager for subscription workflow according to the official document
  3. Workflow executor

    Workflow executor needs to be customized to send additional information to the Business process engine. This customization is done to include role information to the web service call to the BPS. By default, the required role of the users, which use to limit access and manage pending tasks, is set to “admin” at the BPS engine. If we can include the admin role of the current department that can be used to limit workflow management at BPS.

    The following code includes this information to the web service call. We include “deptAdminRole” property to hold the admin role name. In this sample, we have a hardcoded role name as “hr_admin_role” assuming it is the admin role for the HR department. But these value can be derived as follows

    • Using API name/User name pattern
    • Using user roles/permissions
    • Using Properties define to the API
  4. Workflow executor Implementation
    • Create a new maven project and include the following dependency
      <dependency>
          <groupId>org.wso2.carbon.apimgt</groupId>
          <artifactId>org.wso2.carbon.apimgt.impl</artifactId>
          <version>6.5.349</version>
      </dependency>
      
    • Add a new java class that extends the “SubscriptionCreationWSWorkflowExecutor”
    • Override the method “execute” with the following content.
      public WorkflowResponse execute(WorkflowDTO workflowDTO) throws WorkflowException {
          try {
              String action = WorkflowConstants.CREATE_SUBSCRIPTION_WS_ACTION;
              ServiceClient client = getClient(action);
              String payload = "<wor:SubscriptionApprovalWorkFlowProcessRequest " +
                      "         xmlns:wor=\"http://workflow.subscription.apimgt.carbon.wso2.org\">\n" +
                      "         <wor:apiName>$1</wor:apiName>\n" +
                      "         <wor:apiVersion>$2</wor:apiVersion>\n" +
                      "         <wor:apiContext>$3</wor:apiContext>\n" +
                      "         <wor:apiProvider>$4</wor:apiProvider>\n" +
                      "         <wor:subscriber>$5</wor:subscriber>\n" +
                      "         <wor:applicationName>$6</wor:applicationName>\n" +
                      "         <wor:tierName>$7</wor:tierName>\n" +
                      "         <wor:workflowExternalRef>$8</wor:workflowExternalRef>\n" +
                      "         <wor:callBackURL>$9</wor:callBackURL>\n" +
                      "         <wor:deptAdminRole>$deptAdminRole</wor:deptAdminRole>\n" +
                      "      </wor:SubscriptionApprovalWorkFlowProcessRequest>";
      
              SubscriptionWorkflowDTO subsWorkflowDTO = (SubscriptionWorkflowDTO) workflowDTO;
              String callBackURL = subsWorkflowDTO.getCallbackUrl();
      
              payload = payload.replace("$1", subsWorkflowDTO.getApiName());
              payload = payload.replace("$2", subsWorkflowDTO.getApiVersion());
              payload = payload.replace("$3", subsWorkflowDTO.getApiContext());
              payload = payload.replace("$4", subsWorkflowDTO.getApiProvider());
              payload = payload.replace("$5", subsWorkflowDTO.getSubscriber());
              payload = payload.replace("$6", subsWorkflowDTO.getApplicationName());
              payload = payload.replace("$7", subsWorkflowDTO.getTierName());
              payload = payload.replace("$8", subsWorkflowDTO.getExternalWorkflowReference());
              payload = payload.replace("$9", callBackURL != null ? callBackURL : "?");
              payload = payload.replace("$deptAdminRole", "hr_admin_role");
      
              client.fireAndForget(AXIOMUtil.stringToOM(payload));
      
              ApiMgtDAO apiMgtDAO = ApiMgtDAO.getInstance();
              apiMgtDAO.addWorkflowEntry(workflowDTO);
              publishEvents(workflowDTO);
          } catch (AxisFault axisFault) {
              log.error("Error sending out message", axisFault);
              throw new WorkflowException("Error sending out message", axisFault);
          } catch (XMLStreamException e) {
              log.error("Error converting String to OMElement", e);
              throw new WorkflowException("Error converting String to OMElement", e);
          } catch (APIManagementException e) {
              throw new WorkflowException("Error while persisting workflow", e);
          }
          return new GeneralWorkflowResponse();
      }
      
  5. Customize the BPEL process
      • BPEL process data need to customize include this new attribute name. For that, you can use the bpel/SubscriptionApprovalWorkFlowProcess_1.0.0/SubscriptionApprovalWorkFlowProcess.bpel define in the <APIM_HOME>/business-processes/subscription-creation/BPEL/SubscriptionApprovalWorkFlowProcess_1.0.0.zip as follows.
    <bpel:literal>
        <tschema:SubscriptionApprovalData
                xmlns:tschema="http://workflow.subscription.apimgt.carbon.wso2.org"
                xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><tschema:apiName>tschema:apiName</tschema:apiName>
            <tschema:apiVersion>tschema:apiVersion</tschema:apiVersion>
            <tschema:apiContext>tschema:apiContext</tschema:apiContext>
            <tschema:apiProvider>tschema:apiProvider</tschema:apiProvider>
            <tschema:subscriber>tschema:subscriber</tschema:subscriber>
            <tschema:applicationName>tschema:applicationName</tschema:applicationName>
            <tschema:tierName>tschema:tierName</tschema:tierName>
            <tschema:callBackURL>tschema:callBackURL</tschema:callBackURL>
            <tschema:workflowExternalRef>tschema:workflowExternalRef</tschema:workflowExternalRef>
            <tschema:deptAdminRole>tschema:deptAdminRole</tschema:deptAdminRole>
        </tschema:SubscriptionApprovalData>
    </bpel:literal>
    
    • There are multiple WSDL files in here to expose these as a web service. Hence these new attributes need to be declared in there as well.
  6. Customize HumanTask
      • Customize HumanTask Human Task configuration needs to be updated to define the allowed users for this workflow. For that edit the SubscriptionsApprovalTask-1.0.0/SubscriptionsApprovalTask.ht in <AM_HOME>/business-processes/subscription-creation/HumanTask/SubscriptionsApprovalTask-1.0.0.zip as follows.
    <htd:peopleAssignments>
        <htd:potentialOwners>
            <htd:from logicalPeopleGroup="admin">
                <htd:argument name="role">
                    htd:getInput("SubscriptionApprovalRequest")/test10:deptAdminRole
                </htd:argument>
            </htd:from>
        </htd:potentialOwners>
    
    </htd:peopleAssignments>
    
    • Here also, there is a WSDL declaration to expose web service calls. Hence this needs to be updated in there as well.
  7. Installation
    • Build the project and copy the com.rukspot.sample.apimgt.workflow.rolebase-1.0-SNAPSHOT.jar to <AM_HOME>/repository/components/lib directory and restart the servers
    • Login to API Manager management console and define the subscription workflow executor as follows in the /_system/governance/apimgt/applicationdata/workflow-extensions.xml
      <SubscriptionCreation executor="com.rukspot.sample.apimgt.workflow.rolebase.RoleBasedSubscriptionCreationWSWorkflowExecutor">
           <Property name="serviceEndpoint">http://localhost:9765/services/SubscriptionApprovalWorkFlowProcess/</Property>
           <Property name="username">admin</Property>
           <Property name="password">admin</Property>
           <Property name="callbackURL">https://localhost:8243/services/WorkflowCallbackService</Property>
      </SubscriptionCreation>
      
    • Login to the EI management console and upload the BPEL process in RoleBasedSubscriptionApprovalWorkFlowProcess_1.0.0.zip
    • Upload the human task in RoleBasedSubscriptionsApprovalTask-1.0.0.zip same way
  8. Testing
      • Login to APIM Publisher and publish an API
      • Login to APIM Dev portal and try to subscribe to an application
      • Login to the APIM admin portal using “admin” user and check pending subscription tasks
      • Login to the APIM admin portal using a user with “hr_admin_role” role and check pending subscription tasks.
  9. Code Sample

    Please find the sample code from GitHub

Add Comment

* Required information
1000
Powered by Commentics

Comments (0)

No comments yet. Be the first!