Hi all, We tested MB 3.0.0 with kernel 4.4.2-RC2 with the additional fixes and no issues were identified.
Thank you On Fri, Oct 16, 2015 at 4:03 PM, Pandula Kariyawasam <pand...@wso2.com> wrote: > Hi Johann/Kishanthan, > > Both issue [2][3] were observed rarely on IS510 pack received on 8th Oct > 2015, which was based on kernel 4.4.1. > We didn't experience these issue up to now, on the pack received on 13th > Oct 2015, which is based on kernel 4.4.2. > So I think we can reduce the priority of these issues, and keep eye on > them in latest packs with kernel 4.4.2. > > [2] https://wso2.org/jira/browse/IDENTITY-3815 > [3] https://wso2.org/jira/browse/IDENTITY-3817 > > Thanks, > Pandula > > > On Fri, Oct 16, 2015 at 3:09 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> Hi Kishanthan, >> >> On Fri, Oct 16, 2015 at 2:38 PM, Kishanthan Thangarajah < >> kishant...@wso2.com> wrote: >> >>> >>> >>> On Fri, Oct 16, 2015 at 11:27 AM, Johann Nallathamby <joh...@wso2.com> >>> wrote: >>> >>>> Hi Kishanthan/Kernel Team, >>>> >>>> We have added the test case as well to the same PR. >>>> >>> >>> Thanks Johann. >>> >>> @MB Team, could you guys verify that all your scenarios are now >>> passing?. We will start the next RC build once this is confirmed ASAP. >>> >>>> >>>> Also can we get CARBON-15505 merged? The PR for master is a very old PR >>>> which we have missed to review and merge. This mainly contains some >>>> reordering of fields in the UI to make it more consistent and reorder >>>> properties in user-mgt.xml to be consistent with UI. Hope we don't need any >>>> tests for this. >>>> >>> >>> I think its better not to add any more changes at this stage. We will >>> merge this for next patch release. >>> >>>> >>>> Any update on the 3 issues raised above ? >>>> >>> >>> For [1], we need more information to reproduce (LB & IS config, example >>> requests, HTTP access logs on both LB and IS side with this issue). Will >>> send a separate mail on that, but I believe its not a blocker for the IS >>> release right? >>> >> >> I will request Hasanthi to upload the artifacts you requested. >> >> I may be not the right person to say if this is blocker or not. >> @QA Team, please give your opinion if we can consider this as not a >> blocker and go ahead with the release. >> >> Regards. >> >> >>> [2] and [3], we haven't seen this error previously and according the >>> trace, it looks like the "distributedCache" instance is becoming null in >>> CacheImpl class. If the exact steps can be found or given on how to >>> reproduce this, then we can work on finding the root cause for this. >>> >>> >>>> Thanks, >>>> Johann. >>>> >>>> On Thu, Oct 15, 2015 at 3:30 PM, Johann Nallathamby <joh...@wso2.com> >>>> wrote: >>>> >>>>> Hi Kishanthan/Kernel Team, >>>>> >>>>> We are in the process writing the test case for the issue. Should be >>>>> able to send it before end of day. >>>>> >>>>> [1] has been reported in another thread. This issue in particular >>>>> looks critical to me, because AFAIK there are many users using >>>>> proxyContextPath. Not sure about WebContextRoot though. Apart from that >>>>> WSO2 QA has reported [2,3] in IS 5.1.0 SNAPSHOT pack. May be its harmless, >>>>> but looks like it is coming from kernel and would like to get your >>>>> thoughts >>>>> on this if this is critical and needs to be fixed. >>>>> >>>>> [1] https://wso2.org/jira/browse/CARBON-15475 >>>>> [2] https://wso2.org/jira/browse/IDENTITY-3815 >>>>> [3] https://wso2.org/jira/browse/IDENTITY-3817 >>>>> >>>>> And also it will be great if we can change the default value of >>>>> XSSPreventionConfig.Enabled to 'false' because this was added in order to >>>>> prevent XSS centrally, however the approach is not 100% bug free. Whoever >>>>> has this enabled needs to test all their functionality well. Therefore >>>>> what >>>>> I suggest is to make it 'false' by default and whatever product that needs >>>>> it can enable it at product level. WDYT ? Can we do this ? >>>>> >>>>> Regards, >>>>> Johann. >>>>> >>>>> >>>>> On Wed, Oct 14, 2015 at 6:30 PM, Kishanthan Thangarajah < >>>>> kishant...@wso2.com> wrote: >>>>> >>>>>> Can we also have test case for this fix please? >>>>>> >>>>>> On Wed, Oct 14, 2015 at 6:13 PM, Isura Karunaratne <is...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> This issue is fixed in [1]. >>>>>>> >>>>>>> >>>>>>> Thanks >>>>>>> isura >>>>>>> >>>>>>> >>>>>>> [1] https://wso2.org/jira/browse/CARBON-15517 >>>>>>> >>>>>>> >>>>>>> On Wed, Oct 14, 2015 at 11:25 AM, Johann Nallathamby < >>>>>>> joh...@wso2.com> wrote: >>>>>>> >>>>>>>> Hi Isura, >>>>>>>> >>>>>>>> Can you look into this issue urgently. I remember you fixing an >>>>>>>> issue related to this. >>>>>>>> >>>>>>>> Thanks. >>>>>>>> >>>>>>>> On Wed, Oct 14, 2015 at 7:16 AM, Indika Sampath <indi...@wso2.com> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> I debug code of our and found issue. It seems implementation of >>>>>>>>> some API changed in user-core. Let me explain the flow. >>>>>>>>> >>>>>>>>> Our queue/topic creation has two call. >>>>>>>>> >>>>>>>>> 1. We create internal role when adding queue and assign >>>>>>>>> "changePermission", "publish", "consume" permissions to it. Which >>>>>>>>> means >>>>>>>>> that, user who created particular queue can update permission, >>>>>>>>> publish or >>>>>>>>> consume. >>>>>>>>> >>>>>>>>> - Below code line used to get internal role name: >>>>>>>>> >>>>>>>>> UserCoreUtil.addInternalDomainName(QUEUE_ROLE_PREFIX + >>>>>>>>> queueName.replace(".","-").replace("/", "-")) >>>>>>>>> >>>>>>>>> result = {java.lang.String@10289}"*Internal/Q_userQueue*" >>>>>>>>> value = {char[21]@10290} >>>>>>>>> hash = 0 >>>>>>>>> hash32 = 0 >>>>>>>>> >>>>>>>>> - assign permission as below: >>>>>>>>> >>>>>>>>> userStoreManager.addRole(roleName, user, null); >>>>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, >>>>>>>>> queueId, PERMISSION_CHANGE_PERMISSION); >>>>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, >>>>>>>>> queueId, TreeNode.Permission.CONSUME.toString().toLowerCase()); >>>>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, >>>>>>>>> queueId, TreeNode.Permission.PUBLISH.toString().toLowerCase()); >>>>>>>>> >>>>>>>>> 2. User can select some other role listed in in queue add page. He >>>>>>>>> can select these role when adding queue or later by updating queue. >>>>>>>>> So in >>>>>>>>> update permission we checked whether any of user's role has above >>>>>>>>> assign >>>>>>>>> change permission. >>>>>>>>> >>>>>>>>> - get role list of user: >>>>>>>>> >>>>>>>>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser) >>>>>>>>> >>>>>>>>> result = {java.lang.String[3]@9689} >>>>>>>>> [0] = {java.lang.String@9690}"*Internal/Q_userQueue*" >>>>>>>>> [1] = {java.lang.String@9691}"Internal/everyone" >>>>>>>>> [2] = {java.lang.String@9692}"role1" >>>>>>>>> >>>>>>>>> - check whether any of role has change permission >>>>>>>>> >>>>>>>>> for (String userRole : userRoles) { >>>>>>>>> if >>>>>>>>> (userRealm.getAuthorizationManager().isRoleAuthorized(userRole, >>>>>>>>> queueID, >>>>>>>>> PERMISSION_CHANGE_PERMISSION)) { >>>>>>>>> isUserHasChangePermission = true; >>>>>>>>> } >>>>>>>>> } >>>>>>>>> >>>>>>>>> Issue is above check false for all roles. But we assigned change >>>>>>>>> permission to *Internal/Q_userQueue* role when creating queue. >>>>>>>>> >>>>>>>>> 3. Next I evaluate below code line to check whether which role has >>>>>>>>> change permission to queueID. Result is as below: >>>>>>>>> >>>>>>>>> userRealm.getAuthorizationManager().getAllowedRolesForResource(queueID, >>>>>>>>> PERMISSION_CHANGE_PERMISSION) >>>>>>>>> >>>>>>>>> result = {java.lang.String[1]@9694} >>>>>>>>> [0] = {java.lang.String@9686}"*INTERNAL/Q_userQueue*" >>>>>>>>> >>>>>>>>> Result has different role name. We created role name called >>>>>>>>> *Internal/Q_userQueue* and assign permissions but it has created >>>>>>>>> with different name *INTERNAL/Q_userQueue* and assign permission. >>>>>>>>> >>>>>>>>> Please have look into this because it is blocking issue to our >>>>>>>>> implementation. >>>>>>>>> >>>>>>>>> Cheers! >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tue, Oct 13, 2015 at 5:22 PM, Kishanthan Thangarajah < >>>>>>>>> kishant...@wso2.com> wrote: >>>>>>>>> >>>>>>>>>> Was this issue found in 4.4.2 RC1 too? >>>>>>>>>> >>>>>>>>>> On Tue, Oct 13, 2015 at 4:58 PM, Sasikala Kottegoda < >>>>>>>>>> sasik...@wso2.com> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Manuri, >>>>>>>>>>> >>>>>>>>>>> We tested MB 3.0.0 with this release and our scenario of queue >>>>>>>>>>> creation fails after giving a permission denied error. The scenario >>>>>>>>>>> is as >>>>>>>>>>> follows: >>>>>>>>>>> >>>>>>>>>>> 1. Create a user "user1" with a role assigned with permission to >>>>>>>>>>> create queues. >>>>>>>>>>> 2. Login from "user1" and try to create a queue, we get a >>>>>>>>>>> permission denied error. >>>>>>>>>>> >>>>>>>>>>> When creating a queue the following happens from our code. >>>>>>>>>>> >>>>>>>>>>> 1. We create an internal role for the queue and assign it to the >>>>>>>>>>> current user with permissions assigned. >>>>>>>>>>> >>>>>>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>>>>>>>>> >>>>>>>>>>> PERMISSION_CHANGE_PERMISSION); >>>>>>>>>>> >>>>>>>>>>> 2. Next, we create the queue and update permissions for the queue. >>>>>>>>>>> In this step, we check if the current user has permissions to >>>>>>>>>>> change the queue. >>>>>>>>>>> >>>>>>>>>>> String[] userRoles = >>>>>>>>>>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser); >>>>>>>>>>> for (String userRole : userRoles) { >>>>>>>>>>> if (userRealm.getAuthorizationManager().isRoleAuthorized( >>>>>>>>>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION)) { >>>>>>>>>>> isUserHasChangePermission = true; >>>>>>>>>>> } >>>>>>>>>>> } >>>>>>>>>>> >>>>>>>>>>> At this stage, >>>>>>>>>>> *'*(userRealm.getAuthorizationManager().isRoleAuthorized( >>>>>>>>>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION))' >>>>>>>>>>> false implying that any of roles assigned to the user do not have >>>>>>>>>>> permissions to change the queue, thus not allowing the user to >>>>>>>>>>> create the queue. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Thank you >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Mon, Oct 12, 2015 at 9:24 PM, Manuri Amaya Perera < >>>>>>>>>>> manu...@wso2.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Devs, >>>>>>>>>>>> >>>>>>>>>>>> WSO2 Carbon Kernel 4.4.2 RC2 Release Vote. >>>>>>>>>>>> >>>>>>>>>>>> This release fixes the following issues: >>>>>>>>>>>> https://wso2.org/jira/issues/?filter=12396 >>>>>>>>>>>> >>>>>>>>>>>> Please download and test your products with kernel 4.4.2 RC2 >>>>>>>>>>>> and vote. Vote will be open for 72 hours or longer as needed. >>>>>>>>>>>> >>>>>>>>>>>> *​Source and binary distribution files:* >>>>>>>>>>>> https://svn.wso2.org/repos/wso2/people/aruna/v4.4.2-rc2 >>>>>>>>>>>> >>>>>>>>>>>> *Maven staging repository:* >>>>>>>>>>>> >>>>>>>>>>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-019/ >>>>>>>>>>>> >>>>>>>>>>>> *The tag to be voted upon:* >>>>>>>>>>>> https://github.com/wso2/carbon-kernel/tree/v4.4.2-rc2 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> [ ] Broken - do not release (explain why) >>>>>>>>>>>> [ ] Stable - go ahead and release >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Thank you >>>>>>>>>>>> Carbon Team >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> >>>>>>>>>>>> *Manuri Amaya Perera* >>>>>>>>>>>> >>>>>>>>>>>> *Software Engineer* >>>>>>>>>>>> >>>>>>>>>>>> *WSO2 Inc.* >>>>>>>>>>>> >>>>>>>>>>>> *Blog: http://manuriamayaperera.blogspot.com >>>>>>>>>>>> <http://manuriamayaperera.blogspot.com>* >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Dev mailing list >>>>>>>>>>>> Dev@wso2.org >>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Sasikala Kottegoda >>>>>>>>>>> *Software Engineer* >>>>>>>>>>> WSO2 Inc., http://wso2.com/ >>>>>>>>>>> lean. enterprise. middleware >>>>>>>>>>> Mobile: +94 774835928/712792401 >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Dev mailing list >>>>>>>>>>> Dev@wso2.org >>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> *Kishanthan Thangarajah* >>>>>>>>>> Associate Technical Lead, >>>>>>>>>> Platform Technologies Team, >>>>>>>>>> WSO2, Inc. >>>>>>>>>> lean.enterprise.middleware >>>>>>>>>> >>>>>>>>>> Mobile - +94773426635 >>>>>>>>>> Blog - *http://kishanthan.wordpress.com >>>>>>>>>> <http://kishanthan.wordpress.com>* >>>>>>>>>> Twitter - *http://twitter.com/kishanthan >>>>>>>>>> <http://twitter.com/kishanthan>* >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> Dev@wso2.org >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Indika Sampath >>>>>>>>> Senior Software Engineer >>>>>>>>> WSO2 Inc. >>>>>>>>> http://wso2.com >>>>>>>>> >>>>>>>>> Phone: +94 716 424 744 >>>>>>>>> Blog: http://indikasampath.blogspot.com/ >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Thanks & Regards, >>>>>>>> >>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>>>>> Governance Technologies Team >>>>>>>> WSO2, Inc. >>>>>>>> lean.enterprise.middleware >>>>>>>> >>>>>>>> Mobile - *+94777776950* >>>>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Isura Dilhara Karunaratne >>>>>>> Senior Software Engineer >>>>>>> >>>>>>> Mob +94 772 254 810 >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Kishanthan Thangarajah* >>>>>> Associate Technical Lead, >>>>>> Platform Technologies Team, >>>>>> WSO2, Inc. >>>>>> lean.enterprise.middleware >>>>>> >>>>>> Mobile - +94773426635 >>>>>> Blog - *http://kishanthan.wordpress.com >>>>>> <http://kishanthan.wordpress.com>* >>>>>> Twitter - *http://twitter.com/kishanthan >>>>>> <http://twitter.com/kishanthan>* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> >>>>> *Johann Dilantha Nallathamby* >>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>> Governance Technologies Team >>>>> WSO2, Inc. >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile - *+94777776950* >>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> >>>> *Johann Dilantha Nallathamby* >>>> Technical Lead & Product Lead of WSO2 Identity Server >>>> Governance Technologies Team >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - *+94777776950* >>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>> >>> >>> >>> >>> -- >>> *Kishanthan Thangarajah* >>> Associate Technical Lead, >>> Platform Technologies Team, >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - +94773426635 >>> Blog - *http://kishanthan.wordpress.com >>> <http://kishanthan.wordpress.com>* >>> Twitter - *http://twitter.com/kishanthan >>> <http://twitter.com/kishanthan>* >>> >> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > > *Pandula Kariyawasam K.B.* > *Senior Software Engineer - QA* > Mobile: +94772314510 > > > > *WSO2 Inc.lean . enterprise . middlewear.http://www.wso2.com > <http://www.wso2.com>* > <http://www.wso2.com> > -- Sasikala Kottegoda *Software Engineer* WSO2 Inc., http://wso2.com/ lean. enterprise. middleware Mobile: +94 774835928/712792401
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev