Inclusion of libraries (jar) when creating a new custom assertion
Article ID: 102464
Updated On:
Products
CA API Gateway (Layer 7)
SA94 to API SECURITY
STARTER PACK-7
CA Rapid App Security
MOBILE API GATEWAY
CA Mobile - API Gateway
CA API Gateway
Issue/Introduction
We are building some new custom assertions, and I am not sure about libs (jar) proper usage.
We are building some new custom assertions, and I am not sure about libs (jar) proper usage. I have 2 questions:
1) can the jars included in my custom assertion affect overall gateway behavior / runtime? Or the classes in these jars are only visible by this custom assertion? In the case my jars are visible by the gateway libs, what is allowed / non allowed for me to include as jar?
2) is it allowed for my custom assertion to access classes located inside the core gateway libraries? For example the gateway uses Apache Commons Text jar library, can I also use these utilities? Or I have to include my own jar inside my custom assertion?
We are building some new custom assertions, and I am not sure about libs (jar) proper usage. I have 2 questions:
1) can the jars included in my custom assertion affect overall gateway behavior / runtime? Or the classes in these jars are only visible by this custom assertion? In the case my jars are visible by the gateway libs, what is allowed / non allowed for me to include as jar?
2) is it allowed for my custom assertion to access classes located inside the core gateway libraries? For example the gateway uses Apache Commons Text jar library, can I also use these utilities? Or I have to include my own jar inside my custom assertion?
Environment
APIM Gateway 9.2
Resolution
The answer to your question is in the readme.txt file in the CustomAssertionAPI-X.X.XX.zip file :
I must admit for the custom assertion I built. I actually used the .jar files distributed with the gateway (I added class path entry so that it included the .jar files in the gatweway lib directory) .
But the readme.txt gives a different process for adding dependant .jar files, so that the classloader is different and the dependant .jar files are unrelated to those in the gateway.
Here is the extract from the readme.txt
....
Installation of a Custom Assertion on a SecureSpan Gateway
----------------------------------------------------------
A Custom Assertion should be package into a jar library. Building the traffic
logger code will produce such a jar. This jar should contain the source code
of the Custom Assertion as well as a custom_assertions.properties providing
details on the Custom Assertion included in the jar. Look at the sample's
version of this file for reference on the format to use. Once this jar is
built, you can install the Custom Assertion following these steps:
1. stop the SecureSpan Gateway (service ssg stop)
2. place the custom assertion jar in /opt/SecureSpan/Gateway/runtime/modules/lib
(make sure owner and permissions are ok)
3. in the case of the sample provided you must add the
sampletrafficloggerca.properties file in /opt/SecureSpan/Gateway/node/default/etc/conf
4. place any libraries that are needed by the Custom Assertion (for example, .so files or .dll files) in /opt/SecureSpan/Gateway/runtime/lib
5. restart the SecureSpan Gateway (service ssg start)
Modular Packaging and Installation of a Custom Assertion
--------------------------------------------------------
It is also possible to package a Custom Assertion with a set accompanying libraries. In
order to minimize conflicts with the SecureSpan Gateway, these modular Custom Assertion
have their dedicated class loader.
Modular Custom Assertions are packaged in one jar file. This jar file is structured as such:
1. classes in the root of the jar (same as normal jar)
2. a lib directory in the root of the jar includes other jars that the code requires
3. a custom_assertions.properties file also in the root of the jar
To install such a custom assertion in a SecureSpan Gateway, drop this jar into
/opt/SecureSpan/Gateway/runtime/modules/lib
I must admit for the custom assertion I built. I actually used the .jar files distributed with the gateway (I added class path entry so that it included the .jar files in the gatweway lib directory) .
But the readme.txt gives a different process for adding dependant .jar files, so that the classloader is different and the dependant .jar files are unrelated to those in the gateway.
Here is the extract from the readme.txt
....
Installation of a Custom Assertion on a SecureSpan Gateway
----------------------------------------------------------
A Custom Assertion should be package into a jar library. Building the traffic
logger code will produce such a jar. This jar should contain the source code
of the Custom Assertion as well as a custom_assertions.properties providing
details on the Custom Assertion included in the jar. Look at the sample's
version of this file for reference on the format to use. Once this jar is
built, you can install the Custom Assertion following these steps:
1. stop the SecureSpan Gateway (service ssg stop)
2. place the custom assertion jar in /opt/SecureSpan/Gateway/runtime/modules/lib
(make sure owner and permissions are ok)
3. in the case of the sample provided you must add the
sampletrafficloggerca.properties file in /opt/SecureSpan/Gateway/node/default/etc/conf
4. place any libraries that are needed by the Custom Assertion (for example, .so files or .dll files) in /opt/SecureSpan/Gateway/runtime/lib
5. restart the SecureSpan Gateway (service ssg start)
Modular Packaging and Installation of a Custom Assertion
--------------------------------------------------------
It is also possible to package a Custom Assertion with a set accompanying libraries. In
order to minimize conflicts with the SecureSpan Gateway, these modular Custom Assertion
have their dedicated class loader.
Modular Custom Assertions are packaged in one jar file. This jar file is structured as such:
1. classes in the root of the jar (same as normal jar)
2. a lib directory in the root of the jar includes other jars that the code requires
3. a custom_assertions.properties file also in the root of the jar
To install such a custom assertion in a SecureSpan Gateway, drop this jar into
/opt/SecureSpan/Gateway/runtime/modules/lib
Feedback
Yes
No
Powered by
