Hi Thilina/Prabath,
On Wed, Sep 7, 2011 at 12:26 PM, Senaka Fernando <sen...@wso2.com> wrote:
>
>
> On Wed, Sep 7, 2011 at 12:17 PM, Thilina Buddhika <thili...@wso2.com>wrote:
>
>>
>>
>> On Wed, Sep 7, 2011 at 11:51 AM, Senaka Fernando <sen...@wso2.com> wrote:
>>
>>> That's a choice we need to make; but this still is an Authenticator
>>> (which is an extension of the standard java.net.Authenticator - a part of
>>> JAAS). Realizing that we had a special authenticator configuration file, I
>>> thought it'd be more appropriate to place it there (compared to carbon.xml).
>>>
>>> Our authenticators help external entities (users, systems) log into our
>>> server, and this authenticator helps our server log into external entities
>>> (systems - servers, proxies), which is the difference.
>>>
>>
>> Exactly. That is why I said it is not correct to place them in the same
>> file. The location you picked is correct (carbon.xml). But the configuration
>> element should be renamed.
>>
>
> But, won't calling this something other than authenticator be wrong. This
> is an authenticator (at least Java defines it as such) - so why rename? If
> we do that, we'd be saying Foo is where you define the
> java.net.Authenticator. So why not Foo == Authenticator (which makes it
> obvious)?
>
> IMHO, I think we defining our own world is not the best option, when it
> comes to some standard practice.
>
Ok, what if we add the following to carbon.xml?
<!-- Authenticator Configurations for java.net.Authenticator -->
<NetworkAuthenticator>
<Credential>
<!--
the pattern that would match a subset of URLs for which
this credential
would be used
-->
<Pattern>.*</Pattern>
<!--
the type of the network connection. Allowed values are:
1. server
2. proxy
-->
<Type>server</Type>
<!-- the username used to log in to server/proxy -->
<Username>name</Username>
<!-- the password used to log in to server/proxy -->
<Password>password</Password>
</Credential>
<Credential>
<!--
the pattern that would match a subset of URLs for which
this credential
would be used
-->
<Pattern>.*</Pattern>
<!--
the type of the network connection. Allowed values are:
1. server
2. proxy
-->
<Type>proxy</Type>
<!-- the username used to log in to server/proxy -->
<Username>name</Username>
<!-- the password used to log in to server/proxy -->
<Password>password</Password>
</Credential>
</NetworkAuthenticator>
Thanks,
Senaka.
>
> Thanks,
> Senaka.
>
>
>> Thanks,
>> Thilina
>>
>>
>>>
>>> Thanks,
>>> Senaka.
>>>
>>>
>>> On Wed, Sep 7, 2011 at 10:59 AM, Thilina Buddhika <thili...@wso2.com>wrote:
>>>
>>>> But authenticators.xml is for Carbon Authenticators. And this is for a
>>>> different purpose. So having them in a single file does not make sense to
>>>> me.
>>>
>>>
>>>> Thanks,
>>>> Thilina
>>>>
>>>> On Wed, Sep 7, 2011 at 10:42 AM, Senaka Fernando <sen...@wso2.com>wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> On Wed, Sep 7, 2011 at 12:46 AM, Thilina Buddhika
>>>>> <thili...@wso2.com>wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Wed, Sep 7, 2011 at 12:43 AM, Thilina Buddhika
>>>>>> <thili...@wso2.com>wrote:
>>>>>>
>>>>>>> Hi Senaka,
>>>>>>>
>>>>>>> I have to agree with Prabath. We already have a configuration similar
>>>>>>> to the following in the authenticators.xml file inside conf/advanced.
>>>>>>>
>>>>>>> <Authenticators xmlns="
>>>>>>> http://wso2.org/projects/carbon/authenticators.xml";>
>>>>>>>
>>>>>>> <!-- Authenticator Configurations for TokenUIAuthenticator -->
>>>>>>> <Authenticator name="TokenUIAuthenticator" disabled="true">
>>>>>>> <Priority>5</Priority>
>>>>>>> </Authenticator>
>>>>>>>
>>>>>>> .....
>>>>>>>
>>>>>>> </Authenticators>
>>>>>>>
>>>>>>> So having defined the same element Authenticator in the carbon.xml
>>>>>>> for a different reason may confuse the user.
>>>>>>>
>>>>>>> AFAIK, this is used when some Carbon code is acting as a client to
>>>>>>> access a remote resource. In the configurations you have shared, you are
>>>>>>> passing a set of configurations to the authenticators, not the
>>>>>>> information
>>>>>>> about authenticator itself. So how about using something like
>>>>>>> ClientAuthenticationConfiguration instead of Authenticator ?
>>>>>>>
>>>>>>
>>>>>> s/ClientAuthenticationConfiguration/AuthenticationConfiguration
>>>>>>
>>>>>
>>>>> Actually, this is used to construct an extension of
>>>>> java.net.Authenticator, [1] for carbon. But, these are actually
>>>>> credentials,
>>>>> so may be we can use the name you suggest. But, I have a better plan, how
>>>>> about adding the following to authenticators.xml?
>>>>>
>>>>> <!-- Authenticator Configurations for java.net.Authenticator -->
>>>>> <Authenticator name="JavaNetworkAuthenticator">
>>>>> <Credential>
>>>>> <!--
>>>>> the pattern that would match a subset of URLs for
>>>>> which this credential
>>>>>
>>>>> would be used
>>>>> -->
>>>>> <Pattern>.*</Pattern>
>>>>> <!--
>>>>> the type of the network connection. Allowed values
>>>>> are:
>>>>>
>>>>> 1. server
>>>>> 2. proxy
>>>>> -->
>>>>> <Type>server</Type>
>>>>> <!-- the username used to log in to server/proxy -->
>>>>> <Username>name</Username>
>>>>> <!-- the password used to log in to server/proxy -->
>>>>> <Password>password</Password>
>>>>> </Credential>
>>>>> <Credential>
>>>>> <!--
>>>>> the pattern that would match a subset of URLs for
>>>>> which this credential
>>>>>
>>>>> would be used
>>>>> -->
>>>>> <Pattern>.*</Pattern>
>>>>> <!--
>>>>> the type of the network connection. Allowed values
>>>>> are:
>>>>>
>>>>> 1. server
>>>>> 2. proxy
>>>>> -->
>>>>> <Type>proxy</Type>
>>>>> <!-- the username used to log in to server/proxy -->
>>>>> <Username>name</Username>
>>>>> <!-- the password used to log in to server/proxy -->
>>>>> <Password>password</Password>
>>>>> </Credential>
>>>>> </Authenticator>
>>>>>
>>>>> [1]
>>>>> http://download.oracle.com/javase/1.5.0/docs/api/java/net/Authenticator.html
>>>>>
>>>>> Thanks,
>>>>> Senaka.
>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> Thilina
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Thilina
>>>>>>>
>>>>>>> On Tue, Sep 6, 2011 at 11:58 AM, Senaka Fernando <sen...@wso2.com>wrote:
>>>>>>>
>>>>>>>> Hi Prabath,
>>>>>>>>
>>>>>>>> On Tue, Sep 6, 2011 at 7:56 AM, Prabath Siriwardena <
>>>>>>>> prab...@wso2.com> wrote:
>>>>>>>>
>>>>>>>>> Hi Senaka,
>>>>>>>>>
>>>>>>>>> On Tue, Sep 6, 2011 at 1:47 AM, Senaka Fernando <sen...@wso2.com>
>>>>>>>>> wrote:
>>>>>>>>> > I've given this the name because this is standard Java
>>>>>>>>> terminology. What we
>>>>>>>>> > are implementing is an extension of java.net.Authenticator.
>>>>>>>>> Giving this some
>>>>>>>>> > other name would confuse somebody. Also having said that,
>>>>>>>>> Authenticator in
>>>>>>>>> > the java world is something that provides credentials for
>>>>>>>>> authentication.
>>>>>>>>> > But the CarbonAuthenticator IIRC is not doing quite that, making
>>>>>>>>> the latter
>>>>>>>>> > inconsistent. But, since we have been having it for a while, I'm
>>>>>>>>> not sure
>>>>>>>>> > what's the correct choice here. Anyway, giving this some other
>>>>>>>>> name does not
>>>>>>>>> > sound the correct thing to do.
>>>>>>>>>
>>>>>>>>> Even carbon authenticators take different type of credentials...
>>>>>>>>> and
>>>>>>>>> this seems more like a proxy proxy configuration..
>>>>>>>>>
>>>>>>>>> This is the configuration [1] already used for axis2.
>>>>>>>>>
>>>>>>>>> <parameter name="PROXY"
>>>>>>>>> proxy_host="proxy_host_name"
>>>>>>>>> proxy_port="proxy_host_port"
>>>>>>>>> locked="true>userName:domain:passWord</parameter>
>>>>>>>>>
>>>>>>>>> >
>>>>>>>>> > According to my understanding, with regard to proxy configuration
>>>>>>>>> in Axis2,
>>>>>>>>> > that's only if the server is fronted by a proxy while lies
>>>>>>>>> between client
>>>>>>>>> > and server (ex:- Apache2 mod_proxy). This fix is to allow the
>>>>>>>>> server to
>>>>>>>>> > access resources that lie behind multiple proxies (ex:- to access
>>>>>>>>> WSDL
>>>>>>>>> > behind URL 1 you need proxy settings 1, and to access WSDL behind
>>>>>>>>> URL 2 you
>>>>>>>>> > need proxy settings 2). So, what you have in Axis2 is
>>>>>>>>> client-oriented (i.e.
>>>>>>>>> > for fixing WSDL URLs appropriately and all), and what we have
>>>>>>>>> introduced in
>>>>>>>>> > here is server-oriented.
>>>>>>>>>
>>>>>>>>> IIUC in your scenario Carbon server is trying to access a resource
>>>>>>>>> behind a proxy and you need to authenticate to the proxy..
>>>>>>>>> Shouldn't
>>>>>>>>> this the same at the axis2 client end.. but this doesn't have
>>>>>>>>> multiple
>>>>>>>>> proxy support as you mentioned. In either case shouldn't this
>>>>>>>>> something to be in axis2.xml..? [not in carbon.xml]
>>>>>>>>>
>>>>>>>>
>>>>>>>> This is not a transport-level thing that applies only to
>>>>>>>> webservices. Axis2 is a webservices engine and this goes beyond that.
>>>>>>>> For
>>>>>>>> example, new URL("foo") call inside Java code, or accessing some
>>>>>>>> resource
>>>>>>>> through a web application is covered by this implementation. Also,
>>>>>>>> this is
>>>>>>>> not only for a proxy, but you can use it to access resources stored on
>>>>>>>> a
>>>>>>>> webserver that requires Basic, Digest, NTLM or SPNEGO authentication.
>>>>>>>> If we
>>>>>>>> introduce this into Axis2, it would be doing something additional (i.e.
>>>>>>>> beyond its scope). What Axis2 has right now is sufficient for its
>>>>>>>> use-cases,
>>>>>>>> and this is something beyond that.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Senaka.
>>>>>>>>
>>>>>>>>
>>>>>>>>> Thanks & regards,
>>>>>>>>> -Prabath
>>>>>>>>>
>>>>>>>>> [1]: http://wso2.org/library/161
>>>>>>>>> _______________________________________________
>>>>>>>>> Carbon-dev mailing list
>>>>>>>>> Carbon-dev@wso2.org
>>>>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Senaka Fernando*
>>>>>>>> Product Manager - WSO2 Governance Registry;
>>>>>>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com*
>>>>>>>> Member; Apache Software Foundation; http://apache.org
>>>>>>>>
>>>>>>>> E-mail: senaka AT wso2.com
>>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>>>>>>>> Linked-In: http://linkedin.com/in/senakafernando
>>>>>>>>
>>>>>>>> *Lean . Enterprise . Middleware
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Carbon-dev mailing list
>>>>>>>> Carbon-dev@wso2.org
>>>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Thilina Buddhika
>>>>>>>
>>>>>>> Associate Technical Lead
>>>>>>> WSO2 Inc. ; http://wso2.com
>>>>>>> lean . enterprise . middleware
>>>>>>>
>>>>>>> phone : +94 77 44 88 727
>>>>>>> blog : http://blog.thilinamb.com
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thilina Buddhika
>>>>>> Associate Technical Lead
>>>>>> WSO2 Inc. ; http://wso2.com
>>>>>> lean . enterprise . middleware
>>>>>>
>>>>>> phone : +94 77 44 88 727
>>>>>> blog : http://blog.thilinamb.com
>>>>>>
>>>>>> _______________________________________________
>>>>>> Carbon-dev mailing list
>>>>>> Carbon-dev@wso2.org
>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Senaka Fernando*
>>>>> Product Manager - WSO2 Governance Registry;
>>>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com*
>>>>> Member; Apache Software Foundation; http://apache.org
>>>>>
>>>>> E-mail: senaka AT wso2.com
>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>>>>> Linked-In: http://linkedin.com/in/senakafernando
>>>>>
>>>>> *Lean . Enterprise . Middleware
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Architecture mailing list
>>>>> architect...@wso2.org
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thilina Buddhika
>>>> Associate Technical Lead
>>>> WSO2 Inc. ; http://wso2.com
>>>> lean . enterprise . middleware
>>>>
>>>> phone : +94 77 44 88 727
>>>> blog : http://blog.thilinamb.com
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> architect...@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>> *Senaka Fernando*
>>> Product Manager - WSO2 Governance Registry;
>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com*
>>> Member; Apache Software Foundation; http://apache.org
>>>
>>> E-mail: senaka AT wso2.com
>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>>> Linked-In: http://linkedin.com/in/senakafernando
>>>
>>> *Lean . Enterprise . Middleware
>>>
>>>
>>> _______________________________________________
>>> Carbon-dev mailing list
>>> Carbon-dev@wso2.org
>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>
>>>
>>
>>
>> --
>> Thilina Buddhika
>> Associate Technical Lead
>> WSO2 Inc. ; http://wso2.com
>> lean . enterprise . middleware
>>
>> phone : +94 77 44 88 727
>> blog : http://blog.thilinamb.com
>>
>> _______________________________________________
>> Architecture mailing list
>> architect...@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> *Senaka Fernando*
> Product Manager - WSO2 Governance Registry;
> Associate Technical Lead; WSO2 Inc.; http://wso2.com*
> Member; Apache Software Foundation; http://apache.org
>
> E-mail: senaka AT wso2.com
> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
> Linked-In: http://linkedin.com/in/senakafernando
>
> *Lean . Enterprise . Middleware
>
>
--
*Senaka Fernando*
Product Manager - WSO2 Governance Registry;
Associate Technical Lead; WSO2 Inc.; http://wso2.com*
Member; Apache Software Foundation; http://apache.org
E-mail: senaka AT wso2.com
**P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
Linked-In: http://linkedin.com/in/senakafernando
*Lean . Enterprise . Middleware
_______________________________________________
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
