@ -10,7 +10,7 @@
<GatewayType > EMM</GatewayType>
<!-- This parameter is used to enable the securevault support when try to publish endpoint secured APIs. Values should be "true" or "false".
By default secure vault is disabled.-->
By default secure vault is disabled.-->
<EnableSecureVault > false</EnableSecureVault>
<!--
Database configuration used by API publisher, API store and API key manager.
@ -19,23 +19,23 @@
-->
<!-- Database -->
<!--
JDBC connection string for the database.
-->
JDBC connection string for the database.
-->
<!-- <URL>jdbc:h2:repository/database/WSO2AM_DB</URL> -->
<!--
JDBC username for the database.
-->
JDBC username for the database.
-->
<!-- <Username>wso2carbon</Username> -->
<!--
JDBC password for the database.
-->
JDBC password for the database.
-->
<!-- <Password>wso2carbon</Password>
JDBC driver for the database.
-->
JDBC driver for the database.
-->
<!-- <Driver>org.h2.Driver</Driver>
</Database> -->
@ -52,11 +52,11 @@
<!--
Admin username for the Authentication manager.
-->
<Username > admin</Username>
<Username > ${ admin.username} </Username>
<!--
Admin password for the Authentication manager.
-->
<Password > admin</Password>
<Password > ${ admin.password} </Password>
</AuthManager>
<!--
@ -70,33 +70,40 @@
<SecurityContextHeader > X-JWT-Assertion</SecurityContextHeader>
<!--
Fully qualified name of the class that will retrieve additional user claims
to be appended to the JWT. If not specified no claims will be appended.
The DefaultClaimsRetriever class adds user claims from the default carbon user store.
-->
Fully qualified name of the class that will retrieve additional user claims
to be appended to the JWT. If not specified no claims will be appended.If user wants to add all user claims in the
jwt token, he needs to enable this parameter.
The DefaultClaimsRetriever class adds user claims from the default carbon user store.
-->
<!-- ClaimsRetrieverImplClass>org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever</ClaimsRetrieverImplClass -->
<!--
The dialectURI under which the claimURIs that need to be appended to the
JWT are defined. Not used with custom ClaimsRetriever implementations. The
same value is used in the keys for appending the default properties to the
JWT.
-->
The dialectURI under which the claimURIs that need to be appended to the
JWT are defined. Not used with custom ClaimsRetriever implementations. The
same value is used in the keys for appending the default properties to the
JWT.
-->
<!-- ConsumerDialectURI>http://wso2.org/claims</ConsumerDialectURI -->
<!--
Signature algorithm. Accepts "SHA256withRSA" or "NONE". To disable signing explicitly specify "NONE".
-->
Signature algorithm. Accepts "SHA256withRSA" or "NONE". To disable signing explicitly specify "NONE".
-->
<!-- SignatureAlgorithm>SHA256withRSA</SignatureAlgorithm -->
<!--
Enable/Disable JWT generation. Default is false.
-->
Enable/Disable JWT generation. Default is false.
-->
<!-- EnableTokenGeneration>false</EnableTokenGeneration -->
<!--
Remove OAuth headers from outgoing message or keep with it.
-->
This parameter specifies which implementation should be used for generating the Token. JWTGenerator is the
default implementation provided.
-->
<TokenGeneratorImpl > org.wso2.carbon.apimgt.impl.token.JWTGenerator</TokenGeneratorImpl>
<!--
Remove OAuth headers from outgoing message or keep with it.
-->
<!-- RemoveOAuthHeadersFromOutMessage>true</RemoveOAuthHeadersFromOutMessage -->
</APIConsumerAuthentication>
@ -121,45 +128,51 @@
<!-- The environments to which an API will be published -->
<Environments >
<!-- Environments can be of different types. Allowed values are 'hybrid', 'production' and 'sandbox'.
An API deployed on a 'production' type gateway will only support production keys
An API deployed on a 'sandbox' type gateway will only support sandbox keys
An API deployed on a 'hybrid' type gateway will support both production and sandbox keys -->
<Environment type= "hybrid" >
An API deployed on a 'production' type gateway will only support production keys
An API deployed on a 'sandbox' type gateway will only support sandbox keys
An API deployed on a 'hybrid' type gateway will support both production and sandbox keys -->
<Environment type= "hybrid" api-console= "true" >
<Name > Production and Sandbox</Name>
<Description > Description of environment</Description>
<!--
Server URL of the API gateway.
-->
Server URL of the API gateway.
-->
<ServerURL > https://${carbon.local.ip}:${mgt.transport.https.port}/services/</ServerURL>
<!--
Admin username for the API gateway.
-->
<Username > admin</Username>
Admin username for the API gateway.
-->
<Username > ${ admin.username} </Username>
<!--
Admin password for the API gateway.
-->
<Password > admin</Password>
Admin password for the API gateway.
-->
<Password > ${ admin.password} </Password>
<!--
Endpoint URLs for the APIs hosted in this API gateway.
-->
Endpoint URLs for the APIs hosted in this API gateway.
-->
<GatewayEndpoint > http://${carbon.local.ip}:${http.nio.port},https://${carbon.local.ip}:${https.nio.port}</GatewayEndpoint>
</Environment>
</Environments>
<!--
Enable/Disable caching at gateway node.
Enable/Disable token caching at gateway node.
-->
<EnableGatewayKeyCache > false</EnableGatewayKeyCache>
<!-- Header name can be configurable, as you preferred. When API invocation is restricted to access only for authorized domains,
client request should send his domain, as the value of this header .
<!--
Enable/Disable API resource caching at gateway node .
-->
<EnableGatewayResourceCache > true</EnableGatewayResourceCache>
<!-- Header name can be configurable, as you preferred. When API invocation is restricted to access only for authorized domains,
client request should send his domain, as the value of this header.
-->
<ClientDomainHeader > referer</ClientDomainHeader>
</APIGateway>
<!--
Enable/Disable Usage metering and billing for api usage
-->
Enable/Disable Usage metering and billing for api usage
-->
<EnableBillingAndUsage > false</EnableBillingAndUsage>
<!--
@ -169,9 +182,10 @@
<APIUsageTracking >
<!--
Enable/Disable the API usage tracker.
Below property is used to skip trying to connect to event receiver nodes when publishing events even if
the stats enabled flag is set to true.
-->
< Enabled> false</Enabled >
< SkipEventReceiverConnection> false</SkipEventReceiverConnection >
<!--
API Usage Data Publisher.
@ -179,65 +193,49 @@
<PublisherClass > org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher</PublisherClass>
<!--
Thrift port of the remote BAM server.
If below property set to true,then the response message size will be calculated and publish
with each successful API invocation event.
-->
<ThriftPort > 7612</ThriftPort>
<PublishResponseMessageSize > false</PublishResponseMessageSize>
<!--
Server URL of the remote BAM/CEP server used to collect statistics. Must
be specified in protocol://hostname:port/ format.
An event can also be published to multiple Receiver Groups each having 1 or more receivers. Receiver
Groups are delimited by curly braces whereas receivers are delimited by commas.
Ex - Multiple Receivers within a single group
tcp://localhost:7612/,tcp://localhost:7613/,tcp://localhost:7614/
Ex - Multiple Receiver Groups with two receivers each
{tcp://localhost:7612/,tcp://localhost:7613},{tcp://localhost:7712/,tcp://localhost:7713/}
Data publishing stream names and versions of API requests, responses and faults. If the default values
are changed, the toolbox also needs to be changed accordingly.
-->
<BAMServerURL > tcp://localhost:7612/</BAMServerURL>
<!--
Administrator username to login to the remote BAM server.
-->
<BAMUsername > admin</BAMUsername>
<!--
Administrator password to login to the remote BAM server.
-->
<BAMPassword > admin</BAMPassword>
<!--
JNDI name of the data source to be used for getting BAM statistics.This data source should
be defined in the master-datasources.xml file in conf/datasources directory.
-->
<!-- DataSourceName>jdbc/WSO2AM_STATS_DB</DataSourceName -->
<!--
Google Analytics publisher configuration. Create Google Analytics account and obtain a
Tracking ID.
Reffer http://support.google.com/analytics/bin/answer.py?hl=en& answer=1009694
-->
<GoogleAnalyticsTracking >
<!--
Enable/Disable Google Analytics Tracking
-->
<Enabled > false</Enabled>
<!--
Google Analytics Tracking ID
-->
<TrackingID > UA-XXXXXXXX-X</TrackingID>
</GoogleAnalyticsTracking>
<Streams >
<Request >
<Name > org.wso2.apimgt.statistics.request</Name>
<Version > 1.0.0</Version>
</Request>
<Response >
<Name > org.wso2.apimgt.statistics.response</Name>
<Version > 1.0.0</Version>
</Response>
<Fault >
<Name > org.wso2.apimgt.statistics.fault</Name>
<Version > 1.0.0</Version>
</Fault>
<Destination >
<Name > org_wso2_apimgt_statistics_destination</Name>
<Version > 1.0.0</Version>
<BAMProfileName > bam-profile</BAMProfileName>
</Destination>
<Throttle >
<Name > org.wso2.apimgt.statistics.throttle</Name>
<Version > 1.0.0</Version>
</Throttle>
<Workflow >
<Name > org.wso2.apimgt.statistics.workflow</Name>
<Version > 1.0.0</Version>
</Workflow>
</Streams>
</APIUsageTracking>
<!--
API key manager configuration used by API key manager (IS), API store and API gateway.
This is used by API store to generate and manage API keys. API gateway uses it to
validate and authenticate users against the provided API keys.
API key validator configuration used by API key manager (IS), API store and API gateway.
API gateway uses it to validate and authenticate users against the provided API keys.
-->
<APIKey Manage r>
<APIKeyValidator >
<!--
Server URL of the API key manager
-->
@ -246,12 +244,12 @@
<!--
Admin username for API key manager.
-->
<Username > admin</Username>
<Username > ${ admin.username} </Username>
<!--
Admin password for API key manager.
-->
<Password > admin</Password>
<Password > ${ admin.password} </Password>
<!--
Enable/Disable JWT caching.
-->
@ -270,6 +268,7 @@
-If you are at the Gateway node, you need to point "ThriftClientPort" value to the "ThriftServerPort" value given at KeyManager node.
-If you need to start two API Manager instances in the same machine, you need to give different ports to "ThriftServerPort" value in two nodes.
-ThriftServerHost - Allows to configure a hostname for the thrift server. It uses the carbon hostname by default.
-Gateway use this parameter to connect key validation thrift service.
-->
<KeyValidatorClientType > ThriftClient</KeyValidatorClientType>
@ -278,26 +277,63 @@
<ThriftServerPort > 10397</ThriftServerPort>
<!-- ThriftServerHost>localhost</ThriftServerHost -->
<EnableThriftServer > true</EnableThriftServer>
<!--
Scope used for marking Application Tokens. If a token is generated with this scope, they will be treated as Application Access Tokens
-->
<ApplicationTokenScope > am_application_scope</ApplicationTokenScope>
<!--
This parameter is used to specify Thrift server host name. In a distributed deployment we must set this parameter
if keymanager running on separate machine. Gateway use this parameter to connect key validation thrift service
Specifies the implementation to be used for KeyValidationHandler. Steps for validating a token can be controlled by plugging in a custom KeyValidation Handler
-->
<!-- ThriftServerHost>127.0.0.1</ThriftServerHost -->
<KeyValidationHandlerClassName > org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler</KeyValidationHandlerClassName >
<!--
Remove UserName from JWT Token
-->
<!-- <RemoveUserNameToJWTForApplicationToken>true</RemoveUserNameToJWTForApplicationToken> -->
<!-- <RemoveUserNameFromJWTForApplicationToken>true</RemoveUserNameFromJWTForApplicationToken> -->
<!-- All scopes under the ScopeWhitelist element are not validating against roles that has assigned to it.
By default ^device_.* and openid scopes have been white listed internally.
-->
<!-- ScopeWhitelist>
<Scope > ^device_.*</Scope>
<Scope > openid</Scope>
</ScopeWhitelist-->
<!-- Name of the token API -->
<TokenEndPointName > oauth2/token</TokenEndPointName>
<TokenEndPointName > /oauth2/token</TokenEndPointName>
<!-- This the API URL for revoke API. When we revoke tokens revoke requests should go through this
API deployed in API gateway. Then it will do cache invalidations related to revoked tokens.
In distributed deployment we should configure this property in key manager node by pointing
gateway https( /http, we recommend users to use 'https' endpoints for security purpose) url.
Also please note that we should point gateway revoke service to key manager
-->
<RevokeAPIURL > https://${carbon.local.ip}:${https.nio.port}/revoke</RevokeAPIURL>
<!-- Whether to encrypt tokens when storing in the Database
Note: If changing this value to true, change the value of <TokenPersistenceProcessor > to
org.wso2.carbon.identity.oauth.tokenprocessor.EncryptionDecryptionProcessor in the identity.xml -->
Note: If changing this value to true, change the value of <TokenPersistenceProcessor > to
org.wso2.carbon.identity.oauth.tokenprocessor.EncryptionDecryptionPersistence Processor in the identity.xml -->
<EncryptPersistedTokens > false</EncryptPersistedTokens>
</APIKeyManager>
</APIKeyValidator>
<!--
Uncomment this section only if you are going to have an instance other than KeyValidator as your KeyManager.
Unless a ThirdParty KeyManager is used, you don't need to configure this section.
-->
<!-- APIKeyManager>
<KeyManagerClientImpl > org.wso2.carbon.apimgt.keymgt.AMDefaultKeyManagerImpl</KeyManagerClientImpl>
<Configuration >
<ServerURL > https://${carbon.local.ip}:${mgt.transport.https.port}${carbon.context}/services/</ServerURL>
<Username > ${admin.username}</Username>
<Password > ${admin.password}</Password>
<TokenURL > https://${carbon.local.ip}:${https.nio.port}/token</TokenURL>
<RevokeURL > https://${carbon.local.ip}:${https.nio.port}/revoke</RevokeURL>
</Configuration>
</APIKeyManager-->
<!--
Settings related to managing API access tiers.
@ -310,39 +346,17 @@
<EnableUnlimitedTier > true</EnableUnlimitedTier>
</TierManagement>
<!--
Use this configuration to control the self-sign-up capability in API store.
-->
<SelfSignUp >
<!--
Enable or disable the self-sign-up feature.
-->
<Enabled > true</Enabled>
<!--
Self signed up users should be associated with a suitable subscriber
role for them to be able to access the API store portal. This required
parameter specifies which role should be used for that purpose. The role
specified here must have the '/permission/admin/manage/api/subscribe'
permission.
-->
<SubscriberRoleName > subscriber</SubscriberRoleName>
<!--
This parameter specifies whether the subscriber role specified above
should be created in the local user store or not. This only makes sense
when the API subscribers are authenticated against the local user store.
That is the local Carbon server is acting as the AuthManager. If a remote
Carbon server is acting as the AuthManager, this parameter should be turned
off for the local server.
-->
<CreateSubscriberRole > true</CreateSubscriberRole>
</SelfSignUp>
<!--
Use this configuration to control the number of APIs shown in API store.
-->
<APIStore >
<!-- This property is used to indicate how we do user name comparision for token generation https://wso2.org/jira/browse/APIMANAGER - 2225 -->
<!-- GroupingExtractor>org.wso2.carbon.apimgt.impl.DefaultGroupIDExtractorImpl</GroupingExtractor -->
<CompareCaseInsensitively > true</CompareCaseInsensitively>
<DisplayURL > false</DisplayURL>
<URL > https://${carbon.local.ip}:${mgt.transport.https.port}/store</URL>
<!--
This parameter specifies whether to display multiple versions of same
API or only showing the latest version of an API.
@ -356,31 +370,52 @@
-->
<DisplayAllAPIs > false</DisplayAllAPIs>
<!--
Uncomment this to limit the number of APIs in api the API Store
-->
<!-- APIsPerPage>5</APIsPerPage -->
<!--
This parameter specifies whether to display the comment editing facility or not.
Default is "true". If user wants to disable, he must set this param as "false"
This parameter specifies whether to display the comment editing facility or not.
Default is "true". If user wants to disable, he must set this param as "false"
-->
-->
<DisplayComments > true</DisplayComments>
<!--
This parameter specifies whether to display the ratings or not.
Default is "true". If user wants to disable, he must set this param as "false"
This parameter specifies whether to display the ratings or not.
Default is "true". If user wants to disable, he must set this param as "false"
-->
-->
<DisplayRatings > true</DisplayRatings>
<!--
This parameter specifies the expiration time of the TagCache. TagCache will
only be created when this element is uncommented. When the specified
time duration gets elapsed ,tag cache will get re-generated.
-->
This parameter specifies the expiration time of the TagCache. TagCache will
only be created when this element is uncommented. When the specified
time duration gets elapsed ,tag cache will get re-generated.
-->
<!-- TagCacheDuration>120000</TagCacheDuration -->
<!--
This parameter specifies whether Recently Added APIs will be loaded from the cache or not.
If there are multiple API modification during a short time period, better to disable cache.
-->
<EnableRecentlyAddedAPICache > false</EnableRecentlyAddedAPICache>
</APIStore>
<APIPublisher >
<DisplayURL > false</DisplayURL>
<URL > https://${carbon.local.ip}:${mgt.transport.https.port}/publisher</URL>
<!--
This parameter specifies enabling the capability of setting API documentation level granular visibility levels.
By default any document associate with an API will have the same permissions set as the API.With enabling below
property,it will show two additional permission levels as visible only to all registered users in a particular
domain or only visible to API doc creator
-->
<!-- EnableAPIDocVisibilityLevels>true</EnableAPIDocVisibilityLevels -->
</APIPublisher>
<!--
Status observers can be registered against the API Publisher to listen for
API status update events. Each observer must implement the APIStatusObserver
@ -391,107 +426,57 @@
<Observer > org.wso2.carbon.apimgt.impl.observers.SimpleLoggingObserver</Observer>
</StatusObservers-->
<!--
There are set of plugguble extensions for some operations related to API MAnager
operations such as self sign in, subscriptions and etc. For those operatios we can
trigger external work flow of business process server. Here are the configurations
related to those operations
-->
<WorkFlowExtensions >
<ApplicationCreation executor= "org.wso2.carbon.apimgt.impl.workflow.ApplicationCreationSimpleWorkflowExecutor" />
<!-- ApplicationCreation executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationCreationWSWorkflowExecutor">
<Property name= "serviceEndpoint" > http://localhost:9765/services/ApplicationApprovalWorkFlowProcess/</Property>
<Property name= "username" > admin</Property>
<Property name= "password" > admin</Property>
<Property name= "callbackURL" > https://localhost:8243/services/WorkflowCallbackService</Property>
</ApplicationCreation-->
<SubscriptionCreation executor= "org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationSimpleWorkflowExecutor" />
<!-- SubscriptionCreation executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationWSWorkflowExecutor">
<Property name= "serviceEndpoint" > http://localhost:9765/services/SubscriptionApprovalWorkFlowProcess/</Property>
<Property name= "username" > admin</Property>
<Property name= "password" > admin</Property>
<Property name= "callbackURL" > https://localhost:8243/services/WorkflowCallbackService</Property>
</SubscriptionCreation-->
<UserSignUp executor= "org.wso2.carbon.apimgt.impl.workflow.UserSignUpSimpleWorkflowExecutor" />
<!-- UserSignUp executor="org.wso2.carbon.apimgt.impl.workflow.UserSignUpWSWorkflowExecutor">
<Property name= "serviceEndpoint" > http://localhost:9765/services/UserSignupProcess/</Property>
<Property name= "username" > admin</Property>
<Property name= "password" > admin</Property>
<Property name= "callbackURL" > https://localhost:8243/services/WorkflowCallbackService</Property>
</UserSignUp-->
</WorkFlowExtensions>
<!--
Use this configuration Create APIs at the Server startup
-->
<StartupAPIPublisher >
<!--
Enable/Disable the API Startup Publisher
-->
Enable/Disable the API Startup Publisher
-->
<Enabled > false</Enabled>
<!--
Configuration to create APIs for local endpoints.
Endpoint will be computed as http://${carbon.local.ip}:${mgt.transport.http.port}/Context.
Define many LocalAPI elements as below to create many APIs
for local Endpoints.
IconPath should be relative to CARBON_HOME.
-->
<!--
Configuration to create APIs for remote endpoints.
When Endpoint need to be defined use this configuration.
Define many API elements as below to create many APIs
for external Endpoints.
If you do not need to add Icon or Documentation set
'none' as the value for IconPath & DocumentURL.
-->
Configuration to create APIs for local endpoints.
Endpoint will be computed as http://${carbon.local.ip}:${mgt.transport.http.port}/Context.
Define many LocalAPI elements as below to create many APIs
for local Endpoints.
IconPath should be relative to CARBON_HOME.
-->
<!-- <LocalAPIs> -->
<!-- <LocalAPI> -->
<!-- <Context>/resource</Context> -->
<!-- <Provider>admin</Provider> -->
<!-- <Version>1.0.0</Version> -->
<!-- <IconPath>none</IconPath> -->
<!-- <DocumentURL>none</DocumentURL> -->
<!-- <AuthType>Any</AuthType> -->
<!-- </LocalAPI> -->
<!-- </LocalAPIs> -->
<!--
Configuration to create APIs for remote endpoints.
When Endpoint need to be defined use this configuration.
Define many API elements as below to create many APIs
for external Endpoints.
If you do not need to add Icon or Documentation set
'none' as the value for IconPath & DocumentURL.
-->
<!-- APIs>
<API >
<Context > /resource</Context>
<Endpoint > http://localhost:9764/resource</Endpoint>
<Provider > admin</Provider>
<Version > 1.0.0</Version>
<IconPath > none</IconPath>
<DocumentURL > none</DocumentURL>
<AuthType > Any</AuthType>
</API>
</APIs-->
<API >
<Context > /resource</Context>
<Endpoint > http://localhost:9764/resource</Endpoint>
<Provider > admin</Provider>
<Version > 1.0.0</Version>
<IconPath > none</IconPath>
<DocumentURL > none</DocumentURL>
<AuthType > Any</AuthType>
</API>
</APIs-->
</StartupAPIPublisher>
<!--
Below are set of external APIStores which can be configured to publish an API from current running
APIM server.-->
<!-- <ExternalAPIStores> -->
<!-- Configuration to set the store URL of the current running APIM deployment.
APIs published to external stores will be redirected to this URL-->
<!-- <StoreURL>http://localhost:9763/store</StoreURL>
<ExternalAPIStore id= "Store1" type= "wso2" >
<DisplayName > Store1</DisplayName>
<Endpoint > http://localhost:9764/store</Endpoint>
<Username > xxxx</Username>
<Password > xxxx</Password>
</ExternalAPIStore>
<ExternalAPIStore id= "ProWeb" type= "proWeb" >
<Name > ProgrammableWeb</Name>
<Endpoint > xxxxx</Endpoint>
</ExternalAPIStore>
<ExternalAPIStore id= "Store2" type= "wso2" >
<DisplayName > Store2</DisplayName>
<Endpoint > http://localhost:9764/store</Endpoint>
<Username > xxxx</Username>
<Password > xxxx</Password>
</ExternalAPIStore>
</ExternalAPIStores> -->
<!--
When an API is invoked, a list of handlers get engaged to its execution flow. This
@ -510,15 +495,18 @@
<Enabled > true</Enabled>
<!-- The value of the Access - Control - Allow - Origin header. Default values are
API Store addresses, which is needed for swagger to function.-->
<Access-Control-Allow-Origin > https://localhost:9443,http://localhost:9763</Access-Control-Allow-Origin>
API Store addresses, which is needed for swagger to function.-->
<Access-Control-Allow-Origin > *</Access-Control-Allow-Origin>
<!-- Configure Access - Control - Allow - Methods -->
<Access-Control-Allow-Methods > GET,PUT,POST,DELETE,OPTIONS</Access-Control-Allow-Methods>
<!-- Configure Access - Control - Allow - Headers -->
<Access-Control-Allow-Headers > authorization,Access-Control-Allow-Origin,Content-Type</Access-Control-Allow-Headers>
<!-- Configure Access - Control - Allow - Methods -->
<Access-Control-Allow-Methods > GET,POST,PUT,DELETE,OPTIONS</Access-Control-Allow-Methods>
</CORSConfiguration>
<!-- This property is there to configure velocity log output into existing Log4j carbon Logger.
You can enable this and set preferable Logger name.
-->
<!-- VelocityLogger>VELOCITY</VelocityLogger -->
</APIManager>