Hi Johann/KasunG/Kishanthan, What would be the way forward to support this feature? We can have the Developer Studio story completed if we use the "allowRoles" parameter with the *SecurityDeploymentIntercepter *class updating the DB. If we are going with the registry resource property approach, we need to implement the same logic at a proper place in the identity component.
WDYT? Thanks, Chanaka On Mon, Apr 6, 2015 at 12:25 PM, Johann Nallathamby <joh...@wso2.com> wrote: > Hi Kasun/Kishanthan, > > Any idea why this was removed ? I thought security-mgt is maintained by IS > team. But looks like others are also working on this component. > > On Mon, Apr 6, 2015 at 12:05 PM, Sohani Weerasinghe <soh...@wso2.com> > wrote: > >> @Chanaka: Thanks for investigating on this issue. >> >> Sohani Weerasinghe >> Software Engineer >> WSO2, Inc: http://wso2.com >> >> Mobile : +94 716439774 >> Blog :http://christinetechtips.blogspot.com/ >> Twitter : https://twitter.com/sohanichristine >> >> On Mon, Apr 6, 2015 at 12:02 PM, Chanaka Fernando <chana...@wso2.com> >> wrote: >> >>> Hi Johann, >>> >>> After looking through the new implementation of the >>> *SecurityDeploymentIntercepter.java >>> *file in the latest GIT source code[1] , I could find that this >>> "allowRoles" parameter related implementation has been removed. Entire >>> implementation of the *applySecurityParameters(AxisService service, >>> SecurityScenario secScenario)* method has been removed and that method >>> is blank. What is the reason for this? >>> >>> @Sohani: This is the reason that this parameter is not working in the >>> latest 4.9.0 ESB pack. >>> >>> [1] >>> https://github.com/wso2/carbon-identity/blob/master/components/security/org.wso2.carbon.security.mgt/src/main/java/org/wso2/carbon/security/deployment/SecurityDeploymentInterceptor.java >>> >>> >>> Thanks, >>> Chanaka >>> >>> On Mon, Apr 6, 2015 at 11:35 AM, Chanaka Fernando <chana...@wso2.com> >>> wrote: >>> >>>> Hi KasunG, >>>> >>>> I have checked on the source code of the previous implementation and >>>> according to that, when applying security through Management console and >>>> through "allowRoles" service parameter, it executes the same code on the >>>> Security side (please see below). >>>> >>>> *SecurityConfigAdmin.java (Executes when applying through Management >>>> Console)* >>>> >>>> if (userGroups != null) { >>>> for (String value : userGroups) { >>>> AuthorizationManager acAdmin = >>>> realm.getAuthorizationManager(); >>>> >>>> acAdmin.authorizeRole(value, >>>> serviceGroupId+"/"+service.getName(), >>>> >>>> UserCoreConstants.INVOKE_SERVICE_PERMISSION); >>>> } >>>> } >>>> >>>> >>>> >>>> *SecurityDeploymentIntercepter.java (Executes when applying through >>>> "allowRoles" parameter)* >>>> >>>> Parameter allowRolesParameter = >>>> service.getParameter("allowRoles"); >>>> >>>> if(allowRolesParameter!= null && >>>> allowRolesParameter.getValue() != null){ >>>> >>>> AuthorizationManager manager = >>>> userRealm.getAuthorizationManager(); >>>> String resourceName = serviceGroupId + "/" + >>>> serviceName; >>>> String[] roles = >>>> manager.getAllowedRolesForResource(resourceName, >>>> >>>> UserCoreConstants.INVOKE_SERVICE_PERMISSION); >>>> if(roles != null){ >>>> for (String role : roles) { >>>> manager.clearRoleAuthorization(role, >>>> resourceName, >>>> >>>> UserCoreConstants.INVOKE_SERVICE_PERMISSION); >>>> } >>>> } >>>> >>>> String value = (String) allowRolesParameter.getValue(); >>>> String[] allowRoles = value.split(",") ; >>>> if(allowRoles != null){ >>>> for(String role : allowRoles){ >>>> >>>> userRealm.getAuthorizationManager().authorizeRole(role, resourceName, >>>> >>>> UserCoreConstants.INVOKE_SERVICE_PERMISSION); >>>> } >>>> } >>>> } >>>> >>>> >>>> Since this is a service level parameter, we can use this for all axis2 >>>> services. If that is the case, we can go with this parameter instead of >>>> having properties at registry resource level. WDYT? >>>> >>>> @Sohani: I will look in the 4.9.0 related issue when using this >>>> parameter. >>>> >>>> >>>> Thanks, >>>> Chanaka >>>> >>>> >>>> On Thu, Apr 2, 2015 at 5:25 PM, Chanaka Fernando <chana...@wso2.com> >>>> wrote: >>>> >>>>> Hi Sohani, >>>>> >>>>> Please see my comments inline. >>>>> >>>>> AFAIK when we deploy a proxy which has allowRoles parameter, the >>>>> 'UM_PERMISSION ' table is getting updated and an entry is created with >>>>> that >>>>> ID in the UM_ROLE_PERMISSION table. This works fine with ESB 4.8.1 but >>>>> with >>>>> ESB 4.9.0 the UM_PERMISSION table is not getting updated. Therefore, I >>>>> think we need to modify the existing deployer to handle this task as we >>>>> have discussed during the last meeting. Correct me if I am wrong. >>>>> >>>>> -- I have also checked in the code and this "allowRoles" property do >>>>> the same operation in the JDBCAuthorizationManager class when we add the >>>>> user roles from the management console. So it should work as expected. But >>>>> KasunG's point is that this is a kind of a quick fix and this may not work >>>>> for axis2 services. >>>>> >>>>> When concerning the new suggestion of including the user role >>>>> information as a registry property of the registry resource, how can we >>>>> handle updating the user role information in the database since we don't >>>>> have the proxy information at the time we create the policy file? Can >>>>> someone please advise on the way to proceed with this. >>>>> >>>>> -- Here you don't need to add this information to the database from >>>>> DevS side. At the deployment time, deployer will check the user role from >>>>> the resource properties and add that to the relevant database using the >>>>> JDBCAuthorizationManager class. >>>>> >>>>> Shall we have a meeting to discuss about this further? WDYT? >>>>> >>>>> +1 for a meeting. >>>>> >>>>> >>>>> Thanks, >>>>> Chanaka >>>>> >>>>> >>>>> >>>>> >>>>> On Thu, Apr 2, 2015 at 3:32 PM, Sohani Weerasinghe <soh...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> AFAIK when we deploy a proxy which has allowRoles parameter, the >>>>>> 'UM_PERMISSION ' table is getting updated and an entry is created with >>>>>> that >>>>>> ID in the UM_ROLE_PERMISSION table. This works fine with ESB 4.8.1 but >>>>>> with >>>>>> ESB 4.9.0 the UM_PERMISSION table is not getting updated. Therefore, I >>>>>> think we need to modify the existing deployer to handle this task as we >>>>>> have discussed during the last meeting. Correct me if I am wrong. >>>>>> >>>>>> When concerning the new suggestion of including the user role >>>>>> information as a registry property of the registry resource, how can we >>>>>> handle updating the user role information in the database since we don't >>>>>> have the proxy information at the time we create the policy file? Can >>>>>> someone please advise on the way to proceed with this. >>>>>> >>>>>> Shall we have a meeting to discuss about this further? WDYT? >>>>>> >>>>>> Thanks, >>>>>> Sohani >>>>>> >>>>>> >>>>>> Sohani Weerasinghe >>>>>> Software Engineer >>>>>> WSO2, Inc: http://wso2.com >>>>>> >>>>>> Mobile : +94 716439774 >>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>> Twitter : https://twitter.com/sohanichristine >>>>>> >>>>>> On Tue, Mar 31, 2015 at 5:11 PM, KasunG Gajasinghe <kas...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> On Tue, Mar 31, 2015 at 4:59 PM, Isuru Udana <isu...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi KasunG, >>>>>>>> >>>>>>>> On Tue, Mar 31, 2015 at 4:32 PM, KasunG Gajasinghe <kas...@wso2.com >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> Two questions - >>>>>>>>> >>>>>>>>> 1. Why do we need a separate axis2 deployer to handle just user >>>>>>>>> roles? >>>>>>>>> >>>>>>>> We were thinking about modifying existing deployers (proxy deployer >>>>>>>> etc) to call the relevant component in the security side. >>>>>>>> >>>>>>> >>>>>>> To add the policy to a service, you can also use an AxisObserver. >>>>>>> With this, you won't need to patch the deployers. You can re-use the >>>>>>> existing code in DeploymentInterceptor class in carbon core component on >>>>>>> applying policies to runtime AxisService object. >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> 2. Isn't it much cleaner if we keep the list of user roles as a >>>>>>>>> registry property of the registry resource that contains the policy? >>>>>>>>> Then, >>>>>>>>> this won't depend on the service type, and the security configuration >>>>>>>>> will >>>>>>>>> be located in a single place. I believe allowRoles was provided as a >>>>>>>>> quick >>>>>>>>> fix for a support ticket. >>>>>>>>> >>>>>>>> This is a very good suggestion. Let's consider this option as well. >>>>>>>> >>>>>>> >>>>>>> Sounds good! >>>>>>> >>>>>>> >>>>>>>> >>>>>>>>> Thanks. >>>>>>>>> >>>>>>>>> On Tue, Mar 31, 2015 at 3:53 PM, Sohani Weerasinghe < >>>>>>>>> soh...@wso2.com> wrote: >>>>>>>>> >>>>>>>>>> Meeting notes is as follows >>>>>>>>>> >>>>>>>>>> Participants: Jasintha, Susinda, Awanthika, Chanaka, IsuruU, >>>>>>>>>> Johann, Godwin, Dulindra, Sohani >>>>>>>>>> >>>>>>>>>> Notes: >>>>>>>>>> >>>>>>>>>> From the Developer Studio perspective, currently we are >>>>>>>>>> implementing the security policy as a registry resource and as per >>>>>>>>>> the >>>>>>>>>> discussion had we will use the parameter 'allowRoles' to define the >>>>>>>>>> relevant user roles. This will be a service level parameter and the >>>>>>>>>> roles >>>>>>>>>> can be obtained by connecting to the server. >>>>>>>>>> >>>>>>>>>> This parameter is already available with ESB and this needs to be >>>>>>>>>> facilitated by DSS and Axis2. >>>>>>>>>> >>>>>>>>>> From the Servers (ESB, DSS and AS) a deployer needs to be >>>>>>>>>> implemented to handle user roles at the run time >>>>>>>>>> >>>>>>>>>> Please add points to this if I have missed anything. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Sohani >>>>>>>>>> >>>>>>>>>> Sohani Weerasinghe >>>>>>>>>> Software Engineer >>>>>>>>>> WSO2, Inc: http://wso2.com >>>>>>>>>> >>>>>>>>>> Mobile : +94 716439774 >>>>>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>>>>> >>>>>>>>>> On Thu, Mar 26, 2015 at 3:35 PM, Sohani Weerasinghe < >>>>>>>>>> soh...@wso2.com> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Chanaka, >>>>>>>>>>> >>>>>>>>>>> Thanks for the explanation and as per the offline discussion we >>>>>>>>>>> had, let's have a meeting on next week so that we can discuss and >>>>>>>>>>> finalize >>>>>>>>>>> the things. >>>>>>>>>>> >>>>>>>>>>> Regards, >>>>>>>>>>> Sohani >>>>>>>>>>> >>>>>>>>>>> Sohani Weerasinghe >>>>>>>>>>> Software Engineer >>>>>>>>>>> WSO2, Inc: http://wso2.com >>>>>>>>>>> >>>>>>>>>>> Mobile : +94 716439774 >>>>>>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>>>>>> >>>>>>>>>>> On Thu, Mar 26, 2015 at 3:26 PM, Chanaka Fernando < >>>>>>>>>>> chana...@wso2.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Sohani, >>>>>>>>>>>> >>>>>>>>>>>> I got your idea. But what I meant was that this does not give >>>>>>>>>>>> any additional security. BTW, I am not against the registry based >>>>>>>>>>>> approach >>>>>>>>>>>> :) >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Chanaka >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Thu, Mar 26, 2015 at 3:05 PM, Sohani Weerasinghe < >>>>>>>>>>>> soh...@wso2.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> @Chanaka : I just considered the fact that if we specify it as >>>>>>>>>>>>> a parameter then that information will be visible. That is why >>>>>>>>>>>>> thought of >>>>>>>>>>>>> saving it as a registry resource would be better. But if we can >>>>>>>>>>>>> continue >>>>>>>>>>>>> with the parameter then we'll continue the testing with that. >>>>>>>>>>>>> >>>>>>>>>>>>> Regards, >>>>>>>>>>>>> Sohani >>>>>>>>>>>>> >>>>>>>>>>>>> Sohani Weerasinghe >>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>> WSO2, Inc: http://wso2.com >>>>>>>>>>>>> >>>>>>>>>>>>> Mobile : +94 716439774 >>>>>>>>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>>>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>>>>>>>> >>>>>>>>>>>>> On Thu, Mar 26, 2015 at 3:02 PM, Chanaka Fernando < >>>>>>>>>>>>> chana...@wso2.com> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi Sohani, >>>>>>>>>>>>>> >>>>>>>>>>>>>> What is the additional security you get from having that >>>>>>>>>>>>>> parameter in registry? >>>>>>>>>>>>>> >>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>> Chanaka >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Thu, Mar 26, 2015 at 2:55 PM, Sohani Weerasinghe < >>>>>>>>>>>>>> soh...@wso2.com> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi Chanaka, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Please find my comments inline >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Sohani Weerasinghe >>>>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>>>> WSO2, Inc: http://wso2.com >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Mobile : +94 716439774 >>>>>>>>>>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>>>>>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Thu, Mar 26, 2015 at 2:18 PM, Chanaka Fernando < >>>>>>>>>>>>>>> chana...@wso2.com> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi Godwin, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Please see my comments inline. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> AFAIK, in old model (file base persistence) roles are not >>>>>>>>>>>>>>>> persisting in meta file and it use AuthorizationManager >>>>>>>>>>>>>>>> (JDBCAuthorizationManager) for persistence, We use same model >>>>>>>>>>>>>>>> for current >>>>>>>>>>>>>>>> implementation as well and roles are not persisting in >>>>>>>>>>>>>>>> registry. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> The problem with that approach is we need to include this >>>>>>>>>>>>>>>> information within the CAR file. Otherwise, it is not self >>>>>>>>>>>>>>>> contained. We >>>>>>>>>>>>>>>> need to have this user role information within the CAR file. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> @Sohani: If we can make sure all the security related >>>>>>>>>>>>>>>> scenarios (which requires user related information) are >>>>>>>>>>>>>>>> working properly >>>>>>>>>>>>>>>> with the <parameter name="allowRoles">admin</parameter>, then >>>>>>>>>>>>>>>> we can use >>>>>>>>>>>>>>>> this parameter instead of a separate registry resource. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> When considering the security perspective isn't it better to >>>>>>>>>>>>>>> specify user roles information as a registry resource rather >>>>>>>>>>>>>>> than use as a >>>>>>>>>>>>>>> parameter? WDYT? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>> Chanaka >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Wed, Mar 25, 2015 at 11:46 PM, Godwin Amila Shrimal < >>>>>>>>>>>>>>>> god...@wso2.com> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi Sohani, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> AFAIK, in old model (file base persistence) roles are not >>>>>>>>>>>>>>>>> persisting in meta file and it use AuthorizationManager >>>>>>>>>>>>>>>>> (JDBCAuthorizationManager) for persistence, We use same model >>>>>>>>>>>>>>>>> for current >>>>>>>>>>>>>>>>> implementation as well and roles are not persisting in >>>>>>>>>>>>>>>>> registry. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>> Godwin >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Wed, Mar 25, 2015 at 11:23 AM, Sohani Weerasinghe < >>>>>>>>>>>>>>>>> soh...@wso2.com> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi Chanaka/Godwin, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> In order to further implement this feature I really >>>>>>>>>>>>>>>>>> appreciate your input on the below concerns. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> 1. When considering the security perspective, it seems we >>>>>>>>>>>>>>>>>> have two options to specify user roles config either as a >>>>>>>>>>>>>>>>>> registry resource >>>>>>>>>>>>>>>>>> or using the parameter 'allowRoles' in the proxy >>>>>>>>>>>>>>>>>> configuration. IMO >>>>>>>>>>>>>>>>>> implement it as a registry resource would be better when >>>>>>>>>>>>>>>>>> considering the >>>>>>>>>>>>>>>>>> security perspective. WDYT? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Also, if we are to implement it as a registry resource >>>>>>>>>>>>>>>>>> then the content of the resource will be <parameter >>>>>>>>>>>>>>>>>> name="allowRoles">admin</parameter>. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> @Chanaka: Can we have a parameter in the proxy config to >>>>>>>>>>>>>>>>>> define the registry resource for the user roles as we define >>>>>>>>>>>>>>>>>> the security >>>>>>>>>>>>>>>>>> policy (eg: <policy key="conf:repository/policy.xml"/> ) ? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> @Godwin : If user roles is going to be implemented as a >>>>>>>>>>>>>>>>>> registry resource, will there be a predefined registry >>>>>>>>>>>>>>>>>> location to save it >>>>>>>>>>>>>>>>>> ? If so can you please state it? >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Really appreciate your response on this. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>> Sohani >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Sohani Weerasinghe >>>>>>>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>>>>>>> WSO2, Inc: http://wso2.com >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Mobile : +94 716439774 >>>>>>>>>>>>>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>>>>>>>>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 3:52 PM, Sohani Weerasinghe < >>>>>>>>>>>>>>>>>> soh...@wso2.com> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi Chanaka/Godwin, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Can you please provide an input on the below concerns to >>>>>>>>>>>>>>>>>>> further carry out the implementation from DevS side. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 1.When considering the usability aspect, I think it's >>>>>>>>>>>>>>>>>>> better if we can create a registry resource for user roles >>>>>>>>>>>>>>>>>>> at the time of >>>>>>>>>>>>>>>>>>> creating the policy using the Security Editor Form by >>>>>>>>>>>>>>>>>>> getting the User >>>>>>>>>>>>>>>>>>> Roles values from the user rather than asking user to >>>>>>>>>>>>>>>>>>> create a new registry >>>>>>>>>>>>>>>>>>> resource for User Roles. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> @Godwin: can you please state the required registry path >>>>>>>>>>>>>>>>>>> to deploy the User Roles configs? >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 2. If the User Roles config saves as a registry >>>>>>>>>>>>>>>>>>> resource, how this can be utilize by the proxy service? >>>>>>>>>>>>>>>>>>> Will there be a >>>>>>>>>>>>>>>>>>> property in the proxy service so that we can point the User >>>>>>>>>>>>>>>>>>> Role config as >>>>>>>>>>>>>>>>>>> pointing the policy file. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> 3. If we are deploying the policy and User Role configs >>>>>>>>>>>>>>>>>>> via CAPP, in a case where multiple policy files deploying >>>>>>>>>>>>>>>>>>> in the same >>>>>>>>>>>>>>>>>>> registry location, in order to match the User Role config >>>>>>>>>>>>>>>>>>> with the relevant >>>>>>>>>>>>>>>>>>> policy file, how can we identify the matching User Role >>>>>>>>>>>>>>>>>>> config and the >>>>>>>>>>>>>>>>>>> policy? Can we have the same resource name for the policy >>>>>>>>>>>>>>>>>>> and the User Role >>>>>>>>>>>>>>>>>>> configs? >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> @Chanaka: can you please confirm points 2 and 3? >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>> Sohani >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Sohani Weerasinghe >>>>>>>>>>>>>>>>>>> Software Engineer >>>>>>>>>>>>>>>>>>> WSO2, Inc: http://wso2.com >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Mobile : +94 716439774 >>>>>>>>>>>>>>>>>>> Blog :http://christinetechtips.blogspot.com/ >>>>>>>>>>>>>>>>>>> Twitter : https://twitter.com/sohanichristine >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 3:42 PM, Chanaka Fernando < >>>>>>>>>>>>>>>>>>> chana...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hi Godwin, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> That would be good. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>>> Chanaka >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 3:40 PM, Godwin Amila Shrimal < >>>>>>>>>>>>>>>>>>>> god...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Hi Chanaka, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> It'll finish within this week. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>>>>> Godwin >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 3:35 PM, Chanaka Fernando < >>>>>>>>>>>>>>>>>>>>> chana...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Hi Godwin, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> When will you finish the offsite dev service? >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>>>>> Chanaka >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 3:30 PM, Godwin Amila Shrimal >>>>>>>>>>>>>>>>>>>>>> <god...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Hi Chanaka, >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> We have basically completed the registry base >>>>>>>>>>>>>>>>>>>>>>> implementation in security mgt component and need to do >>>>>>>>>>>>>>>>>>>>>>> code refactoring >>>>>>>>>>>>>>>>>>>>>>> and more testing. I tested basic scenarios with >>>>>>>>>>>>>>>>>>>>>>> STS-service and it worked >>>>>>>>>>>>>>>>>>>>>>> ok. Currently I am in an offsite DevService and >>>>>>>>>>>>>>>>>>>>>>> planning to do remaining >>>>>>>>>>>>>>>>>>>>>>> refactoring and testing after this. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>>>>>>>>>> Godwin >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> On Tue, Mar 24, 2015 at 2:00 PM, Chanaka Fernando < >>>>>>>>>>>>>>>>>>>>>>> chana...@wso2.com> wrote: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Hi All, >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> I am writing this mail to take the discussions >>>>>>>>>>>>>>>>>>>>>>>> related to $subject in to a single place. With the ESB >>>>>>>>>>>>>>>>>>>>>>>> 4.9.0 release, we >>>>>>>>>>>>>>>>>>>>>>>> are removing the UI capability of applying security >>>>>>>>>>>>>>>>>>>>>>>> policies from the >>>>>>>>>>>>>>>>>>>>>>>> management console. Going forward, users can only >>>>>>>>>>>>>>>>>>>>>>>> apply security policies >>>>>>>>>>>>>>>>>>>>>>>> to ESB proxy services using developer studio. Even >>>>>>>>>>>>>>>>>>>>>>>> though this >>>>>>>>>>>>>>>>>>>>>>>> functionality is already available in the Developer >>>>>>>>>>>>>>>>>>>>>>>> Studio, it has some >>>>>>>>>>>>>>>>>>>>>>>> edge cases when we use that approach. One such >>>>>>>>>>>>>>>>>>>>>>>> limitation is that there is >>>>>>>>>>>>>>>>>>>>>>>> no place to select the users/roles in the developer >>>>>>>>>>>>>>>>>>>>>>>> studio when applying >>>>>>>>>>>>>>>>>>>>>>>> the security policy. Currently, this information is >>>>>>>>>>>>>>>>>>>>>>>> stored in meta files >>>>>>>>>>>>>>>>>>>>>>>> and with the 4.9.0 version, service meta files are >>>>>>>>>>>>>>>>>>>>>>>> removed. Plan is to >>>>>>>>>>>>>>>>>>>>>>>> store this information in registry and access from >>>>>>>>>>>>>>>>>>>>>>>> their. From the >>>>>>>>>>>>>>>>>>>>>>>> Developer Studio also, it will create the registry >>>>>>>>>>>>>>>>>>>>>>>> file when applying >>>>>>>>>>>>>>>>>>>>>>>> security policies. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> This would be a necessary feature for ESB 4.9.0 >>>>>>>>>>>>>>>>>>>>>>>> release since this will effect the entire security >>>>>>>>>>>>>>>>>>>>>>>> applying process going >>>>>>>>>>>>>>>>>>>>>>>> forward. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> @Godwin: Please add if I have missed anything and >>>>>>>>>>>>>>>>>>>>>>>> give us some update on the status from the security >>>>>>>>>>>>>>>>>>>>>>>> side. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> @Sohani/DevS team: Please give us some update on >>>>>>>>>>>>>>>>>>>>>>>> this implementation. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>>>>>>>>>>>> Chanaka >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>> Chanaka Fernando >>>>>>>>>>>>>>>>>>>>>>>> Technical Lead >>>>>>>>>>>>>>>>>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> mobile: +94 773337238 >>>>>>>>>>>>>>>>>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>>>>>>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>>>>>>>>>>>>> http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>>>>>>>>>>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>>>>>>>>>>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>> *Godwin Amila Shrimal* >>>>>>>>>>>>>>>>>>>>>>> Senior Software Engineer >>>>>>>>>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> mobile: *+94772264165* >>>>>>>>>>>>>>>>>>>>>>> linkedin: *http://lnkd.in/KUum6D >>>>>>>>>>>>>>>>>>>>>>> <http://lnkd.in/KUum6D>* >>>>>>>>>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>> Chanaka Fernando >>>>>>>>>>>>>>>>>>>>>> Technical Lead >>>>>>>>>>>>>>>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> mobile: +94 773337238 >>>>>>>>>>>>>>>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>>>>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>>>>>>>>>>> http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>>>>>>>>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>>>>>>>>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> *Godwin Amila Shrimal* >>>>>>>>>>>>>>>>>>>>> Senior Software Engineer >>>>>>>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> mobile: *+94772264165* >>>>>>>>>>>>>>>>>>>>> linkedin: *http://lnkd.in/KUum6D >>>>>>>>>>>>>>>>>>>>> <http://lnkd.in/KUum6D>* >>>>>>>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> Chanaka Fernando >>>>>>>>>>>>>>>>>>>> Technical Lead >>>>>>>>>>>>>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> mobile: +94 773337238 >>>>>>>>>>>>>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>>>>>>>>> http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>>>>>>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>>>>>>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> *Godwin Amila Shrimal* >>>>>>>>>>>>>>>>> Senior Software Engineer >>>>>>>>>>>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> mobile: *+94772264165* >>>>>>>>>>>>>>>>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>>>>>>>>>>>>>>>> twitter: https://twitter.com/godwinamila >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> Chanaka Fernando >>>>>>>>>>>>>>>> Technical Lead >>>>>>>>>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> mobile: +94 773337238 >>>>>>>>>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>>>>> http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Chanaka Fernando >>>>>>>>>>>>>> Technical Lead >>>>>>>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>> >>>>>>>>>>>>>> mobile: +94 773337238 >>>>>>>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>>> http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> -- >>>>>>>>>>>> Chanaka Fernando >>>>>>>>>>>> Technical Lead >>>>>>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>> >>>>>>>>>>>> mobile: +94 773337238 >>>>>>>>>>>> Blog : http://soatutorials.blogspot.com >>>>>>>>>>>> LinkedIn: >>>>>>>>>>>> http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>>>>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>>>>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. >>>>>>>>> email: kasung AT spamfree wso2.com >>>>>>>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>>>>>>> blog: http://kasunbg.org >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Isuru Udana* >>>>>>>> Senior >>>>>>>> *Software Engineer* >>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>> email: isu...@wso2.com cell: +94 77 3791887 >>>>>>>> blog: http://mytecheye.blogspot.com/ >>>>>>>> twitter: http://twitter.com/isudana >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. >>>>>>> email: kasung AT spamfree wso2.com >>>>>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>>>>> blog: http://kasunbg.org >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> -- >>>>> Chanaka Fernando >>>>> Technical Lead >>>>> WSO2, Inc.; http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>>> mobile: +94 773337238 >>>>> Blog : http://soatutorials.blogspot.com >>>>> LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>> Twitter:https://twitter.com/chanakaudaya >>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> -- >>>> Chanaka Fernando >>>> Technical Lead >>>> WSO2, Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> mobile: +94 773337238 >>>> Blog : http://soatutorials.blogspot.com >>>> LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>> Twitter:https://twitter.com/chanakaudaya >>>> Wordpress:http://chanakaudaya.wordpress.com >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> -- >>> Chanaka Fernando >>> Technical Lead >>> WSO2, Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: +94 773337238 >>> Blog : http://soatutorials.blogspot.com >>> LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>> Twitter:https://twitter.com/chanakaudaya >>> Wordpress:http://chanakaudaya.wordpress.com >>> >>> >>> >>> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Associate Technical Lead & Product Lead of WSO2 Identity Server > Integration Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- -- Chanaka Fernando Technical Lead WSO2, Inc.; http://wso2.com lean.enterprise.middleware mobile: +94 773337238 Blog : http://soatutorials.blogspot.com LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 Twitter:https://twitter.com/chanakaudaya Wordpress:http://chanakaudaya.wordpress.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev