We are using wso2 as our esb layer, and we have a use case wherein we require to store login attempts of the user so what is the best way to implement this kind of caching in wso2 as cache mediator is not suitable for this purpose. And which all caching frameworks are supported by wso2?
Thanks
Unfortunately, your use case is very difficult to understand, using the information given in the question. Hence, it is hard to give a comprehensive answer. So please explain a bit about your requirement.
In the meantime, I would like to add following points.
As you mention it might be difficult to use Cache Mediator [1] for this purpose. It mainly uses for response caching using some message hashes.
I think in general out of the box mediators which come with WSO2 ESB might not suitable for your requirement (Please kindly not that I'm making this statement based on my vague idea about your requirement). So sometimes you might want to write your own class mediator to suit your requirement. If you need some getting started document on how to write a class mediator [2] would be a good starting point.
So please elaborate your requirement and it will be really easy for us to give a comprehensive answer to this question.
Thanks,
Upul
[1]. https://docs.wso2.com/display/ESB490/Cache+Mediator
[2]. https://docs.wso2.com/display/ESB490/Class+Mediator
Related
I finally got my sample dmn-quarkus example running. Is there a property that enables the trace, such a way it prints the sequence of decisions executed?
I noticed that when I provide a incorrect JSON for my DMN model, Kogito responds with a detail response, telling me which decision failed.
This is awesome! Is there a property to turn on to get the details in each response?
Kogito is based on a domain-model first approach to code generation
Kogito ergo domain
Kogito adopts to your business domain rather than the other way around [...]
this means the automatically code-generated API will always take the "shape" of the input/output context of the DMN model, and no longer the v7.x kie-server approach of a generic API.
The information you obtain during error is meant to provide an analogous to a stacktrace.
You can always leverage the Kogito API programming model to build the REST service yourself, in the way better fit your specific business requirement --shall that be provide a list of DMNDecisionResult(s). For instance a pragmatic approach could be to inspect the automatically generated code, and then code a bespoke service, based on this one.
We are looking into Audit functional requirements, but that is not provided out of the box yet. We always welcome community feedback, especially even more in this very early versions! Don't hesitate to join the community on our mailing-list or raise a JIRA ticket to take part of the conversation, the team will be glad to look further into it considering community feedback and suggestions!
I'm building an API using KOA and have read some best practise on versioning. This answer pointed out that versions should be hidden from the client.
My question is, how would I go about doing this? I've read some mentions of using an API proxy. Would I be using something like "Squid" as a reverse-proxy, or are there better Node/KOA specific solutions for this type of work?
I think GraphQL is the perfect tool to avoid pain in the ass with API.
Yes, in some point it breaks the REST philosophy but gives flexibility.
All you need to build a flexible API with no worry about version is: Koa, Objection + GraphQL.
I'm looking the best more efficient way to implement (or use an already setup) rate limiter that would protect all my rest api url. the protection I'm looking at is a "call per second per user limiter"
I had a look on the net and what comes out was the use of either "Redis" or Guava RateLimiter.
To be honest I have never used Redis and I'am really not familiar with it. But by looking on its docs it seems that it has a quite robust rate limiter system.
I have also had a look at Guava's RateLimiter. And it looks a bit easier to use (don't need a redis installation etc...)
So I would like some suggestion of what would be "in my case" the best solution? Is using Redis "too much"?
Have any of you already tried RateLimter? Is this a good solution? Is it scaleable?
PS: I am also open to other solutions than the 2 I aforementioned if you think there are better choices.
Thank you!
If you are trying to limit access to your Spring-based REST api you should use token-bucket algorithm.
There is bucket4j-spring-boot-starter project which uses bucket4j library to rate-limit access to the REST api. You can configure it via application properties file. There is an option to limit the access based on IP address or username.
If you are using Netflix Zuul you could use Spring Cloud Zuul RateLimit which uses different storage options: Consul, Redis, Spring Data and Bucket4j.
Guava’s RateLimiter blocks the current thread so if there’s a burst of asynchronous calls against the throttled service lots of threads will be blocked and might result exhaust of free threads.
Perhaps Spring-based library Kite meets your needs. Kite's "rate-limiting throttle" rejects requests after the principal reaches a configurable limit on the number of requests in some time period. The rate limiter uses Spring Security to determine the principal involved.
But Kite is still a single-JVM approach. If you do need a cluster-aware approach Redis is a way to go.
there is no hard rule, it totally depends on your specific situation. provided that "I have never used Redis", I would recommend guava RateLimiter. compare to redis, a completely new nosql system for you, guava RateLimiter is much easier to get started with. by adding a few lines of code, you are enable to distribute permits at a configurable rate. what left to do is to adapt it to fit your need, like providing rate limit on a per user basis.
Is there any way to integrate C-language specific plugin of ESAPI with Oracle HTTP or IBM HTTP server. I mean can we integrate C-Lang specific code with Oracle HTTP server to achieve security. It can be Java specific plug in. Expectation is to achieve Sanitize what are the steps do I need to follow?
Thanks in Advance,
Bhanu.
I agree, it's not very clear what you are really trying to do here. If you are just trying to access some of the simple ESAPI validators or encoders, most of that has been implemented in the ESAPI for C project. I'd hate to recommend it because it pretty much is no longer maintained, and some of it is badly broken (e.g., the cryptography component), but if you're really desperate, it might be worth a look.
-kevin
I am looking for a library which I can plug into a distributed application which implements any gossip-based membership protocol.
Such a library would allow me to send/receive membership lists, merge received membership lists, etc... Even better would be if the library implemented a protocol with performance O(logn) performance guarantees.
Does anyone know of any open source library like this? It doesn't need to meet all of the aforementioned requirements; even something partially implemented would be helpful.
Take a look at this on google code:
http://code.google.com/p/gossip-protocol-java/
I happen to stumble upon it yesterday whilst looking for java based gossip implementation. It's more a reference implementation for someone to build upon, but it gives the general idea, and after reading through the code you'll definitely be able to build your own or branch what's there to add any features you need.
HTH
Have you looked at Apache Zookeeper? I'm not sure if it's what you're looking for.
ZooKeeper is a high-performance
coordination service for distributed
applications. It exposes common
services - such as naming,
configuration management,
synchronization, and group services -
in a simple interface so you don't
have to write them from scratch. You
can use it off-the-shelf to implement
consensus, group management, leader
election, and presence protocols.
C# bindings are also available.