+1 for Nandana as the Release Manager Regards Lahiru Sandakith
On Mon, Jul 7, 2008 at 6:03 PM, Davanum Srinivas <[EMAIL PROTECTED]> wrote: > Nandana, > > +1 from me for you to be the Release Manager for 1.4.1 > > IMHO, we should use 1.4 branch. The *ONLY* change should be the > security change. Nothing more. > > thanks, > dims > > On Mon, Jul 7, 2008 at 6:50 AM, Nandana Mihindukulasooriya > <[EMAIL PROTECTED]> wrote: > > I would like to volunteer to be the release manager for Axis2 1.4.1. > > > > I think we can fix the critical issues in the 1.4 branch (or a 1.4.1 > branch > > ) and do the 1.4.1 release. I don't think doing 1.4.1 from the trunk is > the > > appropriate way as trunk is now java 1.5 and has lot of major changes > after > > Axis2 1.4 . However we can fix any issues that are not already fixed in > the > > trunk at the same time when we fix those in the branch. > > > > Hope this is oky with Axis2 release guidelines. > > > > thanks, > > nandana > > > > On Tue, Jul 1, 2008 at 6:39 PM, Davanum Srinivas <[EMAIL PROTECTED]> > wrote: > >> > >> IMHO, The logic is the same as for blockers. If there is a work > >> around, it's not a blocker. So i am +0 on a 1.4.1 since there is a > >> work around that can be documented. > >> > >> That said, If someone is willing to drive a 1.4.1 as the release > >> manager, please do go ahead. > >> > >> thanks, > >> dims > >> > >> On Tue, Jul 1, 2008 at 2:48 AM, Sanka Samaranayake <[EMAIL PROTECTED]> > >> wrote: > >> > Hi, > >> > > >> > For the users who is already using 1.4 version, the workaround would > be > >> > to > >> > define policies in services.xml without using <wsa:PolicyAttachment>. > >> > Then > >> > the problem is that those policies will appear in <wsdl:PortType> > which > >> > is > >> > not correct but security will apply for both format of service URLs. > >> > > >> > Hence +1 for fixing that issue and do 1.4.1 release. > >> > > >> > Thanks, > >> > Sanka > >> > > >> > > >> > On Mon, Jun 30, 2008 at 8:59 PM, Nandana Mihindukulasooriya > >> > <[EMAIL PROTECTED]> wrote: > >> >> > >> >> Hi, > >> >> There are few issues with Axis2 1.4 / Rampart 1.4 with the new > >> >> policy > >> >> configuration. The new policy configuration which allows us to apply > >> >> policies to binding hierarchy is a great feature when in comes to ws > >> >> security policy configuration. It allows security policies to be > >> >> attached to > >> >> the correct attachment points. But there are few issues that need to > be > >> >> fixed in Axis2 1.4. I will list them below. > >> >> 1.) If we configure security using new configuration, service can > >> >> be > >> >> accessed without security. > >> >> In Axis2 1.4, a service is exposed in two EPRs (consider > SOAP > >> >> 1.1 > >> >> binding). > >> >> eg. > >> >> > >> >> > >> >> > http://localhost:8080/axis2/services/SecureService.SecureServiceHttpSoap11Endpoint > >> >> http://localhost:8080/axis2/services/SecureService > >> >> But if we you set the policies using the new configuration, > >> >> if > >> >> you do a web service call to the older EPR, you can access the > service > >> >> without any security even though it is secured using the binding > >> >> hierarchy. > >> >> This happens because if we call the old EPR, it is not dispatched to > a > >> >> binding. But this leaves the service vulnerable. I think we should > >> >> dispatch > >> >> to one of the bindings may be using soap envelope version if we have > >> >> only > >> >> one binding with that soap version. We should have a way to dispatch > >> >> messages which comes to old EPR to one of the bindings else we should > >> >> have > >> >> an option to disable that EPR. > >> >> > >> >> 2.) In the out flow, policies are not set correctly in the > binding > >> >> message. > >> >> This is fixed in the trunk but this bug is there in Axis2 > >> >> 1.4. > >> >> > >> >> So the option we have is to configure security using the old > >> >> configuration. But then the problem is policies are attached to the > >> >> port > >> >> type which is the correct way to do if we have policies using > >> >> <service>,<operation><message> tags. But this makes Axis2 not > >> >> interoperable > >> >> as security policies should be attached to binding hierarchy > according > >> >> WS > >> >> Security policy specification. Ideally we should always use the new > >> >> configuration to apply security. And code generation also doesn't > work > >> >> correctly when the policies attached to the port type (polices are > not > >> >> correctly attached to the stub). > >> >> > >> >> So I think it would be great if can consider a Axis2 1.4.1 with > >> >> these > >> >> things fixed. > >> >> > >> >> thanks, > >> >> nandana > >> > > >> > > >> > -- > >> > Sanka Samaranayake > >> > WSO2 Inc. > >> > > >> > http://sankas.blogspot.com/ > >> > http://www.wso2.org/ > >> > >> > >> > >> -- > >> Davanum Srinivas :: http://davanum.wordpress.com > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > > > > > > -- > Davanum Srinivas :: http://davanum.wordpress.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Thanks Lahiru Sandakith http://sandakith.wordpress.com/ GPG Key Fingerprint : 8CD8 68E0 4CBC 75CB 25BC 1AB1 FE5E 7464 1F01 9A0F