我可以在 WSO2 APIM 中以编程方式创建范围吗? 我有一个要求,用户可以通过 UI 创建新角色并将一些权限与新角色相关联。用户不会使用 WSO2 Web 界面;相反,他将使用内部 Web 应用程序 为此,我必须以编程方式创建范围并将 API 与其关联。还可以手动将作用域映射到角色。
如何以编程方式通过 WSO2 APIM 创建范围? 以编程方式使用范围可以进行哪些操作? 如果不可能,我如何通过 WSO2 处理此类要求?
【问题讨论】:
标签: wso2 wso2is wso2-am wso2carbon
您可以为此使用Publisher REST APIs。
首先,您需要获取 API 的 swagger 定义。
curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8"
https://127.0.0.1:9443/api/am/publisher/v0.10/apis/890a4f4d-09eb-4877-a323-57f6ce2ed79b/swagger
你会得到的招摇会是这样的。
{
"swagger":"2.0",
"paths":{
"/menu":{
"get":{
"x-auth-type":"Application & Application User",
"x-throttling-tier":"Unlimited",
"description":"Return a list of available menu items",
"parameters":[
],
"responses":{
"200":{
"headers":{
},
"schema":{
"title":"Menu",
"properties":{
"list":{
"items":{
"$ref":"#/definitions/MenuItem"
},
"type":"array"
}
},
"type":"object"
},
"description":"OK."
}
}
}
}
},
"schemes":[
"https"
],
"produces":[
"application/json"
],
"definitions":{
"MenuItem":{
"title":"Pizza menu Item",
"properties":{
"price":{
"type":"string"
},
"description":{
"type":"string"
},
"name":{
"type":"string"
},
"image":{
"type":"string"
}
},
"required":[
"name"
]
}
},
"consumes":[
"application/json"
],
"info":{
"title":"PizzaShackAPI",
"description":"This document describe a RESTFul API for Pizza Shack online pizza delivery store.\n",
"license":{
"name":"Apache 2.0",
"url":"http://www.apache.org/licenses/LICENSE-2.0.html"
},
"contact":{
"email":"architecture@pizzashack.com",
"name":"John Doe",
"url":"http://www.pizzashack.com"
},
"version":"1.0.0"
}
}
现在您可以通过更新您获得的 swagger 文件添加新范围并将其附加到 API 的资源。
一个新的作用域是这样添加的。
"x-wso2-security":{
"apim":{
"x-wso2-scopes":[
{
"description":"New scope",
"name":"new_scope",
"roles":"admin",
"key":"new_scope"
}
]
}
}
它可以像这样附加到现有资源。
"x-scope":"new_scope"
那么完整的招摇将是这样的。
{
"swagger":"2.0",
"x-wso2-security":{
"apim":{
"x-wso2-scopes":[
{
"description":"New scope",
"name":"new_scope",
"roles":"admin",
"key":"new_scope"
}
]
}
},
"paths":{
"/menu":{
"get":{
"x-auth-type":"Application & Application User",
"x-throttling-tier":"Unlimited",
"x-scope":"new_scope",
"description":"Return a list of available menu items",
"parameters":[
],
"responses":{
"200":{
"headers":{
},
"schema":{
"title":"Menu",
"properties":{
"list":{
"items":{
"$ref":"#/definitions/MenuItem"
},
"type":"array"
}
},
"type":"object"
},
"description":"OK."
}
}
}
}
},
"schemes":[
"https"
],
"produces":[
"application/json"
],
"definitions":{
"MenuItem":{
"title":"Pizza menu Item",
"properties":{
"price":{
"type":"string"
},
"description":{
"type":"string"
},
"name":{
"type":"string"
},
"image":{
"type":"string"
}
},
"required":[
"name"
]
}
},
"consumes":[
"application/json"
],
"info":{
"title":"PizzaShackAPI",
"description":"This document describe a RESTFul API for Pizza Shack online pizza delivery store.\n",
"license":{
"name":"Apache 2.0",
"url":"http://www.apache.org/licenses/LICENSE-2.0.html"
},
"contact":{
"email":"architecture@pizzashack.com",
"name":"John Doe",
"url":"http://www.pizzashack.com"
},
"version":"1.0.0"
}
}
如果您在名为“swagger.json”的文件中有此 swagger,则可以像这样更新 API 的 swagger。
curl -k -H "Authorization: Bearer b7108a70-3537-34f1-acbb-1c53b99d64dc"
-F "apiDefinition=@swagger.json;filename=swagger.json" -X PUT https://127.0.0.1:9443/api/am/publisher/v0.10/apis/2c5f05b2-0277-42b2-92c5-862750563661/swagger
这将使用新范围更新您的 API。
【讨论】: