Good for API gateway ?
405 views
Skip to first unread message
Thibault Meyer
Mar 23, 2017, 2:48:50 AM3/23/17
to Play Framework
Hi,
we try to uniformize all our different APIs and the question of the API Gateway was asked. Is PlayFramwork can do this job ? Is WSClient is good to forward requests to the right backend ?
This API Gateway will be in charge of authentication (JWT Token), check access policy (is this request identified by this JWT token can access this API / resources ?) and primitive Load Balancer (maybe random or round robin)
Sincerely.
William Narmontas
Mar 23, 2017, 11:12:53 AM3/23/17
to Play Framework
It is doable but you'd have to reinvent the wheel. Why not use Tyk or Kong? They already come with batteries included.
Message has been deleted
Thibault Meyer
Mar 23, 2017, 12:01:56 PM3/23/17
to Play Framework
we have tried WSO2 and KONG but the security part don't match with our needs.
Ok WSO2 / KONG generate a token with ACL based on group, but can configure something like
"ok you have access to the API A but only method matching path /xxx/xxxx and only methods GET & POST"
We also need special access for handled devices who get unique access token by entering a PIN code.
It seem TYK have path based policy (https://tyk.io/tyk-documentation/security/security-policies/secure-apis-method-path/) did you have used this software ?
William Narmontas
Mar 23, 2017, 7:45:06 PM3/23/17
to Play Framework
I'd not recommend writing your own proxy, ever :)
You can take a more lightweight approach. For example I've used Play as a basic authentication layer (in my case JWT):
http://nginx.org/en/docs/http/ngx_http_auth_request_module.htmlThen you can use nginx's load balancing/proxy capability to route to the right place.
If you really need something more complex, it is also doable with nginx and a light Play/Lua layer, but I have no experience with that.
Message has been deleted
Thibault Meyer
Mar 24, 2017, 3:40:02 AM3/24/17
to Play Framework
Hi,
We are already using Nginx in front of Play for Load Balancing and HTTP/2. I think the "static" configuration is really good for this kind of usage, did you have a working sample ?
AWS API Gateway have a really nice security policy based on IAM policy, but we don't want forcing our clients to create a AWS account to consume our APIs. The idea is to use Play and re-implement IAM policy.
Do you know other API Gateway (except Kong, wso2 and tyk) with a really nice and precise policy rules ? ( who know the difference between /resources/ and /resources/(.*) )
Igmar Palsenberg
Mar 24, 2017, 4:18:07 AM3/24/17
to Play Framework
We are already using Nginx in front of Play for Load Balancing and HTTP/2. I think the "static" configuration is really good for this kind of usage, did you have a working sample ?AWS API Gateway have a really nice security policy based on IAM policy, but we don't want forcing our clients to create a AWS account to consume our APIs. The idea is to use Play and re-implement IAM policy.Do you know other API Gateway (except Kong, wso2 and tyk) with a really nice and precise policy rules ? ( who know the difference between /resources/ and /resources/(.*) )
If needed, you can script nginx using lua (which is kinda C on steroids). We use this to dynamically do SSL handling, which is a major PITA in Java.
Igmar
Will Sargent
Mar 24, 2017, 7:35:02 PM3/24/17
to play-fr...@googlegroups.com
If you have any input into what makes Play suitable or unsuitable as an API gateway, I'd love to hear it. :-)
--
You received this message because you are subscribed to the Google Groups "Play Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framework+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/cf5cef71-b567-436e-87d7-e6ddce8f45ea%40googlegroups.com.
Thibault Meyer
Mar 27, 2017, 3:36:34 AM3/27/17
to Play Framework
Hi Will,
HMRC (Her Majesty’s Revenue and Customs) seems using Play (Scala version) as API Gateway. See below Github link :
Sincerely
Le samedi 25 mars 2017 00:35:02 UTC+1, Will Sargent a écrit :
If you have any input into what makes Play suitable or unsuitable as an API gateway, I'd love to hear it. :-)
On Fri, Mar 24, 2017 at 1:18 AM, Igmar Palsenberg <ig...@palsenberg.com> wrote:
We are already using Nginx in front of Play for Load Balancing and HTTP/2. I think the "static" configuration is really good for this kind of usage, did you have a working sample ?AWS API Gateway have a really nice security policy based on IAM policy, but we don't want forcing our clients to create a AWS account to consume our APIs. The idea is to use Play and re-implement IAM policy.Do you know other API Gateway (except Kong, wso2 and tyk) with a really nice and precise policy rules ? ( who know the difference between /resources/ and /resources/(.*) )If needed, you can script nginx using lua (which is kinda C on steroids). We use this to dynamically do SSL handling, which is a major PITA in Java.Igmar
--
You received this message because you are subscribed to the Google Groups "Play Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to play-framewor...@googlegroups.com.
Will Sargent
Mar 27, 2017, 1:44:13 PM3/27/17
to play-fr...@googlegroups.com
Yep, Coursera as well:
To unsubscribe from this group and stop receiving emails from it, send an email to play-framework+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/play-framework/53bc2afd-4736-4860-af3f-08ef6840ec3d%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages