On Mon, Oct 19, 2015 at 9:32 AM, Hasanthi Purnima Dissanayake < hasan...@wso2.com> wrote:
> Hi Kishanthan, > Please find the requested information for [1] as a jira attchement. Please > consider that I observed this issue only when both proxy context path and > web context root is enabled as I mentioned in the JIRA. > Hi Johann, Hasanthi, AFAIU the configuration you are using is wrong when using WebContext and the ProxyContextpath both. You need to add the *proxy cookie rewrite* URL paths in order to work correctly. Try adding those parameters. Regards, Aruna > > [1] https://wso2.org/jira/browse/CARBON-15475 > > Thanks > > Hasanthi Dissanayake > > Software Engineer | WSO2 > > E: hasan...@wso2.com <nirosh...@wso2.com> > M :0718407133| http://wso2.com <http://wso2.com/> > > On Fri, Oct 16, 2015 at 2:38 PM, Kishanthan Thangarajah < > kishant...@wso2.com> wrote: > >> >> >> On Fri, Oct 16, 2015 at 11:27 AM, Johann Nallathamby <joh...@wso2.com> >> wrote: >> >>> Hi Kishanthan/Kernel Team, >>> >>> We have added the test case as well to the same PR. >>> >> >> Thanks Johann. >> >> @MB Team, could you guys verify that all your scenarios are now >> passing?. We will start the next RC build once this is confirmed ASAP. >> >>> >>> Also can we get CARBON-15505 merged? The PR for master is a very old PR >>> which we have missed to review and merge. This mainly contains some >>> reordering of fields in the UI to make it more consistent and reorder >>> properties in user-mgt.xml to be consistent with UI. Hope we don't need any >>> tests for this. >>> >> >> I think its better not to add any more changes at this stage. We will >> merge this for next patch release. >> >>> >>> Any update on the 3 issues raised above ? >>> >> >> For [1], we need more information to reproduce (LB & IS config, example >> requests, HTTP access logs on both LB and IS side with this issue). Will >> send a separate mail on that, but I believe its not a blocker for the IS >> release right? >> [2] and [3], we haven't seen this error previously and according the >> trace, it looks like the "distributedCache" instance is becoming null in >> CacheImpl class. If the exact steps can be found or given on how to >> reproduce this, then we can work on finding the root cause for this. >> >> >>> Thanks, >>> Johann. >>> >>> On Thu, Oct 15, 2015 at 3:30 PM, Johann Nallathamby <joh...@wso2.com> >>> wrote: >>> >>>> Hi Kishanthan/Kernel Team, >>>> >>>> We are in the process writing the test case for the issue. Should be >>>> able to send it before end of day. >>>> >>>> [1] has been reported in another thread. This issue in particular looks >>>> critical to me, because AFAIK there are many users using proxyContextPath. >>>> Not sure about WebContextRoot though. Apart from that WSO2 QA has reported >>>> [2,3] in IS 5.1.0 SNAPSHOT pack. May be its harmless, but looks like it is >>>> coming from kernel and would like to get your thoughts on this if this is >>>> critical and needs to be fixed. >>>> >>>> [1] https://wso2.org/jira/browse/CARBON-15475 >>>> [2] https://wso2.org/jira/browse/IDENTITY-3815 >>>> [3] https://wso2.org/jira/browse/IDENTITY-3817 >>>> >>>> And also it will be great if we can change the default value of >>>> XSSPreventionConfig.Enabled to 'false' because this was added in order to >>>> prevent XSS centrally, however the approach is not 100% bug free. Whoever >>>> has this enabled needs to test all their functionality well. Therefore what >>>> I suggest is to make it 'false' by default and whatever product that needs >>>> it can enable it at product level. WDYT ? Can we do this ? >>>> >>>> Regards, >>>> Johann. >>>> >>>> >>>> On Wed, Oct 14, 2015 at 6:30 PM, Kishanthan Thangarajah < >>>> kishant...@wso2.com> wrote: >>>> >>>>> Can we also have test case for this fix please? >>>>> >>>>> On Wed, Oct 14, 2015 at 6:13 PM, Isura Karunaratne <is...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> This issue is fixed in [1]. >>>>>> >>>>>> >>>>>> Thanks >>>>>> isura >>>>>> >>>>>> >>>>>> [1] https://wso2.org/jira/browse/CARBON-15517 >>>>>> >>>>>> >>>>>> On Wed, Oct 14, 2015 at 11:25 AM, Johann Nallathamby <joh...@wso2.com >>>>>> > wrote: >>>>>> >>>>>>> Hi Isura, >>>>>>> >>>>>>> Can you look into this issue urgently. I remember you fixing an >>>>>>> issue related to this. >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> On Wed, Oct 14, 2015 at 7:16 AM, Indika Sampath <indi...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> I debug code of our and found issue. It seems implementation of >>>>>>>> some API changed in user-core. Let me explain the flow. >>>>>>>> >>>>>>>> Our queue/topic creation has two call. >>>>>>>> >>>>>>>> 1. We create internal role when adding queue and assign >>>>>>>> "changePermission", "publish", "consume" permissions to it. Which >>>>>>>> means >>>>>>>> that, user who created particular queue can update permission, publish >>>>>>>> or >>>>>>>> consume. >>>>>>>> >>>>>>>> - Below code line used to get internal role name: >>>>>>>> >>>>>>>> UserCoreUtil.addInternalDomainName(QUEUE_ROLE_PREFIX + >>>>>>>> queueName.replace(".","-").replace("/", "-")) >>>>>>>> >>>>>>>> result = {java.lang.String@10289}"*Internal/Q_userQueue*" >>>>>>>> value = {char[21]@10290} >>>>>>>> hash = 0 >>>>>>>> hash32 = 0 >>>>>>>> >>>>>>>> - assign permission as below: >>>>>>>> >>>>>>>> userStoreManager.addRole(roleName, user, null); >>>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, >>>>>>>> queueId, PERMISSION_CHANGE_PERMISSION); >>>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, >>>>>>>> queueId, TreeNode.Permission.CONSUME.toString().toLowerCase()); >>>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, >>>>>>>> queueId, TreeNode.Permission.PUBLISH.toString().toLowerCase()); >>>>>>>> >>>>>>>> 2. User can select some other role listed in in queue add page. He >>>>>>>> can select these role when adding queue or later by updating queue. So >>>>>>>> in >>>>>>>> update permission we checked whether any of user's role has above >>>>>>>> assign >>>>>>>> change permission. >>>>>>>> >>>>>>>> - get role list of user: >>>>>>>> >>>>>>>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser) >>>>>>>> >>>>>>>> result = {java.lang.String[3]@9689} >>>>>>>> [0] = {java.lang.String@9690}"*Internal/Q_userQueue*" >>>>>>>> [1] = {java.lang.String@9691}"Internal/everyone" >>>>>>>> [2] = {java.lang.String@9692}"role1" >>>>>>>> >>>>>>>> - check whether any of role has change permission >>>>>>>> >>>>>>>> for (String userRole : userRoles) { >>>>>>>> if >>>>>>>> (userRealm.getAuthorizationManager().isRoleAuthorized(userRole, >>>>>>>> queueID, >>>>>>>> PERMISSION_CHANGE_PERMISSION)) { >>>>>>>> isUserHasChangePermission = true; >>>>>>>> } >>>>>>>> } >>>>>>>> >>>>>>>> Issue is above check false for all roles. But we assigned change >>>>>>>> permission to *Internal/Q_userQueue* role when creating queue. >>>>>>>> >>>>>>>> 3. Next I evaluate below code line to check whether which role has >>>>>>>> change permission to queueID. Result is as below: >>>>>>>> >>>>>>>> userRealm.getAuthorizationManager().getAllowedRolesForResource(queueID, >>>>>>>> PERMISSION_CHANGE_PERMISSION) >>>>>>>> >>>>>>>> result = {java.lang.String[1]@9694} >>>>>>>> [0] = {java.lang.String@9686}"*INTERNAL/Q_userQueue*" >>>>>>>> >>>>>>>> Result has different role name. We created role name called >>>>>>>> *Internal/Q_userQueue* and assign permissions but it has created >>>>>>>> with different name *INTERNAL/Q_userQueue* and assign permission. >>>>>>>> >>>>>>>> Please have look into this because it is blocking issue to our >>>>>>>> implementation. >>>>>>>> >>>>>>>> Cheers! >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Oct 13, 2015 at 5:22 PM, Kishanthan Thangarajah < >>>>>>>> kishant...@wso2.com> wrote: >>>>>>>> >>>>>>>>> Was this issue found in 4.4.2 RC1 too? >>>>>>>>> >>>>>>>>> On Tue, Oct 13, 2015 at 4:58 PM, Sasikala Kottegoda < >>>>>>>>> sasik...@wso2.com> wrote: >>>>>>>>> >>>>>>>>>> Hi Manuri, >>>>>>>>>> >>>>>>>>>> We tested MB 3.0.0 with this release and our scenario of queue >>>>>>>>>> creation fails after giving a permission denied error. The scenario >>>>>>>>>> is as >>>>>>>>>> follows: >>>>>>>>>> >>>>>>>>>> 1. Create a user "user1" with a role assigned with permission to >>>>>>>>>> create queues. >>>>>>>>>> 2. Login from "user1" and try to create a queue, we get a >>>>>>>>>> permission denied error. >>>>>>>>>> >>>>>>>>>> When creating a queue the following happens from our code. >>>>>>>>>> >>>>>>>>>> 1. We create an internal role for the queue and assign it to the >>>>>>>>>> current user with permissions assigned. >>>>>>>>>> >>>>>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>>>>>>>> >>>>>>>>>> PERMISSION_CHANGE_PERMISSION); >>>>>>>>>> >>>>>>>>>> 2. Next, we create the queue and update permissions for the queue. >>>>>>>>>> In this step, we check if the current user has permissions to change >>>>>>>>>> the queue. >>>>>>>>>> >>>>>>>>>> String[] userRoles = >>>>>>>>>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser); >>>>>>>>>> for (String userRole : userRoles) { >>>>>>>>>> if (userRealm.getAuthorizationManager().isRoleAuthorized( >>>>>>>>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION)) { >>>>>>>>>> isUserHasChangePermission = true; >>>>>>>>>> } >>>>>>>>>> } >>>>>>>>>> >>>>>>>>>> At this stage, >>>>>>>>>> *'*(userRealm.getAuthorizationManager().isRoleAuthorized( >>>>>>>>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION))' false >>>>>>>>>> implying that any of roles assigned to the user do not have >>>>>>>>>> permissions to change the queue, thus not allowing the user to >>>>>>>>>> create the queue. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thank you >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Mon, Oct 12, 2015 at 9:24 PM, Manuri Amaya Perera < >>>>>>>>>> manu...@wso2.com> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Devs, >>>>>>>>>>> >>>>>>>>>>> WSO2 Carbon Kernel 4.4.2 RC2 Release Vote. >>>>>>>>>>> >>>>>>>>>>> This release fixes the following issues: >>>>>>>>>>> https://wso2.org/jira/issues/?filter=12396 >>>>>>>>>>> >>>>>>>>>>> Please download and test your products with kernel 4.4.2 RC2 and >>>>>>>>>>> vote. Vote will be open for 72 hours or longer as needed. >>>>>>>>>>> >>>>>>>>>>> *​Source and binary distribution files:* >>>>>>>>>>> https://svn.wso2.org/repos/wso2/people/aruna/v4.4.2-rc2 >>>>>>>>>>> >>>>>>>>>>> *Maven staging repository:* >>>>>>>>>>> >>>>>>>>>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-019/ >>>>>>>>>>> >>>>>>>>>>> *The tag to be voted upon:* >>>>>>>>>>> https://github.com/wso2/carbon-kernel/tree/v4.4.2-rc2 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> [ ] Broken - do not release (explain why) >>>>>>>>>>> [ ] Stable - go ahead and release >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Thank you >>>>>>>>>>> Carbon Team >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> *Manuri Amaya Perera* >>>>>>>>>>> >>>>>>>>>>> *Software Engineer* >>>>>>>>>>> >>>>>>>>>>> *WSO2 Inc.* >>>>>>>>>>> >>>>>>>>>>> *Blog: http://manuriamayaperera.blogspot.com >>>>>>>>>>> <http://manuriamayaperera.blogspot.com>* >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Dev mailing list >>>>>>>>>>> Dev@wso2.org >>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Sasikala Kottegoda >>>>>>>>>> *Software Engineer* >>>>>>>>>> WSO2 Inc., http://wso2.com/ >>>>>>>>>> lean. enterprise. middleware >>>>>>>>>> Mobile: +94 774835928/712792401 >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> Dev@wso2.org >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Kishanthan Thangarajah* >>>>>>>>> Associate Technical Lead, >>>>>>>>> Platform Technologies Team, >>>>>>>>> WSO2, Inc. >>>>>>>>> lean.enterprise.middleware >>>>>>>>> >>>>>>>>> Mobile - +94773426635 >>>>>>>>> Blog - *http://kishanthan.wordpress.com >>>>>>>>> <http://kishanthan.wordpress.com>* >>>>>>>>> Twitter - *http://twitter.com/kishanthan >>>>>>>>> <http://twitter.com/kishanthan>* >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> Dev@wso2.org >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Indika Sampath >>>>>>>> Senior Software Engineer >>>>>>>> WSO2 Inc. >>>>>>>> http://wso2.com >>>>>>>> >>>>>>>> Phone: +94 716 424 744 >>>>>>>> Blog: http://indikasampath.blogspot.com/ >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Thanks & Regards, >>>>>>> >>>>>>> *Johann Dilantha Nallathamby* >>>>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>>>> Governance Technologies Team >>>>>>> WSO2, Inc. >>>>>>> lean.enterprise.middleware >>>>>>> >>>>>>> Mobile - *+94777776950* >>>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Isura Dilhara Karunaratne >>>>>> Senior Software Engineer >>>>>> >>>>>> Mob +94 772 254 810 >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Kishanthan Thangarajah* >>>>> Associate Technical Lead, >>>>> Platform Technologies Team, >>>>> WSO2, Inc. >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile - +94773426635 >>>>> Blog - *http://kishanthan.wordpress.com >>>>> <http://kishanthan.wordpress.com>* >>>>> Twitter - *http://twitter.com/kishanthan >>>>> <http://twitter.com/kishanthan>* >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> >>>> *Johann Dilantha Nallathamby* >>>> Technical Lead & Product Lead of WSO2 Identity Server >>>> Governance Technologies Team >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - *+94777776950* >>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Technical Lead & Product Lead of WSO2 Identity Server >>> Governance Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> >> >> -- >> *Kishanthan Thangarajah* >> Associate Technical Lead, >> Platform Technologies Team, >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - +94773426635 >> Blog - *http://kishanthan.wordpress.com >> <http://kishanthan.wordpress.com>* >> Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>* >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Aruna Sujith Karunarathna *| Software Engineer WSO2, Inc | lean. enterprise. middleware. #20, Palm Grove, Colombo 03, Sri Lanka Mobile: +94 71 9040362 | Work: +94 112145345 Email: ar...@wso2.com | Web: www.wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
