Hi All, According to the issue [1], when deploying a proxy in the EI with a policy key defined and without the 'enableSec' element, the proxy is getting deployed. When accessing even the http endpoint, we need to give authorization details. When I reproduced this scenario, I had certain observations.
- Even though security is disabled, the proxy is marked as secure. - To access the proxy, we need to give authorization details. But the access is not controlled by the given policy file. - We could access the proxy even with incorrect username and password. To overcome this issue, the obvious solution is to disable the saving of proxy with the policy key when security is disabled. Please provide your suggestions. [1] https://wso2.org/jira/browse/ESBJAVA-4459 Thanks, Thishani -- Regards, *Thishani Lucas* *Software Engineer* *WSO2 Lanka (Private) Limited**: http://wso2.com <http://wso2.com/>* *lean.enterprise.middle-ware* *Tel: +94 77 2556931 * *LinkedIn: https://www.linkedin.com/in/thishani-lucas/ <https://www.linkedin.com/in/thishani-lucas/>* <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
