Hi Johann, After looking through the new implementation of the *SecurityDeploymentIntercepter.java *file in the latest GIT source code[1] , I could find that this "allowRoles" parameter related implementation has been removed. Entire implementation of the *applySecurityParameters(AxisService service, SecurityScenario secScenario)* method has been removed and that method is blank. What is the reason for this?
@Sohani: This is the reason that this parameter is not working in the latest 4.9.0 ESB pack. [1] https://github.com/wso2/carbon-identity/blob/master/components/security/org.wso2.carbon.security.mgt/src/main/java/org/wso2/carbon/security/deployment/SecurityDeploymentInterceptor.java Thanks, Chanaka On Mon, Apr 6, 2015 at 11:35 AM, Chanaka Fernando <chana...@wso2.com> wrote: > Hi KasunG, > > I have checked on the source code of the previous implementation and > according to that, when applying security through Management console and > through "allowRoles" service parameter, it executes the same code on the > Security side (please see below). > > *SecurityConfigAdmin.java (Executes when applying through Management > Console)* > > if (userGroups != null) { > for (String value : userGroups) { > AuthorizationManager acAdmin = > realm.getAuthorizationManager(); > > acAdmin.authorizeRole(value, > serviceGroupId+"/"+service.getName(), > > UserCoreConstants.INVOKE_SERVICE_PERMISSION); > } > } > > > > *SecurityDeploymentIntercepter.java (Executes when applying through > "allowRoles" parameter)* > > Parameter allowRolesParameter = > service.getParameter("allowRoles"); > > if(allowRolesParameter!= null && > allowRolesParameter.getValue() != null){ > > AuthorizationManager manager = > userRealm.getAuthorizationManager(); > String resourceName = serviceGroupId + "/" + serviceName; > String[] roles = > manager.getAllowedRolesForResource(resourceName, > > UserCoreConstants.INVOKE_SERVICE_PERMISSION); > if(roles != null){ > for (String role : roles) { > manager.clearRoleAuthorization(role, resourceName, > > UserCoreConstants.INVOKE_SERVICE_PERMISSION); > } > } > > String value = (String) allowRolesParameter.getValue(); > String[] allowRoles = value.split(",") ; > if(allowRoles != null){ > for(String role : allowRoles){ > > userRealm.getAuthorizationManager().authorizeRole(role, resourceName, > > UserCoreConstants.INVOKE_SERVICE_PERMISSION); > } > } > } > > > Since this is a service level parameter, we can use this for all axis2 > services. If that is the case, we can go with this parameter instead of > having properties at registry resource level. WDYT? > > @Sohani: I will look in the 4.9.0 related issue when using this parameter. > > > Thanks, > Chanaka > > > On Thu, Apr 2, 2015 at 5:25 PM, Chanaka Fernando <chana...@wso2.com> > wrote: > >> Hi Sohani, >> >> Please see my comments inline. >> >> AFAIK when we deploy a proxy which has allowRoles parameter, the >> 'UM_PERMISSION ' table is getting updated and an entry is created with that >> ID in the UM_ROLE_PERMISSION table. This works fine with ESB 4.8.1 but with >> ESB 4.9.0 the UM_PERMISSION table is not getting updated. Therefore, I >> think we need to modify the existing deployer to handle this task as we >> have discussed during the last meeting. Correct me if I am wrong. >> >> -- I have also checked in the code and this "allowRoles" property do the >> same operation in the JDBCAuthorizationManager class when we add the user >> roles from the management console. So it should work as expected. But >> KasunG's point is that this is a kind of a quick fix and this may not work >> for axis2 services. >> >> When concerning the new suggestion of including the user role information >> as a registry property of the registry resource, how can we handle updating >> the user role information in the database since we don't have the proxy >> information at the time we create the policy file? Can someone please >> advise on the way to proceed with this. >> >> -- Here you don't need to add this information to the database from DevS >> side. At the deployment time, deployer will check the user role from the >> resource properties and add that to the relevant database using the >> JDBCAuthorizationManager class. >> >> Shall we have a meeting to discuss about this further? WDYT? >> >> +1 for a meeting. >> >> >> Thanks, >> Chanaka >> >> >> >> >> On Thu, Apr 2, 2015 at 3:32 PM, Sohani Weerasinghe <soh...@wso2.com> >> wrote: >> >>> Hi All, >>> >>> AFAIK when we deploy a proxy which has allowRoles parameter, the >>> 'UM_PERMISSION ' table is getting updated and an entry is created with that >>> ID in the UM_ROLE_PERMISSION table. This works fine with ESB 4.8.1 but with >>> ESB 4.9.0 the UM_PERMISSION table is not getting updated. Therefore, I >>> think we need to modify the existing deployer to handle this task as we >>> have discussed during the last meeting. Correct me if I am wrong. >>> >>> When concerning the new suggestion of including the user role >>> information as a registry property of the registry resource, how can we >>> handle updating the user role information in the database since we don't >>> have the proxy information at the time we create the policy file? Can >>> someone please advise on the way to proceed with this. >>> >>> Shall we have a meeting to discuss about this further? WDYT? >>> >>> Thanks, >>> Sohani >>> >>> >>> Sohani Weerasinghe >>> Software Engineer >>> WSO2, Inc: http://wso2.com >>> >>> Mobile : +94 716439774 >>> Blog :http://christinetechtips.blogspot.com/ >>> Twitter : https://twitter.com/sohanichristine >>> >>> On Tue, Mar 31, 2015 at 5:11 PM, KasunG Gajasinghe <kas...@wso2.com> >>> wrote: >>> >>>> Hi, >>>> >>>> On Tue, Mar 31, 2015 at 4:59 PM, Isuru Udana <isu...@wso2.com> wrote: >>>> >>>>> Hi KasunG, >>>>> >>>>> On Tue, Mar 31, 2015 at 4:32 PM, KasunG Gajasinghe <kas...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Two questions - >>>>>> >>>>>> 1. Why do we need a separate axis2 deployer to handle just user roles? >>>>>> >>>>> We were thinking about modifying existing deployers (proxy deployer >>>>> etc) to call the relevant component in the security side. >>>>> >>>> >>>> To add the policy to a service, you can also use an AxisObserver. With >>>> this, you won't need to patch the deployers. You can re-use the existing >>>> code in DeploymentInterceptor class in carbon core component on applying >>>> policies to runtime AxisService object. >>>> >>>> >>>>> >>>>> >>>>>> >>>>>> 2. Isn't it much cleaner if we keep the list of user roles as a >>>>>> registry property of the registry resource that contains the policy? >>>>>> Then, >>>>>> this won't depend on the service type, and the security configuration >>>>>> will >>>>>> be located in a single place. I believe allowRoles was provided as a >>>>>> quick >>>>>> fix for a support ticket. >>>>>> >>>>> This is a very good suggestion. Let's consider this option as well. >>>>> >>>> >>>> Sounds good! >>>> >>>> >>>>> >>>>>> Thanks. >>>>>> >>>>>> On Tue, Mar 31, 2015 at 3:53 PM, Sohani Weerasinghe <soh...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Meeting notes is as follows >>>>>>> >>>>>>> Participants: Jasintha, Susinda, Awanthika, Chanaka, IsuruU, Johann, >>>>>>> Godwin, Dulindra, Sohani >>>>>>> >>>>>>> Notes: >>>>>>> >>>>>>> From the Developer Studio perspective, currently we are implementing >>>>>>> the security policy as a registry resource and as per the discussion >>>>>>> had we >>>>>>> will use the parameter 'allowRoles' to define the relevant user roles. >>>>>>> This >>>>>>> will be a service level parameter and the roles can be obtained by >>>>>>> connecting to the server. >>>>>>> >>>>>>> This parameter is already available with ESB and this needs to be >>>>>>> facilitated by DSS and Axis2. >>>>>>> >>>>>>> From the Servers (ESB, DSS and AS) a deployer needs to be >>>>>>> implemented to handle user roles at the run time >>>>>>> >>>>>>> Please add points to this if I have missed anything. >>>>>>> >>>>>>> Thanks, >>>>>>> Sohani >>>>>>> >>>>>>> Sohani Weerasinghe >>>>>>> Software Engineer >>>>>>> WSO2, Inc: http://wso2.com >>>>>>> >>>>>>> Mobile : +94 716439774 >>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>> >>>>>>> On Thu, Mar 26, 2015 at 3:35 PM, Sohani Weerasinghe <soh...@wso2.com >>>>>>> > wrote: >>>>>>> >>>>>>>> Hi Chanaka, >>>>>>>> >>>>>>>> Thanks for the explanation and as per the offline discussion we >>>>>>>> had, let's have a meeting on next week so that we can discuss and >>>>>>>> finalize >>>>>>>> the things. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Sohani >>>>>>>> >>>>>>>> Sohani Weerasinghe >>>>>>>> Software Engineer >>>>>>>> WSO2, Inc: http://wso2.com >>>>>>>> >>>>>>>> Mobile : +94 716439774 >>>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>>> >>>>>>>> On Thu, Mar 26, 2015 at 3:26 PM, Chanaka Fernando < >>>>>>>> chana...@wso2.com> wrote: >>>>>>>> >>>>>>>>> Hi Sohani, >>>>>>>>> >>>>>>>>> I got your idea. But what I meant was that this does not give any >>>>>>>>> additional security. BTW, I am not against the registry based >>>>>>>>> approach :) >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Chanaka >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, Mar 26, 2015 at 3:05 PM, Sohani Weerasinghe < >>>>>>>>> soh...@wso2.com> wrote: >>>>>>>>> >>>>>>>>>> @Chanaka : I just considered the fact that if we specify it as a >>>>>>>>>> parameter then that information will be visible. That is why thought >>>>>>>>>> of >>>>>>>>>> saving it as a registry resource would be better. But if we can >>>>>>>>>> continue >>>>>>>>>> with the parameter then we'll continue the testing with that. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Sohani >>>>>>>>>> >>>>>>>>>> Sohani Weerasinghe >>>>>>>>>> Software Engineer >>>>>>>>>> WSO2, Inc: http://wso2.com >>>>>>>>>> >>>>>>>>>> Mobile : +94 716439774 >>>>>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>>>>> >>>>>>>>>> On Thu, Mar 26, 2015 at 3:02 PM, Chanaka Fernando < >>>>>>>>>> chana...@wso2.com> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Sohani, >>>>>>>>>>> >>>>>>>>>>> What is the additional security you get from having that >>>>>>>>>>> parameter in registry? >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Chanaka >>>>>>>>>>> >>>>>>>>>>> On Thu, Mar 26, 2015 at 2:55 PM, Sohani Weerasinghe < >>>>>>>>>>> soh...@wso2.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Chanaka, >>>>>>>>>>>> >>>>>>>>>>>> Please find my comments inline >>>>>>>>>>>> >>>>>>>>>>>> Sohani Weerasinghe >>>>>>>>>>>> Software Engineer >>>>>>>>>>>> WSO2, Inc: http://wso2.com >>>>>>>>>>>> >>>>>>>>>>>> Mobile : +94 716439774 >>>>>>>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>>>>>>> >>>>>>>>>>>> On Thu, Mar 26, 2015 at 2:18 PM, Chanaka Fernando < >>>>>>>>>>>> chana...@wso2.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Godwin, >>>>>>>>>>>>> >>>>>>>>>>>>> Please see my comments inline. >>>>>>>>>>>>> >>>>>>>>>>>>> AFAIK, in old model (file base persistence) roles are not >>>>>>>>>>>>> persisting in meta file and it use AuthorizationManager >>>>>>>>>>>>> (JDBCAuthorizationManager) for persistence, We use same model for >>>>>>>>>>>>> current >>>>>>>>>>>>> implementation as well and roles are not persisting in registry. >>>>>>>>>>>>> >>>>>>>>>>>>> The problem with that approach is we need to include this >>>>>>>>>>>>> information within the CAR file. Otherwise, it is not self >>>>>>>>>>>>> contained. We >>>>>>>>>>>>> need to have this user role information within the CAR file. >>>>>>>>>>>>> >>>>>>>>>>>>> @Sohani: If we can make sure all the security related >>>>>>>>>>>>> scenarios (which requires user related information) are working >>>>>>>>>>>>> properly >>>>>>>>>>>>> with the <parameter name="allowRoles">admin</parameter>, then we >>>>>>>>>>>>> can use >>>>>>>>>>>>> this parameter instead of a separate registry resource. >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> When considering the security perspective isn't it better to >>>>>>>>>>>> specify user roles information as a registry resource rather than >>>>>>>>>>>> use as a >>>>>>>>>>>> parameter? WDYT? >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> Chanaka >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, Mar 25, 2015 at 11:46 PM, Godwin Amila Shrimal < >>>>>>>>>>>>> god...@wso2.com> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Sohani, >>>>>>>>>>>>>> >>>>>>>>>>>>>> AFAIK, in old model (file base persistence) roles are not >>>>>>>>>>>>>> persisting in meta file and it use AuthorizationManager >>>>>>>>>>>>>> (JDBCAuthorizationManager) for persistence, We use same model >>>>>>>>>>>>>> for current >>>>>>>>>>>>>> implementation as well and roles are not persisting in registry. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>> Godwin >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Mar 25, 2015 at 11:23 AM, Sohani Weerasinghe < >>>>>>>>>>>>>> soh...@wso2.com> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Chanaka/Godwin, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> In order to further implement this feature I really >>>>>>>>>>>>>>> appreciate your input on the below concerns. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> 1. When considering the security perspective, it seems we >>>>>>>>>>>>>>> have two options to specify user roles config either as a >>>>>>>>>>>>>>> registry resource >>>>>>>>>>>>>>> or using the parameter 'allowRoles' in the proxy configuration. >>>>>>>>>>>>>>> IMO >>>>>>>>>>>>>>> implement it as a registry resource would be better when >>>>>>>>>>>>>>> considering the >>>>>>>>>>>>>>> security perspective. WDYT? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Also, if we are to implement it as a registry resource then >>>>>>>>>>>>>>> the content of the resource will be <parameter >>>>>>>>>>>>>>> name="allowRoles">admin</parameter>. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> @Chanaka: Can we have a parameter in the proxy config to >>>>>>>>>>>>>>> define the registry resource for the user roles as we define >>>>>>>>>>>>>>> the security >>>>>>>>>>>>>>> policy (eg: <policy key="conf:repository/policy.xml"/> ) ? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> @Godwin : If user roles is going to be implemented as a >>>>>>>>>>>>>>> registry resource, will there be a predefined registry location >>>>>>>>>>>>>>> to save it >>>>>>>>>>>>>>> ? If so can you please state it? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Really appreciate your response on this. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>> Sohani >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Sohani Weerasinghe >>>>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>>>> WSO2, Inc: http://wso2.com >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Mobile : +94 716439774 >>>>>>>>>>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>>>>>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 3:52 PM, Sohani Weerasinghe < >>>>>>>>>>>>>>> soh...@wso2.com> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi Chanaka/Godwin, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Can you please provide an input on the below concerns to >>>>>>>>>>>>>>>> further carry out the implementation from DevS side. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 1.When considering the usability aspect, I think it's >>>>>>>>>>>>>>>> better if we can create a registry resource for user roles at >>>>>>>>>>>>>>>> the time of >>>>>>>>>>>>>>>> creating the policy using the Security Editor Form by getting >>>>>>>>>>>>>>>> the User >>>>>>>>>>>>>>>> Roles values from the user rather than asking user to create a >>>>>>>>>>>>>>>> new registry >>>>>>>>>>>>>>>> resource for User Roles. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> @Godwin: can you please state the required registry path to >>>>>>>>>>>>>>>> deploy the User Roles configs? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 2. If the User Roles config saves as a registry resource, >>>>>>>>>>>>>>>> how this can be utilize by the proxy service? Will there be a >>>>>>>>>>>>>>>> property in >>>>>>>>>>>>>>>> the proxy service so that we can point the User Role config as >>>>>>>>>>>>>>>> pointing the >>>>>>>>>>>>>>>> policy file. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> 3. If we are deploying the policy and User Role configs via >>>>>>>>>>>>>>>> CAPP, in a case where multiple policy files deploying in the >>>>>>>>>>>>>>>> same registry >>>>>>>>>>>>>>>> location, in order to match the User Role config with the >>>>>>>>>>>>>>>> relevant policy >>>>>>>>>>>>>>>> file, how can we identify the matching User Role config and >>>>>>>>>>>>>>>> the policy? Can >>>>>>>>>>>>>>>> we have the same resource name for the policy and the User >>>>>>>>>>>>>>>> Role configs? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> @Chanaka: can you please confirm points 2 and 3? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>> Sohani >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Sohani Weerasinghe >>>>>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>>>>> WSO2, Inc: http://wso2.com >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Mobile : +94 716439774 >>>>>>>>>>>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>>>>>>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 3:42 PM, Chanaka Fernando < >>>>>>>>>>>>>>>> chana...@wso2.com> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi Godwin, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> That would be good. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>> Chanaka >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 3:40 PM, Godwin Amila Shrimal < >>>>>>>>>>>>>>>>> god...@wso2.com> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Chanaka, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> It'll finish within this week. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>> Godwin >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 3:35 PM, Chanaka Fernando < >>>>>>>>>>>>>>>>>> chana...@wso2.com> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi Godwin, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> When will you finish the offsite dev service? >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>> Chanaka >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 3:30 PM, Godwin Amila Shrimal < >>>>>>>>>>>>>>>>>>> god...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hi Chanaka, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> We have basically completed the registry base >>>>>>>>>>>>>>>>>>>> implementation in security mgt component and need to do >>>>>>>>>>>>>>>>>>>> code refactoring >>>>>>>>>>>>>>>>>>>> and more testing. I tested basic scenarios with >>>>>>>>>>>>>>>>>>>> STS-service and it worked >>>>>>>>>>>>>>>>>>>> ok. Currently I am in an offsite DevService and planning >>>>>>>>>>>>>>>>>>>> to do remaining >>>>>>>>>>>>>>>>>>>> refactoring and testing after this. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>>>> Godwin >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 2:00 PM, Chanaka Fernando < >>>>>>>>>>>>>>>>>>>> chana...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Hi All, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> I am writing this mail to take the discussions related >>>>>>>>>>>>>>>>>>>>> to $subject in to a single place. With the ESB 4.9.0 >>>>>>>>>>>>>>>>>>>>> release, we are >>>>>>>>>>>>>>>>>>>>> removing the UI capability of applying security policies >>>>>>>>>>>>>>>>>>>>> from the >>>>>>>>>>>>>>>>>>>>> management console. Going forward, users can only apply >>>>>>>>>>>>>>>>>>>>> security policies >>>>>>>>>>>>>>>>>>>>> to ESB proxy services using developer studio. Even though >>>>>>>>>>>>>>>>>>>>> this >>>>>>>>>>>>>>>>>>>>> functionality is already available in the Developer >>>>>>>>>>>>>>>>>>>>> Studio, it has some >>>>>>>>>>>>>>>>>>>>> edge cases when we use that approach. One such limitation >>>>>>>>>>>>>>>>>>>>> is that there is >>>>>>>>>>>>>>>>>>>>> no place to select the users/roles in the developer >>>>>>>>>>>>>>>>>>>>> studio when applying >>>>>>>>>>>>>>>>>>>>> the security policy. Currently, this information is >>>>>>>>>>>>>>>>>>>>> stored in meta files >>>>>>>>>>>>>>>>>>>>> and with the 4.9.0 version, service meta files are >>>>>>>>>>>>>>>>>>>>> removed. Plan is to >>>>>>>>>>>>>>>>>>>>> store this information in registry and access from their. >>>>>>>>>>>>>>>>>>>>> From the >>>>>>>>>>>>>>>>>>>>> Developer Studio also, it will create the registry file >>>>>>>>>>>>>>>>>>>>> when applying >>>>>>>>>>>>>>>>>>>>> security policies. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> This would be a necessary feature for ESB 4.9.0 >>>>>>>>>>>>>>>>>>>>> release since this will effect the entire security >>>>>>>>>>>>>>>>>>>>> applying process going >>>>>>>>>>>>>>>>>>>>> forward. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> @Godwin: Please add if I have missed anything and give >>>>>>>>>>>>>>>>>>>>> us some update on the status from the security side. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> @Sohani/DevS team: Please give us some update on this >>>>>>>>>>>>>>>>>>>>> implementation. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>>>> Chanaka >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> Chanaka Fernando >>>>>>>>>>>>>>>>>>>>> Technical Lead >>>>>>>>>>>>>>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> mobile: +94 773337238 >>>>>>>>>>>>>>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>>>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>>>>>>>>>> http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>>>>>>>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>>>>>>>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> *Godwin Amila Shrimal* >>>>>>>>>>>>>>>>>>>> Senior Software Engineer >>>>>>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> mobile: *+94772264165* >>>>>>>>>>>>>>>>>>>> linkedin: *http://lnkd.in/KUum6D >>>>>>>>>>>>>>>>>>>> <http://lnkd.in/KUum6D>* >>>>>>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>> Chanaka Fernando >>>>>>>>>>>>>>>>>>> Technical Lead >>>>>>>>>>>>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> mobile: +94 773337238 >>>>>>>>>>>>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>>>>>>>> http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>>>>>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>>>>>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>> *Godwin Amila Shrimal* >>>>>>>>>>>>>>>>>> Senior Software Engineer >>>>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> mobile: *+94772264165* >>>>>>>>>>>>>>>>>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>>>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> Chanaka Fernando >>>>>>>>>>>>>>>>> Technical Lead >>>>>>>>>>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> mobile: +94 773337238 >>>>>>>>>>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>>>>>> http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>>>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>>>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> *Godwin Amila Shrimal* >>>>>>>>>>>>>> Senior Software Engineer >>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>> >>>>>>>>>>>>>> mobile: *+94772264165* >>>>>>>>>>>>>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> -- >>>>>>>>>>>>> Chanaka Fernando >>>>>>>>>>>>> Technical Lead >>>>>>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>> >>>>>>>>>>>>> mobile: +94 773337238 >>>>>>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>> http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> -- >>>>>>>>>>> Chanaka Fernando >>>>>>>>>>> Technical Lead >>>>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>> >>>>>>>>>>> mobile: +94 773337238 >>>>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>>>> LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> -- >>>>>>>>> Chanaka Fernando >>>>>>>>> Technical Lead >>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>> lean.enterprise.middleware >>>>>>>>> >>>>>>>>> mobile: +94 773337238 >>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>> LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. >>>>>> email: kasung AT spamfree wso2.com >>>>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>>>> blog: http://kasunbg.org >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Isuru Udana* >>>>> Senior >>>>> *Software Engineer* >>>>> WSO2 Inc.; http://wso2.com >>>>> email: isu...@wso2.com cell: +94 77 3791887 >>>>> blog: http://mytecheye.blogspot.com/ >>>>> twitter: http://twitter.com/isudana >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. >>>> email: kasung AT spamfree wso2.com >>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>> blog: http://kasunbg.org >>>> >>>> >>>> >>> >>> >> >> >> -- >> -- >> Chanaka Fernando >> Technical Lead >> WSO2, Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: +94 773337238 >> Blog : http://soatutorials.blogspot.com >> LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >> Twitter:https://twitter.com/chanakaudaya >> Wordpress:http://chanakaudaya.wordpress.com >> >> >> >> > > > -- > -- > Chanaka Fernando > Technical Lead > WSO2, Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: +94 773337238 > Blog : http://soatutorials.blogspot.com > LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 > Twitter:https://twitter.com/chanakaudaya > Wordpress:http://chanakaudaya.wordpress.com > > > > -- -- Chanaka Fernando Technical Lead WSO2, Inc.; http://wso2.com lean.enterprise.middleware mobile: +94 773337238 Blog : http://soatutorials.blogspot.com LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 Twitter:https://twitter.com/chanakaudaya Wordpress:http://chanakaudaya.wordpress.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev