Hi, On Tue, Jun 5, 2012 at 11:36 AM, Senaka Fernando <sen...@wso2.com> wrote:
> Hi Isuru, > > We can go ahead with using the local repo. No questions on that. Securing > access is something we need to sort out separately AFAIU. > > Hi AmilaJ, > > How do we secure access to System Registries for tenants right now? Don't > we do that at all? > > Thanks, > Senaka. > > > On Tue, Jun 5, 2012 at 10:45 AM, Isuru Suriarachchi <is...@wso2.com>wrote: > >> Senaka, this is something we have to get sorted soon for our stats >> persistence implementation. Therefore it'll be great if someone from the >> G-Reg team can help on this. >> >> Thanks, >> ~Isuru >> >> >> On Mon, Jun 4, 2012 at 11:39 PM, Senaka Fernando <sen...@wso2.com> wrote: >> >>> Hi Supun, >>> >>> I'm not sure about the exact status, but the System Governance and >>> System Config Registries and the Local Repository needs to have same level >>> of security from tenant users being able to access that. May be AmilaJ >>> knows about the exact security levels, or let's scan through the code >>> tomorrow if possible. >>> >> If all reg. instances should be having same sec. level I don't think my change could break anything existing regarding security permissions, since all reg types are access through same api. Hence will commit my changes(mentioned earlier) since it's blocking my pending changes. We have to tract the registry access permissions for tenants as a separate matter. Registry/security folks please note. I'll have a look into code as well. thanks, > >>> Thanks, >>> Senaka. >>> >>> >>> On Mon, Jun 4, 2012 at 10:29 PM, Supun Malinga <sup...@wso2.com> wrote: >>> >>>> Hi, >>>> >>>> On Sat, Jun 2, 2012 at 4:01 PM, Supun Malinga <sup...@wso2.com> wrote: >>>> >>>>> Hi Senaka,, >>>>> >>>>> On Sat, Jun 2, 2012 at 3:27 PM, Senaka Fernando <sen...@wso2.com>wrote: >>>>> >>>>>> Hi Supun, >>>>>> >>>>>> Did you take a look into that link I shared? The local repository is >>>>>> in use someway in there. I wonder how that works @ all. >>>>>> >>>>> yeah I had a look. But not sure if local reg. plays a part in capp >>>>> persistence. May be Isuru can shed some light on that. >>>>> >>>>> >>>>>> Anyway, for internal-use, I don't see anything wrong in making this >>>>>> available. But, may be we need to restrict access to this, and thereby >>>>>> disallow a tenant user from getting hold of this. >>>>>> >>>>> How do we do this? >>>>> >>>> >>>> As I mentioned in previous replies i'm retrieving tenants' local >>>> registry instance via, >>>> * >>>> SuperTenantCarbonContext.getCurrentContext(axisConfig).getRegistry(RegistryType.LOCAL_REPOSITORY) >>>> * >>>> * >>>> * >>>> Is this restricted to users? Else how do we restrict that? >>>> Also is there other other ways to retrieve the tenants' local registry >>>> (for users) and are they secure? >>>> >>>> Appreciate any help on resolving this. >>>> >>>> thanks, >>>> >>>>> >>>>> thanks, >>>>> >>>>>> >>>>>> Thanks, >>>>>> Senaka. >>>>>> >>>>>> >>>>>> On Sat, Jun 2, 2012 at 3:09 PM, Supun Malinga <sup...@wso2.com>wrote: >>>>>> >>>>>>> Hi all. >>>>>>> >>>>>>> I was able to figure out to initialize|set the local registry for >>>>>>> tenants. See following diff, >>>>>>> >>>>>>> Index: >>>>>>> src/main/java/org/wso2/carbon/core/multitenancy/TenantAxisConfigurator.java >>>>>>> =================================================================== >>>>>>> --- >>>>>>> src/main/java/org/wso2/carbon/core/multitenancy/TenantAxisConfigurator.java >>>>>>> (revision >>>>>>> 129104) >>>>>>> +++ >>>>>>> src/main/java/org/wso2/carbon/core/multitenancy/TenantAxisConfigurator.java >>>>>>> (working >>>>>>> copy) >>>>>>> @@ -430,6 +430,9 @@ >>>>>>> >>>>>>> carbonContext.setRegistry(RegistryType.SYSTEM_GOVERNANCE, >>>>>>> >>>>>>> CarbonCoreDataHolder.getInstance().getRegistryService() >>>>>>> .getGovernanceSystemRegistry(tenantId)); >>>>>>> + carbonContext.setRegistry(RegistryType.LOCAL_REPOSITORY, >>>>>>> + >>>>>>> CarbonCoreDataHolder.getInstance().getRegistryService(). >>>>>>> + getLocalRepository(tenantId)); >>>>>>> >>>>>>> With this above code fragment works for getting local repository of >>>>>>> tenants. Also I was able to get statistics persistence working fine. >>>>>>> It this the correct way to handle? I think this is a valid >>>>>>> requirement for having a local registry for tenants if that's in doubt. >>>>>>> If this is fine I will commit the changes after running all the >>>>>>> tests. >>>>>>> Please advice. >>>>>>> >>>>>>> thanks, >>>>>>> >>>>>>> On Fri, Jun 1, 2012 at 8:06 PM, Senaka Fernando <sen...@wso2.com>wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Fri, Jun 1, 2012 at 8:02 PM, Senaka Fernando <sen...@wso2.com>wrote: >>>>>>>> >>>>>>>>> Hi Azeez, >>>>>>>>> >>>>>>>>> I don't think there should be a reason as to why you can't obtain >>>>>>>>> this. See [1] for example. >>>>>>>>> >>>>>>>>> However, though this was allowed through the >>>>>>>>> SuperTenantCarbonContext there are (or might have been) some security >>>>>>>>> checks that disallowed tenant code from getting hold of this. AmilaJ >>>>>>>>> might >>>>>>>>> know about the latest state of that. But, according to my >>>>>>>>> understanding >>>>>>>>> that's a separate issue from what Supun is asking here. Am I missing >>>>>>>>> something? >>>>>>>>> >>>>>>>> >>>>>>>> Sorry wrong URL, [1]. >>>>>>>> >>>>>>>> [1] >>>>>>>> https://svn.wso2.org/repos/wso2/carbon/kernel/trunk/core/org.wso2.carbon.application.deployer/src/main/java/org/wso2/carbon/application/deployer/persistence/CarbonAppPersistenceManager.java >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Senaka. >>>>>>>> >>>>>>>>> >>>>>>>>> [1] >>>>>>>>> http://wso2.org/svn/browse/wso2/trunk/carbon/core/org.wso2.carbon.application.deployer/src/main/java/org/wso2/carbon/application/deployer/persistence/CarbonAppPersistenceManager.java?view=markup >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Senaka. >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Jun 1, 2012 at 6:57 PM, Afkham Azeez <az...@wso2.com>wrote: >>>>>>>>> >>>>>>>>>> Senaka, >>>>>>>>>> I think the question is, is there some rationale behind not >>>>>>>>>> giving the tenant a local registry instance. Did we conclude that it >>>>>>>>>> does >>>>>>>>>> not make sense for a tenant to have a local registry. Can you >>>>>>>>>> remember >>>>>>>>>> anything related to this? >>>>>>>>>> >>>>>>>>>> On Thu, May 31, 2012 at 1:50 PM, Senaka Fernando <sen...@wso2.com >>>>>>>>>> > wrote: >>>>>>>>>> >>>>>>>>>>> Hi Supun, >>>>>>>>>>> >>>>>>>>>>> CarbonContext will not just give you what you want. Somebody >>>>>>>>>>> needs to first populate that with what it can return back. Now you >>>>>>>>>>> can go >>>>>>>>>>> have a look on who populates these fields, and you should be able >>>>>>>>>>> to find >>>>>>>>>>> the cause for this being null. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Senaka. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Thu, May 31, 2012 at 12:03 PM, Supun Malinga <sup...@wso2.com >>>>>>>>>>> > wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Senaka, >>>>>>>>>>>> >>>>>>>>>>>> Any idea on this? >>>>>>>>>>>> I do get valid objects when I query for config reg., gov. reg. >>>>>>>>>>>> in same method. >>>>>>>>>>>> eg:* >>>>>>>>>>>> *SuperTenantCarbonContext.getCurrentContext(axisConfig).getRegistry(RegistryType.USER_GOVERNANCE) >>>>>>>>>>>> works fine. >>>>>>>>>>>> >>>>>>>>>>>> thanks, >>>>>>>>>>>> >>>>>>>>>>>> On Thu, May 31, 2012 at 8:55 AM, Supun Malinga <sup...@wso2.com >>>>>>>>>>>> > wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi devs, >>>>>>>>>>>>> >>>>>>>>>>>>> How to do $subject using axisConfig. ? >>>>>>>>>>>>> I tried, >>>>>>>>>>>>> * >>>>>>>>>>>>> SuperTenantCarbonContext.getCurrentContext(axisConfig).getRegistry(RegistryType.LOCAL_REPOSITORY) >>>>>>>>>>>>> * >>>>>>>>>>>>> but this always return null for tenants other than super >>>>>>>>>>>>> tenant. >>>>>>>>>>>>> >>>>>>>>>>>>> Whats the correct and accurate way to handle this.? >>>>>>>>>>>>> >>>>>>>>>>>>> thanks, >>>>>>>>>>>>> -- >>>>>>>>>>>>> Supun Malinga, >>>>>>>>>>>>> >>>>>>>>>>>>> Software Engineer, >>>>>>>>>>>>> WSO2 Inc. >>>>>>>>>>>>> http://wso2.com >>>>>>>>>>>>> http://wso2.org >>>>>>>>>>>>> email - sup...@wso2.com <sup...@wso2.com> >>>>>>>>>>>>> mobile - 071 56 91 321 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Supun Malinga, >>>>>>>>>>>> >>>>>>>>>>>> Software Engineer, >>>>>>>>>>>> WSO2 Inc. >>>>>>>>>>>> http://wso2.com >>>>>>>>>>>> http://wso2.org >>>>>>>>>>>> email - sup...@wso2.com <sup...@wso2.com> >>>>>>>>>>>> mobile - 071 56 91 321 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> *Senaka Fernando* >>>>>>>>>>> Product Manager - WSO2 Governance Registry; >>>>>>>>>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>>>>>> >>>>>>>>>>> E-mail: senaka AT wso2.com >>>>>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>>>>>> >>>>>>>>>>> *Lean . Enterprise . Middleware >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Dev mailing list >>>>>>>>>>> Dev@wso2.org >>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> *Afkham Azeez* >>>>>>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>>>>> * <http://www.apache.org/>** >>>>>>>>>> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 >>>>>>>>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>>>>>>>> twitter: >>>>>>>>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>>>>>>>> * >>>>>>>>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>>>>>>>> >>>>>>>>>> * >>>>>>>>>> * >>>>>>>>>> *Lean . Enterprise . Middleware* >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Senaka Fernando* >>>>>>>>> Member - Integration Technologies Management Committee; >>>>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>>>> >>>>>>>>> E-mail: senaka AT wso2.com >>>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>>>> >>>>>>>>> *Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Senaka Fernando* >>>>>>>> Member - Integration Technologies Management Committee; >>>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>>> >>>>>>>> E-mail: senaka AT wso2.com >>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>>> >>>>>>>> *Lean . Enterprise . Middleware >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Supun Malinga, >>>>>>> >>>>>>> Software Engineer, >>>>>>> WSO2 Inc. >>>>>>> http://wso2.com >>>>>>> http://wso2.org >>>>>>> email - sup...@wso2.com <sup...@wso2.com> >>>>>>> mobile - 071 56 91 321 >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Senaka Fernando* >>>>>> Member - Integration Technologies Management Committee; >>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>> Member; Apache Software Foundation; http://apache.org >>>>>> >>>>>> E-mail: senaka AT wso2.com >>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>> >>>>>> *Lean . Enterprise . Middleware >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Supun Malinga, >>>>> >>>>> Software Engineer, >>>>> WSO2 Inc. >>>>> http://wso2.com >>>>> http://wso2.org >>>>> email - sup...@wso2.com <sup...@wso2.com> >>>>> mobile - 071 56 91 321 >>>>> >>>>> >>>> >>>> >>>> -- >>>> Supun Malinga, >>>> >>>> Software Engineer, >>>> WSO2 Inc. >>>> http://wso2.com >>>> http://wso2.org >>>> email - sup...@wso2.com <sup...@wso2.com> >>>> mobile - 071 56 91 321 >>>> >>>> >>> >>> >>> -- >>> *Senaka Fernando* >>> Member - Integration Technologies Management Committee; >>> Technical Lead; WSO2 Inc.; http://wso2.com* >>> Member; Apache Software Foundation; http://apache.org >>> >>> E-mail: senaka AT wso2.com >>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>> Linked-In: http://linkedin.com/in/senakafernando >>> >>> *Lean . Enterprise . Middleware >>> >>> >> >> >> -- >> Isuru Suriarachchi >> Senior Technical Lead >> WSO2 Inc. http://wso2.com >> email : is...@wso2.com >> blog : http://isurues.wordpress.com/ >> >> lean . enterprise . middleware >> >> > > > -- > *Senaka Fernando* > Member - Integration Technologies Management Committee; > Technical Lead; WSO2 Inc.; http://wso2.com* > Member; Apache Software Foundation; http://apache.org > > E-mail: senaka AT wso2.com > **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 > Linked-In: http://linkedin.com/in/senakafernando > > *Lean . Enterprise . Middleware > > -- Supun Malinga, Software Engineer, WSO2 Inc. http://wso2.com http://wso2.org email - sup...@wso2.com <sup...@wso2.com> mobile - 071 56 91 321
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
