Re: [Carbon-dev] [Architecture] Providing the option of having the Carbon-UI in HTTP mode
Hi On Sat, Sep 24, 2011 at 8:07 PM, Afkham Azeez az...@wso2.com wrote: On Sat, Sep 24, 2011 at 1:08 PM, Sanjiva Weerawarana sanj...@wso2.comwrote: +1. What is the challenge in achieving this? Basically I don't understand the problem! +1, the issue is currently some of the carbon-ui code is written assuming the UI will work only in HTTPS, there are some hard coded places to redirect HTTP traffic to HTTPS. I think the issue is request on the HTTP port to the /carbon sub-context blindly being redirected to HTTPS. Yes, thats exactly the case, and we mite be able to add a parameter to a config file to enable/disable HTTP access. Also, I remember a discussion a long time ago about how products like GS and BAM were different because they have a user view that must be exposed all the time. The product console is only of interest for admins. +1 Its fine for the admin console to require HTTPS access but totally not fine for the user view to require HTTPS. We used to have an anonymous mode for the user view too IIRC - does does that work?? We still do have the anonymous mode, however the implementation is done via few hacks to the UI, we would like to implement this properly and make it available as a feature in carbon, so products like GS/BAM can benefit from it. Regards, /Nuwan Sanjiva. On Fri, Sep 23, 2011 at 11:25 AM, Nuwan Bandara nu...@wso2.com wrote: Hi All, $Subject is a critical requirement for the Gadget Server. Still we don't have a proper mechanism of providing the UI in HTTP mode. For any other server product this feature might not be a high priority requirement, but for a presentation product like GS, users are willing to have an HTTP mode as well (option to switch between HTTP and HTTPS). However IMO we should keep our BE to FE communication in HTTPS and like to come up with a mechanisms to provide Client to FE communication via HTTP. GS team would like to work on this feature, with the help of security/carbon-core team, and would like to make this available in our next major relase. Suggestion and comments welcome. -- *Thanks Regards, Nuwan Bandara Senior Software Engineer WSO2 Inc. | http://wso2.com lean . enterprise . middleware http://nuwan.bandara.co * http://www.nuwanbando.com/ ___ Architecture mailing list architect...@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Sanjiva Weerawarana, Ph.D. Founder, Chairman CEO; WSO2, Inc.; http://wso2.com/ email: sanj...@wso2.com; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1 650 265 8311 blog: http://sanjiva.weerawarana.org/ Lean . Enterprise . Middleware ___ Architecture mailing list architect...@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * http://www.apache.org/** email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- *Thanks Regards, Nuwan Bandara Senior Software Engineer WSO2 Inc. | http://wso2.com lean . enterprise . middleware http://nuwan.bandara.co * http://www.nuwanbando.com/ ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] [Architecture] Providing the option of having the Carbon-UI in HTTP mode
On Mon, Sep 26, 2011 at 9:46 AM, Nuwan Bandara nu...@wso2.com wrote: Hi On Sat, Sep 24, 2011 at 8:07 PM, Afkham Azeez az...@wso2.com wrote: On Sat, Sep 24, 2011 at 1:08 PM, Sanjiva Weerawarana sanj...@wso2.comwrote: +1. What is the challenge in achieving this? Basically I don't understand the problem! +1, the issue is currently some of the carbon-ui code is written assuming the UI will work only in HTTPS, there are some hard coded places to redirect HTTP traffic to HTTPS. I think the issue is request on the HTTP port to the /carbon sub-context blindly being redirected to HTTPS. Yes, thats exactly the case, and we mite be able to add a parameter to a config file to enable/disable HTTP access. Also, I remember a discussion a long time ago about how products like GS and BAM were different because they have a user view that must be exposed all the time. The product console is only of interest for admins. +1 Its fine for the admin console to require HTTPS access but totally not fine for the user view to require HTTPS. We used to have an anonymous mode for the user view too IIRC - does does that work?? We still do have the anonymous mode, however the implementation is done via few hacks to the UI, we would like to implement this properly and make it available as a feature in carbon, so products like GS/BAM can benefit from it. +1. Redesigning the UI framework is part of our Roadmap. Lets have a meeting on this and discuss this matter. Thanks, Sameera. Regards, /Nuwan Sanjiva. On Fri, Sep 23, 2011 at 11:25 AM, Nuwan Bandara nu...@wso2.com wrote: Hi All, $Subject is a critical requirement for the Gadget Server. Still we don't have a proper mechanism of providing the UI in HTTP mode. For any other server product this feature might not be a high priority requirement, but for a presentation product like GS, users are willing to have an HTTP mode as well (option to switch between HTTP and HTTPS). However IMO we should keep our BE to FE communication in HTTPS and like to come up with a mechanisms to provide Client to FE communication via HTTP. GS team would like to work on this feature, with the help of security/carbon-core team, and would like to make this available in our next major relase. Suggestion and comments welcome. -- *Thanks Regards, Nuwan Bandara Senior Software Engineer WSO2 Inc. | http://wso2.com lean . enterprise . middleware http://nuwan.bandara.co * http://www.nuwanbando.com/ ___ Architecture mailing list architect...@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Sanjiva Weerawarana, Ph.D. Founder, Chairman CEO; WSO2, Inc.; http://wso2.com/ email: sanj...@wso2.com; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1 650 265 8311 blog: http://sanjiva.weerawarana.org/ Lean . Enterprise . Middleware ___ Architecture mailing list architect...@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * http://www.apache.org/** email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev -- *Thanks Regards, Nuwan Bandara Senior Software Engineer WSO2 Inc. | http://wso2.com lean . enterprise . middleware http://nuwan.bandara.co * http://www.nuwanbando.com/ ___ Architecture mailing list architect...@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Sameera Jayasoma Technical Lead and Product Manager, WSO2 Carbon WSO2, Inc. (http://wso2.com) email: same...@wso2.com blog: http://tech.jayasoma.org Lean . Enterprise . Middleware ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] [Architecture] Providing the option of having the Carbon-UI in HTTP mode
+1. What is the challenge in achieving this? Basically I don't understand the problem! Also, I remember a discussion a long time ago about how products like GS and BAM were different because they have a user view that must be exposed all the time. The product console is only of interest for admins. Its fine for the admin console to require HTTPS access but totally not fine for the user view to require HTTPS. We used to have an anonymous mode for the user view too IIRC - does does that work?? Sanjiva. On Fri, Sep 23, 2011 at 11:25 AM, Nuwan Bandara nu...@wso2.com wrote: Hi All, $Subject is a critical requirement for the Gadget Server. Still we don't have a proper mechanism of providing the UI in HTTP mode. For any other server product this feature might not be a high priority requirement, but for a presentation product like GS, users are willing to have an HTTP mode as well (option to switch between HTTP and HTTPS). However IMO we should keep our BE to FE communication in HTTPS and like to come up with a mechanisms to provide Client to FE communication via HTTP. GS team would like to work on this feature, with the help of security/carbon-core team, and would like to make this available in our next major relase. Suggestion and comments welcome. -- *Thanks Regards, Nuwan Bandara Senior Software Engineer WSO2 Inc. | http://wso2.com lean . enterprise . middleware http://nuwan.bandara.co * http://www.nuwanbando.com/ ___ Architecture mailing list architect...@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Sanjiva Weerawarana, Ph.D. Founder, Chairman CEO; WSO2, Inc.; http://wso2.com/ email: sanj...@wso2.com; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1 650 265 8311 blog: http://sanjiva.weerawarana.org/ Lean . Enterprise . Middleware ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] [Architecture] Providing the option of having the Carbon-UI in HTTP mode
On Sat, Sep 24, 2011 at 1:08 PM, Sanjiva Weerawarana sanj...@wso2.comwrote: +1. What is the challenge in achieving this? Basically I don't understand the problem! I think the issue is request on the HTTP port to the /carbon sub-context blindly being redirected to HTTPS. Also, I remember a discussion a long time ago about how products like GS and BAM were different because they have a user view that must be exposed all the time. The product console is only of interest for admins. Its fine for the admin console to require HTTPS access but totally not fine for the user view to require HTTPS. We used to have an anonymous mode for the user view too IIRC - does does that work?? Sanjiva. On Fri, Sep 23, 2011 at 11:25 AM, Nuwan Bandara nu...@wso2.com wrote: Hi All, $Subject is a critical requirement for the Gadget Server. Still we don't have a proper mechanism of providing the UI in HTTP mode. For any other server product this feature might not be a high priority requirement, but for a presentation product like GS, users are willing to have an HTTP mode as well (option to switch between HTTP and HTTPS). However IMO we should keep our BE to FE communication in HTTPS and like to come up with a mechanisms to provide Client to FE communication via HTTP. GS team would like to work on this feature, with the help of security/carbon-core team, and would like to make this available in our next major relase. Suggestion and comments welcome. -- *Thanks Regards, Nuwan Bandara Senior Software Engineer WSO2 Inc. | http://wso2.com lean . enterprise . middleware http://nuwan.bandara.co * http://www.nuwanbando.com/ ___ Architecture mailing list architect...@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Sanjiva Weerawarana, Ph.D. Founder, Chairman CEO; WSO2, Inc.; http://wso2.com/ email: sanj...@wso2.com; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1 650 265 8311 blog: http://sanjiva.weerawarana.org/ Lean . Enterprise . Middleware ___ Architecture mailing list architect...@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * http://www.apache.org/** email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev