How to Write a Simple Authentication Handler for an API in WSO2 ESB

whats covered: creating a simple authentication handler for an API in WSO2 ESB 4.8.1

1) Create the Project

Generate the pom file with the required dependencies using WSO2 Developer Studio.

2) Put in the Authentication Logic

In this example the authentication is done based on a per-configured header value in the API request. Find the complete code here[1].

Put the authentication logic inside the handleRequest() method.

....

....

boolean auticationSuccessfull;
        if(!headers.containsKey(TOKEN_HEADER_NAME))
        {
            throw new SynapseException("Access token was not found in the header");
        }
        else
        {
            String token = headers.get(TOKEN_HEADER_NAME).toString();
            if(authenticate(token))
            {
                auticationSuccessfull=true;
            }
            else
            {
                auticationSuccessfull=false;
            }
        }

return auticationSuccessfull;

....

....

private boolean authenticate(String tk)
    {
        //authentication logic
        boolean sentinal=false;
        if(tk.equals("testtoken"))
        {
            sentinal=true;
        }
        if(!sentinal)
        {   
            log.debug("authentication failed for token: "+tk);   
        }
        return sentinal;
    }

....

....

3) Build and Copy the Jar

Drop the jar inside <ESB_HOME>/repository/components/lib

4) Include Handler in the API Configuration

Open up the API configuration with an editor(find it in <ESB_HOME>/repository/deployment/server/synapse-configs/default/api/), Include the handler after the API resource closing tag(at the end of the config) as shown below,

....

....

   </resource>
   <handlers>
      <handler class="com.dumiduh.SimpleAuthenticationHandler"/>
   </handlers>
</api>

[1] - https://drive.google.com/file/d/0B9oVIeyHJKBXY1hZZjBvT1FGQlU/view?usp=sharing