[Dev] WSO2 Committers += Nisala Nanayakkara

[Sinthuja Ragendran]

Hi All,

It's my pleasure to welcome Nisala Nanayakkara as a WSO2 Committer.

Nisala has been a valuable contributor to the Dashboard Server Team and
then Platform Team. In recognition of his contribution, dedication and
commitment he has been voted as a WSO2 committer.

Nisala, welcome aboard and keep up the good work!

Thanks,
Sinthuja.

-- 
*Sinthuja Rajendran*
Technical Lead
WSO2, Inc.:http://wso2.com

Blog: http://sinthu-rajan.blogspot.com/
Mobile: +94774273955
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Nisala Nanayakkara

[Chanaka Cooray]

Congratz Nisala :)

On Tue, Feb 28, 2017 at 2:16 PM, Sinthuja Ragendran 
wrote:

> Hi All,
>
> It's my pleasure to welcome Nisala Nanayakkara as a WSO2 Committer.
>
> Nisala has been a valuable contributor to the Dashboard Server Team and
> then Platform Team. In recognition of his contribution, dedication and
> commitment he has been voted as a WSO2 committer.
>
> Nisala, welcome aboard and keep up the good work!
>
> Thanks,
> Sinthuja.
>
> --
> *Sinthuja Rajendran*
> Technical Lead
> WSO2, Inc.:http://wso2.com
>
> Blog: http://sinthu-rajan.blogspot.com/
> Mobile: +94774273955 <+94%2077%20427%203955>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Chanaka Cooray
Software Engineer, WSO2 Inc. http://wso2.com
Email: chana...@wso2.com
Mobile: +94713149860

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Nisala Nanayakkara

[Heshitha Hettihewa]

Congratz Nisala!!! :)

On Tue, Feb 28, 2017 at 2:18 PM, Chanaka Cooray  wrote:

> Congratz Nisala :)
>
> On Tue, Feb 28, 2017 at 2:16 PM, Sinthuja Ragendran 
> wrote:
>
>> Hi All,
>>
>> It's my pleasure to welcome Nisala Nanayakkara as a WSO2 Committer.
>>
>> Nisala has been a valuable contributor to the Dashboard Server Team and
>> then Platform Team. In recognition of his contribution, dedication and
>> commitment he has been voted as a WSO2 committer.
>>
>> Nisala, welcome aboard and keep up the good work!
>>
>> Thanks,
>> Sinthuja.
>>
>> --
>> *Sinthuja Rajendran*
>> Technical Lead
>> WSO2, Inc.:http://wso2.com
>>
>> Blog: http://sinthu-rajan.blogspot.com/
>> Mobile: +94774273955 <+94%2077%20427%203955>
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Chanaka Cooray
> Software Engineer, WSO2 Inc. http://wso2.com
> Email: chana...@wso2.com
> Mobile: +94713149860 <+94%2071%20314%209860>
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Heshitha Hettihewa
*Software Engineer*
Mobile : +94716866386
<%2B94%20%280%29%20773%20451194>
heshit...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Nisala Nanayakkara

[Irunika Weeraratne]

Congratulations Nisala

*Irunika Weeraratne*
*Software Engineer | WSO2, Inc. *
*Email : irun...@wso2.com *
*LinkedIn : https://lk.linkedin.com/in/irunika
*
*Mobile : +94712403314*
*Lean . Enterprise . Middleware*


On Tue, Feb 28, 2017 at 2:20 PM, Heshitha Hettihewa 
wrote:

> Congratz Nisala!!! :)
>
> On Tue, Feb 28, 2017 at 2:18 PM, Chanaka Cooray  wrote:
>
>> Congratz Nisala :)
>>
>> On Tue, Feb 28, 2017 at 2:16 PM, Sinthuja Ragendran 
>> wrote:
>>
>>> Hi All,
>>>
>>> It's my pleasure to welcome Nisala Nanayakkara as a WSO2 Committer.
>>>
>>> Nisala has been a valuable contributor to the Dashboard Server Team and
>>> then Platform Team. In recognition of his contribution, dedication and
>>> commitment he has been voted as a WSO2 committer.
>>>
>>> Nisala, welcome aboard and keep up the good work!
>>>
>>> Thanks,
>>> Sinthuja.
>>>
>>> --
>>> *Sinthuja Rajendran*
>>> Technical Lead
>>> WSO2, Inc.:http://wso2.com
>>>
>>> Blog: http://sinthu-rajan.blogspot.com/
>>> Mobile: +94774273955 <+94%2077%20427%203955>
>>>
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Chanaka Cooray
>> Software Engineer, WSO2 Inc. http://wso2.com
>> Email: chana...@wso2.com
>> Mobile: +94713149860 <+94%2071%20314%209860>
>> 
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Heshitha Hettihewa
> *Software Engineer*
> Mobile : +94716866386
> <%2B94%20%280%29%20773%20451194>
> heshit...@wso2.com
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] SAML Request validation happens after completing all the authentication steps

[Farasath Ahamed]

Hi,

Noticed $subject happening when we configure SAML SSO with SAML Request
Validation enabled.

This means that even for an invalid SAML Request (with an invalid
signature) the user will go through the authentication steps configured for
that Service Provider(identified by the issuer value in the request) and
the SAML Request validation only happens after we get the response from the
authentication framework.

Is this the expected behaviour?


Thanks,
Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Nisala Nanayakkara

[Shan Mahanama]

Congratz nisala :)

On Tue, Feb 28, 2017 at 2:23 PM, Irunika Weeraratne 
wrote:

> Congratulations Nisala
>
> *Irunika Weeraratne*
> *Software Engineer | WSO2, Inc. *
> *Email : irun...@wso2.com *
> *LinkedIn : https://lk.linkedin.com/in/irunika
> *
> *Mobile : +94712403314 <+94%2071%20240%203314>*
> *Lean . Enterprise . Middleware*
>
>
> On Tue, Feb 28, 2017 at 2:20 PM, Heshitha Hettihewa 
> wrote:
>
>> Congratz Nisala!!! :)
>>
>> On Tue, Feb 28, 2017 at 2:18 PM, Chanaka Cooray 
>> wrote:
>>
>>> Congratz Nisala :)
>>>
>>> On Tue, Feb 28, 2017 at 2:16 PM, Sinthuja Ragendran 
>>> wrote:
>>>
 Hi All,

 It's my pleasure to welcome Nisala Nanayakkara as a WSO2 Committer.

 Nisala has been a valuable contributor to the Dashboard Server Team and
 then Platform Team. In recognition of his contribution, dedication and
 commitment he has been voted as a WSO2 committer.

 Nisala, welcome aboard and keep up the good work!

 Thanks,
 Sinthuja.

 --
 *Sinthuja Rajendran*
 Technical Lead
 WSO2, Inc.:http://wso2.com

 Blog: http://sinthu-rajan.blogspot.com/
 Mobile: +94774273955 <+94%2077%20427%203955>



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Chanaka Cooray
>>> Software Engineer, WSO2 Inc. http://wso2.com
>>> Email: chana...@wso2.com
>>> Mobile: +94713149860 <+94%2071%20314%209860>
>>> 
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Heshitha Hettihewa
>> *Software Engineer*
>> Mobile : +94716866386
>> <%2B94%20%280%29%20773%20451194>
>> heshit...@wso2.com
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Shan Mahanama

Software Engineer, WSO2 Inc. http://wso2.com

Email: sh...@wso2.com
Mobile: +94 71 2000 498
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SAML Request validation happens after completing all the authentication steps

[Thanuja Jayasinghe]

Hi Farasath,

On Tue, Feb 28, 2017 at 2:39 PM, Farasath Ahamed  wrote:

> Hi,
>
> Noticed $subject happening when we configure SAML SSO with SAML Request
> Validation enabled.
>
> This means that even for an invalid SAML Request (with an invalid
> signature) the user will go through the authentication steps configured for
> that Service Provider(identified by the issuer value in the request) and
> the SAML Request validation only happens after we get the response from the
> authentication framework.
>
> Is this the expected behaviour?
>
> Yes.

We only validate issuer name of the SAML service priovider in the
authentication request before the authentication.

Since we store SAML related configurations in the registry, we have
implemented it in this way to improve performance for the valid
authentication requests.

But ideally, we should validate authentication request before moving to
authentication.


>
> Thanks,
> Farasath Ahamed
> Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 
> 
>
>
Thanks,
Thanuja
-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SAML Request validation happens after completing all the authentication steps

[Dulanja Liyanage]

Originally we identified the tenant domain only after user authentication.
Then only tenant specific SP configs could be retrieved. That's why
validation was done only after authentication.

On Tue, Feb 28, 2017 at 2:49 PM, Thanuja Jayasinghe 
wrote:

> Hi Farasath,
>
> On Tue, Feb 28, 2017 at 2:39 PM, Farasath Ahamed 
> wrote:
>
>> Hi,
>>
>> Noticed $subject happening when we configure SAML SSO with SAML Request
>> Validation enabled.
>>
>> This means that even for an invalid SAML Request (with an invalid
>> signature) the user will go through the authentication steps configured for
>> that Service Provider(identified by the issuer value in the request) and
>> the SAML Request validation only happens after we get the response from the
>> authentication framework.
>>
>> Is this the expected behaviour?
>>
>> Yes.
>
> We only validate issuer name of the SAML service priovider in the
> authentication request before the authentication.
>
> Since we store SAML related configurations in the registry, we have
> implemented it in this way to improve performance for the valid
> authentication requests.
>
> But ideally, we should validate authentication request before moving to
> authentication.
>
>
>>
>> Thanks,
>> Farasath Ahamed
>> Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>> 
>>
>>
> Thanks,
> Thanuja
> --
> *Thanuja Lakmal*
> Senior Software Engineer
> WSO2 Inc. http://wso2.com/
> *lean.enterprise.middleware*
> Mobile: +94715979891 +94758009992
>



-- 
Thanks & Regards,
Dulanja Liyanage
Lead, Platform Security Team
WSO2 Inc.
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SAML Request validation happens after completing all the authentication steps

[Johann Nallathamby]

This is how the new SAML2 inbound authenticator is written.

On Tue, Feb 28, 2017 at 4:19 AM, Thanuja Jayasinghe 
wrote:

> Hi Farasath,
>
> On Tue, Feb 28, 2017 at 2:39 PM, Farasath Ahamed 
> wrote:
>
>> Hi,
>>
>> Noticed $subject happening when we configure SAML SSO with SAML Request
>> Validation enabled.
>>
>> This means that even for an invalid SAML Request (with an invalid
>> signature) the user will go through the authentication steps configured for
>> that Service Provider(identified by the issuer value in the request) and
>> the SAML Request validation only happens after we get the response from the
>> authentication framework.
>>
>> Is this the expected behaviour?
>>
>> Yes.
>
> We only validate issuer name of the SAML service priovider in the
> authentication request before the authentication.
>
> Since we store SAML related configurations in the registry, we have
> implemented it in this way to improve performance for the valid
> authentication requests.
>
> But ideally, we should validate authentication request before moving to
> authentication.
>
>
>>
>> Thanks,
>> Farasath Ahamed
>> Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>> 
>>
>>
> Thanks,
> Thanuja
> --
> *Thanuja Lakmal*
> Senior Software Engineer
> WSO2 Inc. http://wso2.com/
> *lean.enterprise.middleware*
> Mobile: +94715979891 +94758009992
>



-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Technical Lead & Product Lead of WSO2 Identity Server
Governance Technologies Team
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SAML Request validation happens after completing all the authentication steps

[Hasintha Indrajee]

On Tue, Feb 28, 2017 at 2:52 PM, Dulanja Liyanage  wrote:

> Originally we identified the tenant domain only after user authentication.
> Then only tenant specific SP configs could be retrieved. That's why
> validation was done only after authentication.
>

Aren't we getting SP tenant domain with the issuer (appended after an "@"
sign)? or at least as a query parameter ?. Do we do any request validation
based on authenticated user's tenant domain ?.

>
> On Tue, Feb 28, 2017 at 2:49 PM, Thanuja Jayasinghe 
> wrote:
>
>> Hi Farasath,
>>
>> On Tue, Feb 28, 2017 at 2:39 PM, Farasath Ahamed 
>> wrote:
>>
>>> Hi,
>>>
>>> Noticed $subject happening when we configure SAML SSO with SAML Request
>>> Validation enabled.
>>>
>>> This means that even for an invalid SAML Request (with an invalid
>>> signature) the user will go through the authentication steps configured for
>>> that Service Provider(identified by the issuer value in the request) and
>>> the SAML Request validation only happens after we get the response from the
>>> authentication framework.
>>>
>>> Is this the expected behaviour?
>>>
>>> Yes.
>>
>> We only validate issuer name of the SAML service priovider in the
>> authentication request before the authentication.
>>
>> Since we store SAML related configurations in the registry, we have
>> implemented it in this way to improve performance for the valid
>> authentication requests.
>>
>> But ideally, we should validate authentication request before moving to
>> authentication.
>>
>>
>>>
>>> Thanks,
>>> Farasath Ahamed
>>> Software Engineer, WSO2 Inc.; http://wso2.com
>>> Mobile: +94777603866
>>> Blog: blog.farazath.com
>>> Twitter: @farazath619 
>>> 
>>>
>>>
>> Thanks,
>> Thanuja
>> --
>> *Thanuja Lakmal*
>> Senior Software Engineer
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891 +94758009992
>>
>
>
>
> --
> Thanks & Regards,
> Dulanja Liyanage
> Lead, Platform Security Team
> WSO2 Inc.
>



-- 
Hasintha Indrajee
WSO2, Inc.
Mobile:+94 771892453
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SAML Request validation happens after completing all the authentication steps

[Thanuja Jayasinghe]

On Tue, Feb 28, 2017 at 2:57 PM, Hasintha Indrajee 
wrote:

>
>
> On Tue, Feb 28, 2017 at 2:52 PM, Dulanja Liyanage 
> wrote:
>
>> Originally we identified the tenant domain only after user
>> authentication. Then only tenant specific SP configs could be retrieved.
>> That's why validation was done only after authentication.
>>
>
> Aren't we getting SP tenant domain with the issuer (appended after an "@"
> sign)? or at least as a query parameter ?. Do we do any request validation
> based on authenticated user's tenant domain ?.
>
Yes, we get the tenant domain of SP in the request. Therefore we can
validate authentication request before the authetication. But considering
the performance we have implemented it this way.


>
>> On Tue, Feb 28, 2017 at 2:49 PM, Thanuja Jayasinghe 
>> wrote:
>>
>>> Hi Farasath,
>>>
>>> On Tue, Feb 28, 2017 at 2:39 PM, Farasath Ahamed 
>>> wrote:
>>>
 Hi,

 Noticed $subject happening when we configure SAML SSO with SAML Request
 Validation enabled.

 This means that even for an invalid SAML Request (with an invalid
 signature) the user will go through the authentication steps configured for
 that Service Provider(identified by the issuer value in the request) and
 the SAML Request validation only happens after we get the response from the
 authentication framework.

 Is this the expected behaviour?

 Yes.
>>>
>>> We only validate issuer name of the SAML service priovider in the
>>> authentication request before the authentication.
>>>
>>> Since we store SAML related configurations in the registry, we have
>>> implemented it in this way to improve performance for the valid
>>> authentication requests.
>>>
>>> But ideally, we should validate authentication request before moving to
>>> authentication.
>>>
>>>

 Thanks,
 Farasath Ahamed
 Software Engineer, WSO2 Inc.; http://wso2.com
 Mobile: +94777603866
 Blog: blog.farazath.com
 Twitter: @farazath619 
 


>>> Thanks,
>>> Thanuja
>>> --
>>> *Thanuja Lakmal*
>>> Senior Software Engineer
>>> WSO2 Inc. http://wso2.com/
>>> *lean.enterprise.middleware*
>>> Mobile: +94715979891 +94758009992
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Dulanja Liyanage
>> Lead, Platform Security Team
>> WSO2 Inc.
>>
>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>


-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SAML Request validation happens after completing all the authentication steps

[Johann Nallathamby]

On Tue, Feb 28, 2017 at 4:27 AM, Hasintha Indrajee 
wrote:

>
>
> On Tue, Feb 28, 2017 at 2:52 PM, Dulanja Liyanage 
> wrote:
>
>> Originally we identified the tenant domain only after user
>> authentication. Then only tenant specific SP configs could be retrieved.
>> That's why validation was done only after authentication.
>>
>
> Aren't we getting SP tenant domain with the issuer (appended after an "@"
> sign)? or at least as a query parameter ?.
>

We don't need to append tenant domain to issuer anymore. Earlier we had it
because some SPs can't send query parameters. Now since we get the tenant
domain from the URL and it is not considered in the code (due to new
multi-tenancy model) we don't need it.


> Do we do any request validation based on authenticated user's tenant
> domain ?.
>

For IS 6.0.0 M4 we haven't considered anything like that. That will come
only when we cater saas use cases with federation. At that point we may
have to extend the authorization handler and implement additional logic
related to federation.


>> On Tue, Feb 28, 2017 at 2:49 PM, Thanuja Jayasinghe 
>> wrote:
>>
>>> Hi Farasath,
>>>
>>> On Tue, Feb 28, 2017 at 2:39 PM, Farasath Ahamed 
>>> wrote:
>>>
 Hi,

 Noticed $subject happening when we configure SAML SSO with SAML Request
 Validation enabled.

 This means that even for an invalid SAML Request (with an invalid
 signature) the user will go through the authentication steps configured for
 that Service Provider(identified by the issuer value in the request) and
 the SAML Request validation only happens after we get the response from the
 authentication framework.

 Is this the expected behaviour?

 Yes.
>>>
>>> We only validate issuer name of the SAML service priovider in the
>>> authentication request before the authentication.
>>>
>>> Since we store SAML related configurations in the registry, we have
>>> implemented it in this way to improve performance for the valid
>>> authentication requests.
>>>
>>> But ideally, we should validate authentication request before moving to
>>> authentication.
>>>
>>>

 Thanks,
 Farasath Ahamed
 Software Engineer, WSO2 Inc.; http://wso2.com
 Mobile: +94777603866
 Blog: blog.farazath.com
 Twitter: @farazath619 
 


>>> Thanks,
>>> Thanuja
>>> --
>>> *Thanuja Lakmal*
>>> Senior Software Engineer
>>> WSO2 Inc. http://wso2.com/
>>> *lean.enterprise.middleware*
>>> Mobile: +94715979891 +94758009992
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Dulanja Liyanage
>> Lead, Platform Security Team
>> WSO2 Inc.
>>
>
>
>
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453 <+94%2077%20189%202453>
>
>


-- 
Thanks & Regards,

*Johann Dilantha Nallathamby*
Technical Lead & Product Lead of WSO2 Identity Server
Governance Technologies Team
WSO2, Inc.
lean.enterprise.middleware

Mobile - *+9476950*
Blog - *http://nallaa.wordpress.com *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Fwd: Security questions are encoded

[Manuranga Perera]

1) Please don't put inline JS in HTML, this is an old practice, people
don't do this anymore [1]. In fact, in my opinion, we should block that
using Content-Security-Policy
2) If you want to send information form backbend-JS to frountend-JS please
use sendToClient feature of UUF

[1] https://en.wikipedia.org/wiki/Unobtrusive_JavaScript

On Tue, Feb 28, 2017 at 6:23 AM, Nuwandi Wickramasinghe 
wrote:

> Does this encoding work properly when sent in javascript attributes as
> well? I recently noticed that following type of calls do not work as
> expected if the value  *question *contains a single quote.
>
> 
>
>
> On Tue, Jan 31, 2017 at 11:04 PM, Manuranga Perera  wrote:
>
>> UUF automatically escaping sensitive characters [1]. Please don't use
>> 'encoding' for 'escaping'.
>>
>> [1] https://github.com/jknack/handlebars.java/blob/1f6c48e606dc1
>> 303d1e92a0a0eaa94120eba64fd/handlebars/src/main/java/com/
>> github/jknack/handlebars/EscapingStrategy.java#L82
>>
>> On Tue, Jan 31, 2017 at 5:23 PM, Jayanga Kaushalya 
>> wrote:
>>
>>> Hi Manuranga,
>>>
>>> This is not because of a security reason. The security question set id
>>> may contains html special characters. So the set id is sent to the UI after
>>> encoding to Base64.
>>>
>>> Thanks!
>>>
>>> *Jayanga Kaushalya*
>>> Software Engineer
>>> Mobile: +94777860160 <+94%2077%20786%200160>
>>> WSO2 Inc. | http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> On Tue, Jan 31, 2017 at 10:42 PM, Manuranga Perera 
>>> wrote:
>>>

 -- Forwarded message --
 From: Manuranga Perera 
 Date: Tue, Jan 31, 2017 at 5:11 PM
 Subject: Security questions are encoded
 To: Johann Nallathamby , Jayanga Kaushalya <
 jayan...@wso2.com>, Isura Karunaratne 


 Security questions are base64 encoded [1]. If they are encrypted (eg:
 RSA) or hashed (eg SHA) I can understand that it's for security reasons.
 All this does is obfuscation, poorly even at that, since base64 can be
 easily decoded.

 Or is it done for non-security reasons, like escaping special
 characters?

 [1] https://github.com/wso2/product-is/blob/6.0.x-C5_m3/portal/o
 sgi-services/org.wso2.is.portal.user.client.api/src/main/jav
 a/org/wso2/is/portal/user/client/api/ChallengeQuestionManage
 rClientServiceImpl.java#L113

 --
 With regards,
 *Manu*ranga Perera.

 phone : 071 7 70 20 50
 mail : m...@wso2.com



 --
 With regards,
 *Manu*ranga Perera.

 phone : 071 7 70 20 50
 mail : m...@wso2.com

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>
>>
>> --
>> With regards,
>> *Manu*ranga Perera.
>>
>> phone : 071 7 70 20 50
>> mail : m...@wso2.com
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> Best Regards,
>
> Nuwandi Wickramasinghe
>
> Software Engineer
>
> WSO2 Inc.
>
> Web : http://wso2.com
>
> Mobile : 0719214873
>



-- 
With regards,
*Manu*ranga Perera.

phone : 071 7 70 20 50
mail : m...@wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] SAML Request validation happens after completing all the authentication steps

[Harsha Thirimanna]

On Tue, Feb 28, 2017 at 2:49 PM, Thanuja Jayasinghe 
wrote:

> Hi Farasath,
>
> On Tue, Feb 28, 2017 at 2:39 PM, Farasath Ahamed 
> wrote:
>
>> Hi,
>>
>> Noticed $subject happening when we configure SAML SSO with SAML Request
>> Validation enabled.
>>
>> This means that even for an invalid SAML Request (with an invalid
>> signature) the user will go through the authentication steps configured for
>> that Service Provider(identified by the issuer value in the request) and
>> the SAML Request validation only happens after we get the response from the
>> authentication framework.
>>
>> Is this the expected behaviour?
>>
>> Yes.
>
> We only validate issuer name of the SAML service priovider in the
> authentication request before the authentication.
>
> Since we store SAML related configurations in the registry, we have
> implemented it in this way to improve performance for the valid
> authentication requests.
>
> But ideally, we should validate authentication request before moving to
> authentication.
>

​Yes, this is happened correctly in IS 6.0.0 that is done the validation
before to the all. ​



>
>
>>
>> Thanks,
>> Farasath Ahamed
>> Software Engineer, WSO2 Inc.; http://wso2.com
>> Mobile: +94777603866
>> Blog: blog.farazath.com
>> Twitter: @farazath619 
>> 
>>
>>
> Thanks,
> Thanuja
> --
> *Thanuja Lakmal*
> Senior Software Engineer
> WSO2 Inc. http://wso2.com/
> *lean.enterprise.middleware*
> Mobile: +94715979891 +94758009992
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Traffic Manager HA deployment on DC/OS

[JOSE MARIA ALVAREZ FERNANDEZ]

Thank you all for your comments on this.We will try to follow the H2 approach, but we are facing another problem regarding the communication between Traffic Manager instances. As we are defining the service in DC/OS as one service, there is no good way to tell the node to replicate  the messages received from the APIGW only to the other TM instances. We have the idea to extend the jndi.properties parsing, to allow the use of the marathon API to get information about the other instances present in the service group. Could you give us a pointer to where we have to extend this to add the functionality?Thank you all,Jose Maria-Harsha Kumara  escribió: -Para: JOSE MARIA ALVAREZ FERNANDEZ De: Harsha Kumara Fecha: 27/02/2017 07:51Cc: "WSO2 Developers' List" Asunto: Re: [Dev] Traffic Manager HA deployment on DC/OSHi Jose,On Thu, Feb 23, 2017 at 10:45 PM, JOSE MARIA ALVAREZ FERNANDEZ  wrote:Hi all,As you may know, we are implementing WSO2 in El Corte Ingles, and we are trying to fit Traffic Manager in our architecture, based on DC/OS and containers. We would like to know which approach you think it may be better for the Traffic Manager component. As we are in a PaaS system, we would like to be able to scale this system out without problems. a) It is our understanding that we have to create a different database schema for every TM instance that we run. We would like to know if it is possible to run this without having to create a new schema for every component (that is, share the same schema). If we create a new schema, that would force us to differentiate the component at DC/OS level, giving them different configurations for different Traffic Manager instances. b) If that is not possible, we would like to know if it is possible to run TM with H2 in memory. As there is nothing that should be persisted in the TM schema, we thought that could be possible.Message Broker(MB) instance running in TM required MB_STORE data source which shouldn't shared with TM instance.It's Ok to have H2 database for it. But by default, MB writes all messages first to the database. Enable HA in TM is same as enabling HA in CEP (https://docs.wso2.com/display/CLUSTER44x/Clustering+CEP+4.0.0). The additional JMS related changes need to be configured to communicate throttle decisions to the gateway nodes.If none of the options are viable, what deployment schema would be the best for this component, taking into account that we would like to be active/active (being able to scale out)?Thank you very much for your help and comments,Jose Maria.www.elcorteingles.es---
Este mensaje, y en su caso, cualquier fichero anexo al mismo, puedecontener información confidencial, siendo para uso exclusivo del destinatario, quedando prohibida su divulgación copia o  distribución a terceros sin la autorización expresa del remitente. Si Vd. ha recibido este mensaje erróneamente, se ruega lo  notifique al remitente y proceda a su borrado.Gracias por su colaboración.This message (including any attachments) may contain confidential information. It is intended for use by the recipient only. Any dissemination, copying or distribution to third parties without the express consent of the sender is strictly prohibited. If you have received this message in error, please delete it immediately and notify the sender. Thank you for your collaboration. 
___Dev mailing listDev@wso2.orghttp://wso2.org/cgi-bin/mailman/listinfo/dev-- Harsha KumaraSoftware Engineer, WSO2 Inc.Mobile: +94775505618Blog:harshcreationz.blogspot.com

www.elcorteingles.es


---

Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
contener información confidencial, siendo para uso exclusivo del 
destinatario, quedando prohibida su divulgación copia o  distribución a 
terceros sin la autorización expresa del remitente. Si Vd. ha recibido 
este mensaje erróneamente, se ruega lo  notifique al remitente y 
proceda a su borrado.
Gracias por su colaboración.

This message (including any attachments) may contain confidential 
information. It is intended for use by the recipient only. Any 
dissemination, copying or distribution to third parties without the 
express consent of the sender is strictly prohibited. If you have 
received this message in error, please delete it immediately and 
notify the sender. 
Thank you for your collaboration.
 

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] GSOC 2017 - Native inbound and connector for FTP/SFTP operations

[Chanaka Lakmal]

[Adding possible mentors]

Best Regards.

*Chanaka Lakmal,*
Undergraduate B.Sc.Eng.(Hons.)
Department of Computer Science & Engineering,
University of Moratuwa,
Sri Lanka.

[image: LinkedIn] 

On Tue, Feb 28, 2017 at 7:53 AM, Chanaka Lakmal  wrote:

> Hi,
>
> I'm interested in the project *Native inbound and connector for FTP/SFTP
> operations*. I would like to know more information regarding this.
>
> I am Chanaka Lakmal, an final year undergraduate from Department of
> Computer Science and Engineering, University of Moratuwa. I have the basic
> knowledge on Java NIO, File Systems and I have been working with ESB and
> connectors.
>
> Initially I went through following [1] to understand about File Inbound
> Protocol and I would like to know more about this project, especially on
> the expected outcomes and the scope of the project.
>
> [1] - https://docs.wso2.com/display/ESB490/File+Inbound+Protocol
>
> Thank you.
>
> Best Regards.
>
> *Chanaka Lakmal,*
> Undergraduate B.Sc.Eng.(Hons.)
> Department of Computer Science & Engineering,
> University of Moratuwa,
> Sri Lanka.
>
> [image: LinkedIn] 
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [GSoC 2017][ESB]Native inbound and connector for IBM MQ 8.0

[Chanaka Balasooriya]

Hi,

I am Chanaka Balasooriya, final year undergraduate at Computer Science and
Engineering Department, University of Moratuwa. I am highly interested in
distributed computing and Java related things and it led me to select and
find more about this project. I was an intern at WSO2 and I have a keen
knowledge about WSO2ESB, inbound endpoints and transports since my
internship project was related to them.

Regarding this project, I have already started to follow the WSO2 doc about
current implementation of  WSO2 ESB for IBM WebSphere MQ through JMS
transport. I would be grateful if you can give me some suggestions and
materials to understand the project more.

Thanks,
-- 
Chanaka Balasooriya
Undergraduate
Department of Computer Science and Engineering
University of Moratuwa
+9471 294 7898
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [C5] NPE in Utils.getCarbonConfigHome()

[Gokul Balakrishnan]

Hi,

In our component, we have a piece of code that has a possibility of being
called from within a Carbon server as well as from outside. This code uses
the Utils.getCarbonConfigHome() method from the kernel.

In the second case, since the required system property is not found in the
runtime, it's a given that the call should fail. However, rather than
failing gracefully, this method throws an NPE since in [1], there's an
attempt to set a null as a system property.

The proper fix here should be that a null check be introduced and the
calling party notified (e.g. through an exception). Added the fix at [2].
Could you check please?

[1]
https://github.com/wso2/carbon-kernel/blob/master/core/src/main/java/org/wso2/carbon/kernel/utils/Utils.java#L67

[2] https://github.com/wso2/carbon-kernel/issues/1309

Thanks,

-- 
Gokul Balakrishnan
Senior Software Engineer,
WSO2, Inc. http://wso2.com
M +94 77 5935 789 | +44 7563 570502
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Atom Plugin for Siddhi

[Sriskandarajah Suhothayan]

Hi Ramindu

Can you please share the necessary information with Supun please.

Regards
Suho

On Tue, Feb 28, 2017 at 3:45 PM, Supun Arunoda <
supunarunoda...@cse.mrt.ac.lk> wrote:

> Hi Suhothayan,
> I'm Supun Arunoda from University of Moratuwa, Sri Lanka. Currently I'm a
> 4th year undergraduate. I worked with National Resource for Network Biology
> in GSoC 2k16. I would like to do this project. Where should I start?
> My previous work with NRNB http://supunarunoda.blogspot.com/
>
> Best Regards
> *Supun Arunoda Munasinghe*
> *Undergraduate at Department of Computer Science & Engineering*
> *University of Moratuwa*
>
>
>


-- 

*S. Suhothayan*
Associate Director / Architect & Team Lead of WSO2 Complex Event Processor
*WSO2 Inc. *http://wso2.com
* *
lean . enterprise . middleware


*cell: (+94) 779 756 757 | blog: http://suhothayan.blogspot.com/
twitter: http://twitter.com/suhothayan
 | linked-in:
http://lk.linkedin.com/in/suhothayan *
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] GSoC 2017- Proposal 4: Idea Plugin for Siddhi

[Mohanadarshan Vivekanandalingam]

[Adding Mentors]

Hi Raveen,

As mentioned in the description in [1] Siddhi is a realtime processing
engine that used in WSO2 CEP. You can get more information about Siddhi
language in [2].. Do a quick google search as" WSO2 Siddhi" if you want to
get more information about Siddhi..

[1]
https://docs.wso2.com/display/GSoC/Project+Proposals+for+2017#ProjectProposalsfor2017-Proposal4:IdeaPluginforSiddhi

[2] https://docs.wso2.com/display/CEP420/SiddhiQL+Guide+3.1

Thanks,
Mohan


On Tue, Feb 28, 2017 at 2:01 AM, Raveen Rathnayake 
wrote:

> Hi,
> I am a second year Software Engineering student from Informatics Institute
> of Technology. Since I have a good knowledge in Java and I am familiar with
> IDEA, I selected the *Proposal 4: Idea Plugin for Siddhi *from the GSoC
> project proposals. I want to get to know more about the Siddhi. If you
> all can help me and give a guide for me, it will be a great start for me on
> this project.
>
> Thank you.
>
> Best Regards,
> Raveen Savinda Rathnayake.
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*V. Mohanadarshan*
*Associate Tech Lead,*
*Data Technologies Team,*
*WSO2, Inc. http://wso2.com  *
*lean.enterprise.middleware.*

email: mo...@wso2.com
phone:(+94) 771117673
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] GSoC 2017

[Harsha Thirimanna]

HI Dhanuka,

Thanks for interesting about this. It is very similar what Google does in
Account chooser.
You can refer [1] to get basic idea about the Account chooser and
deliverables are to provide the support this feature in WSO2 Identity
Server (Detail deliverables are within Proposal). Please go through the
links that we had provided in the proposal and if you have any questions
please feel free to ask.

[1]
http://openid.net/wordpress-content/uploads/2016/05/account-chooser-basic-v8.pdf

​thanks​

*Harsha Thirimanna*
*Associate Tech Lead | WSO2*

Email: hars...@wso2.com
Mob: +94715186770
Blog: http://harshathirimanna.blogspot.com/
Twitter: http://twitter.com/harshathirimann
Linked-In: linked-in:
http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122


On Tue, Feb 28, 2017 at 11:37 AM, Dhanuka  wrote:

> Dear Sir,
>
> Hi, My name is Dhanuka. And I'm a final year computer science student from
> Open University of Sri Lanka. I'm really looking forward to contributing to
> wso2 as a GSoC student. I found a particular project that I'm really
> interested in. (Proposal 19: Account Chooser (Working Group of the OPENID))
> And I've gone through the references that are provided on Proposal 19. But
> I'm not sure what the project is? Can you please guide me how to get
> started?
>
> Thank you.
>
> - Dhanuka
>
> http://sudosparrowhawk.me/
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [C5] Set Location Header for all POST requests

[Malintha Amarasinghe]

On Tue, Feb 28, 2017 at 11:12 AM, Fazlan Nazeem  wrote:

> Hi Malintha,
>
> On Tue, Feb 28, 2017 at 8:45 AM, Malintha Amarasinghe 
> wrote:
>
>> [Re-sending due to "Too many recipients"]
>> On Tue, Feb 28, 2017 at 8:33 AM, Malintha Amarasinghe > > wrote:
>>
>>> Hi,
>>>
>>> On Tue, Feb 28, 2017 at 8:20 AM, Abimaran Kugathasan 
>>> wrote:
>>>
 +Dev

 We need to add this Location Header in all response of HTTP POST
 requests.

 There is a confusion whether to add absolute URL or relativeURL [1]. If
 we add absolute URL, then there can be a problem when a proxy is fronted.

>>> I guess many proxy services are capable of handling absolute URIs; i.e.
>>> re-writing the Location header to the proxy URL so that would not be a
>>> problem I guess. Keeping the absolute URL is easier for the client.
>>>
>>> (nginx) https://www.cyberciti.biz/faq/proxy_redirect-change-replace-
>>> location-refresh-response-headers/
>>> (apache proxy) http://www.microhowto.info/howto/configure_apache_as_
>>> a_reverse_proxy.html#idp39904
>>>
>>>
 [1] : https://tools.ietf.org/html/rfc7231#section-7.1.2

 On Tue, Feb 28, 2017 at 1:04 AM, Ishara Cooray 
 wrote:

> Hi Fazlan,
>
>   LOCATION_HEADER_INCORRECT(900322, "Invalid URL for location", 500, "
> Invalid URL in location header");
>
 From the code I see this happens when there's an exception happen in
>>> the server when trying to build a URI object. So that is acually a server
>>> side error and 500 is correct IMO. But I guess the error description need
>>> to be changed. May be like Error while obtaining URI for Location
>>> header .. WDYT?
>>>
>>
> Yes that seems a better description. Will update the PR.
>
Thanks Fazlan!


> And yes 500 should be the correct status since this is not an error in the
> request and the client is not responsible.
>
>>
>>> Thanks!
>>> Malintha
>>>

> I think more appropriate error code would be something in 4xx
> range(client error), but 500 means it's more like a server error.
>
> How about using *406* Not Acceptable?
>
> [1] https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
>
> Thanks & Regards,
> Ishara Cooray
> Senior Software Engineer
> Mobile : +9477 262 9512 <+94%2077%20262%209512>
> WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> On Mon, Feb 27, 2017 at 10:32 PM, Roshan Wijesena 
> wrote:
>
>>
>> On Mon, Feb 27, 2017 at 6:26 PM, Fazlan Nazeem 
>> wrote:
>>
>>> @Roshan,
>>> can you review the PR and check whether this violates any concept we
>>> discussed during error and exception handling discussion. The usual 
>>> method
>>> had to be altered a bit because we don't have an errorHandler object 
>>> within
>>> the exception object in this case.
>>>
>>
>> This change is fine.
>>
>>
>> --
>> Roshan Wijesena.
>> Senior Software Engineer-WSO2 Inc.
>> Mobile: *+94719154640 <+94%2071%20915%204640>*
>> Email: ros...@wso2.com
>> *WSO2, Inc. :** wso2.com *
>> lean.enterprise.middleware.
>>
>
>


 --
 Thanks
 Abimaran Kugathasan
 Senior Software Engineer - API Technologies

 Email : abima...@wso2.com
 Mobile : +94 773922820 <+94%2077%20392%202820>

 
 
   
 


>>>
>>>
>>> --
>>> Malintha Amarasinghe
>>> Software Engineer
>>> *WSO2, Inc. - lean | enterprise | middleware*
>>> http://wso2.com/
>>>
>>> Mobile : +94 712383306 <+94%2071%20238%203306>
>>>
>>
>>
>>
>> --
>> Malintha Amarasinghe
>> Software Engineer
>> *WSO2, Inc. - lean | enterprise | middleware*
>> http://wso2.com/
>>
>> Mobile : +94 712383306 <+94%2071%20238%203306>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks & Regards,
>
> Fazlan Nazeem
>
> *Software Engineer*
>
> *WSO2 Inc*
> Mobile : +94772338839
> <%2B94%20%280%29%20773%20451194>
> fazl...@wso2.com
>



-- 
Malintha Amarasinghe
Software Engineer
*WSO2, Inc. - lean | enterprise | middleware*
http://wso2.com/

Mobile : +94 712383306
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] GSoC 2017

[Harsha Thirimanna]

Hi Dhanuka,

It would be great if you can send all the mail in public mailing list like
d...@wso2.com or architect...@wso2.com with cc to me.
If you would like to subscribe to our public mailing list, please refer
this [1].

[1] http://wso2.com/mail/
[2] http://wso2.com/community

*Harsha Thirimanna*
*Associate Tech Lead | WSO2*

Email: hars...@wso2.com
Mob: +94715186770
Blog: http://harshathirimanna.blogspot.com/
Twitter: http://twitter.com/harshathirimann
Linked-In: linked-in:
http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122


On Tue, Feb 28, 2017 at 8:27 PM, Dhanuka  wrote:

> Thank you very much sir, for reaching me out. Really appreciate it. Sure
> I'll go through the provided links and let you know if I have any
> questions. Thanks again.
>
> - Dhanuka
>
>
> On 02/28/2017 06:57 PM, Harsha Thirimanna wrote:
>
>> HI Dhanuka,
>>
>> Thanks for interesting about this. It is very similar what Google does in
>> Account chooser.
>> You can refer [1] to get basic idea about the Account chooser and
>> deliverables are to provide the support this feature in WSO2 Identity
>> Server (Detail deliverables are within Proposal). Please go through the
>> links that we had provided in the proposal and if you have any questions
>> please feel free to ask.
>>
>> [1]
>> http://openid.net/wordpress-content/uploads/2016/05/account-
>> chooser-basic-v8.pdf
>>
>> ​thanks​
>>
>> *Harsha Thirimanna*
>> *Associate Tech Lead | WSO2*
>>
>> Email: hars...@wso2.com
>> Mob: +94715186770
>> Blog: http://harshathirimanna.blogspot.com/
>> Twitter: http://twitter.com/harshathirimann
>> Linked-In: linked-in:
>> http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122
>> 
>>
>> On Tue, Feb 28, 2017 at 11:37 AM, Dhanuka  wrote:
>>
>> Dear Sir,
>>>
>>> Hi, My name is Dhanuka. And I'm a final year computer science student
>>> from
>>> Open University of Sri Lanka. I'm really looking forward to contributing
>>> to
>>> wso2 as a GSoC student. I found a particular project that I'm really
>>> interested in. (Proposal 19: Account Chooser (Working Group of the
>>> OPENID))
>>> And I've gone through the references that are provided on Proposal 19.
>>> But
>>> I'm not sure what the project is? Can you please guide me how to get
>>> started?
>>>
>>> Thank you.
>>>
>>> - Dhanuka
>>>
>>> http://sudosparrowhawk.me/
>>>
>>>
>>>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Configuration Maven Plugin Repository

[Vidura Nanayakkara]

Hi,

In relation to the discussions, we had in "Invitation: C5 Carbon
Configuration @ Mon Feb 27, 2017 2pm - 3pm (IST) (WSO2 Engineering Group)",
we came to the conclusion that "org.wso2.carbon.configuration" should be
moved to a separate repository.

However, we did not discuss into which repository should the maven
configuration plugin
(org.wso2.carbon.extensions.configuration.maven.plugin) should belong. I am
assuming it should be moved to the same repository as
"org.wso2.carbon.configuration".

WDYT?

Best Regards,

*Vidura Nanayakkara*

Email : vidu...@wso2.com
Mobile : +94 (0) 717 919277
Web : http://wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [GSoC 2017][ESB]Native inbound and connector for IBM MQ 8.0

[Malaka Silva]

Hi Chanaka,

Thank you for your interest in this project.

Currently with WSO2 ESB there is a generic JMS inbound endpoint that can be
used to consume messages from different brokers. [1]

However there are complexities when configuring WSO2 ESB with IBM MQ. This
is mainly due to class loading issues. Also IBM provides more customized
options that are written on top of JMS transport.

Part of this project is to identify those and develop a new Inbound
Endpoint to support this integration.

Also please confirm that you are a full time student and currently not
employed since it is against GSoC rules.

[1] https://docs.wso2.com/display/ESB500/JMS+Inbound+Protocol

On Tue, Feb 28, 2017 at 4:47 PM, Chanaka Balasooriya 
wrote:

> Hi,
>
> I am Chanaka Balasooriya, final year undergraduate at Computer Science and
> Engineering Department, University of Moratuwa. I am highly interested in
> distributed computing and Java related things and it led me to select and
> find more about this project. I was an intern at WSO2 and I have a keen
> knowledge about WSO2ESB, inbound endpoints and transports since my
> internship project was related to them.
>
> Regarding this project, I have already started to follow the WSO2 doc
> about current implementation of  WSO2 ESB for IBM WebSphere MQ through JMS
> transport. I would be grateful if you can give me some suggestions and
> materials to understand the project more.
>
> Thanks,
> --
> Chanaka Balasooriya
> Undergraduate
> Department of Computer Science and Engineering
> University of Moratuwa
> +9471 294 7898 <071%20294%207898>
>



-- 

Best Regards,

Malaka Silva
Associate Director / Architect
M: +94 777 219 791
Tel : 94 11 214 5345
Fax :94 11 2145300
Skype : malaka.sampath.silva
LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
Blog : http://mrmalakasilva.blogspot.com/

WSO2, Inc.
lean . enterprise . middleware
https://wso2.com/signature
http://www.wso2.com/about/team/malaka-silva/

https://store.wso2.com/store/

Don't make Trees rare, we should keep them with care
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [GSoC 2017][ESB]Native inbound and connector for FTP/SFTP operations

[Malaka Silva]

Hi Hasitha,

Thank you for sending the mail.

Currently we have file inbound endpoint [1] and file connector [2] to
support file operations in WSO2 ESB.

However this is written on top of common-vfs. Common vfs support variety of
file systems or protocols. eg: ftp, samba etc. Due to that this is not
optimum for ftp/sftp. Also this provides limited options.

We have done a similar development to manage local file system using Java
NIO. [3] The idea of this project is to come up with similar inbound and
connector for ftp/sftp protocol.

Also please confirm that you are a full time student and currently not
employed since it is against GSoC rules.

[1] https://docs.wso2.com/display/ESB500/File+Inbound+Protocol
[2]
https://store.wso2.com/store/assets/esbconnector/details/48bab332-c6a6-4f5a-9b79-17e29c7ad4c6
[3]
https://store.wso2.com/store/assets/esbconnector/details/9ac7accf-6535-46c2-853e-9ca75c23cdef


On Tue, Feb 28, 2017 at 12:02 PM, Hasitha Jayasundara <
hasithajayasunda...@gmail.com> wrote:

> Hi,
>
> I am a final year undergraduate of Electronic and Telecommunication
> Engineering, University of Moratuwa. My experience with Java
> 8,rx-java,carbon transport and WSO2 integration server motivated me to
> select this project as my GSoC project for 2017. I was an intern at
> WSo2( Integration team) for 6 months implementing several features for new
> Integration server using Java8 and rxJava. Please provide me some guide
> lines and materials for study and get a clear understanding about the
> mentioned project.
>
> Thanks
>
> --
> *D.M.Hasitha Nadishan Jayasundara*
> *Department of Electronic and Telecommunication Engineering*
> University of Moratuwa
> *mobile:* *+94711959266 <071%20195%209266>*
> *blogspot*: learnjavawithisla.blogspot.com/  *email:* hasithajayasundar
> a...@gmail.com
> 
> 
> 
>



-- 

Best Regards,

Malaka Silva
Associate Director / Architect
M: +94 777 219 791
Tel : 94 11 214 5345
Fax :94 11 2145300
Skype : malaka.sampath.silva
LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
Blog : http://mrmalakasilva.blogspot.com/

WSO2, Inc.
lean . enterprise . middleware
https://wso2.com/signature
http://www.wso2.com/about/team/malaka-silva/

https://store.wso2.com/store/

Don't make Trees rare, we should keep them with care
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [MSF4J] Can we provide HTTP handler args in Interceptor level?

[Malintha Amarasinghe]

Hi Vidura,

I went through the links and the approaches you suggested and I have a
couple of questions. I have also tried is to build the Request inside the
Interceptor and get the Java method and the args from the Request (which
was suggested during the offline discussion). For that, I tried to get this
block of code [1] (which builds the request) inside the Interceptor. And
that was successful, but I needed access to some of the internal objects in
MSF4J request path. Ex: HttpResourceModel object [2]. They are not
currently available in Interceptor level, so I had to modify ms4fj-core bit
locally (just to check) to get them inside the Interceptor.

Let's say we are following the approach 1.

   - *Write a custom context provider of your own which will describe how
   the injected value is generated by implementing a certain interface.*

In the custom context provider, will we have access to the internal objects
like [1] so that we can use them to generate the custom context object?

   - *Register the custom context provider to the MSF4J*
   - *Inject the value using @Context annotation (Ex:- @Context(String key)
   Object[] arguments)*

Will it be possible to access the injected values within Interceptors?
Since one of our requirement is to come up with an Interceptor to validate
ETags in a central place, we need to access them within the Interceptor.

[1]
https://github.com/wso2/msf4j/blob/v2.1.1/core/src/main/java/org/wso2/msf4j/internal/MSF4JMessageProcessor.java#L137-L144
[2]
https://github.com/wso2/msf4j/blob/v2.1.1/core/src/main/java/org/wso2/msf4j/internal/MSF4JMessageProcessor.java#L129

Thanks!
Malintha

On Mon, Feb 27, 2017 at 3:08 PM, Malintha Amarasinghe 
wrote:

> Hi Thusitha and all,
>
> Thank you very much for considering this.
>
> @Vidura, Thanks a lot for the detailed response. I will go through it and
> get back to you.
>
> Thanks!
> Malintha
>
>
> On Mon, Feb 27, 2017 at 2:54 PM, Vidura Nanayakkara 
> wrote:
>
>> [Adding Azeez]
>>
>> Hi,
>>
>> In relation to the offline discussion we had, it was clear that the above
>> functionality is not sufficient for your requirement. As per the offline
>> discussion, the suggested approach was to use custom contexts. [1]
>> , [2]
>> 
>>  describes
>> an Apache CXF example of using custom contexts.
>>
>> Currently in MSF4J using @Context annotation we can inject the Request,
>> Response, HttpStreamer, FormParamIterator and MultivaluedMap instances.
>> However, these are not accessible via interceptors as per the current
>> implementation. The approach we were using to inject values is by using the
>> approach I have explained in the previous email.
>>
>> Therefore to solve the above problem, there are 2 solutions we can
>> introduce to MSF4J.
>>
>>1. *Introduce custom injection and lifecycle management [1]
>>, [2]
>>
>> 
>>to MSF4J.*
>>
>> Using this approach what you should basically do is:
>>
>>
>>- Write a custom context provider of your own which will describe how
>>   the injected value is generated by implementing a certain interface.
>>   - Register the custom context provider to the MSF4J
>>   - Inject the value using @Context annotation (Ex:- @Context(String
>>   key) Object[] arguments)
>>
>>
>>1. *Have a Map map that could be injected using
>>@Context annotation*
>>
>> Using this approach what you basically do is:
>>
>>
>>- Add the arguments you need to inject using the @Context annotation
>>   using @SetContext(String key, Object value). This can be done inside
>>   interceptors or HTTP methods
>>   - Inject the value to using @Context(String key)
>>
>> WDYT?
>>
>> [1] Custom Injection and Lifecycle Management
>> 
>> [2] Custom Context Providers for CXF with the Context Annotation
>> 
>>
>> On Mon, Feb 27, 2017 at 9:59 AM, Vidura Nanayakkara 
>> wrote:
>>
>>> Hi Malintha,
>>>
>>> You can access the `Request` instance from the interceptors. You also
>>> can access the same Request instance from the HTTP resource by injecting
>>> the request to the HTTP method (`@Context Request request`). You also can
>>> set any argument in the request using `request.setProperty(String key,
>>> Object value)` method and retrieve the value using
>>> `request.getProperty(String key)` method. Will this be sufficient for your
>>> requirement?
>>>
>>>
>>>
>>> On Mon, Feb 27, 2017 at 5:55 AM, Thusitha Thilina Dayaratne <
>>> thusit...@wso2.com> wrote:
>>>
 Hi Malintha,

 Thank you very much for the PR. We did some restructuring for the
 interceptors to cater product requirementsts[1]. There

Re: [Dev] GSOC 2017 - Native inbound and connector for FTP/SFTP operations

[Malaka Silva]

Hi Chanaka,

Thank you for sending the mail.

Currently we have file inbound endpoint [1] and file connector [2] to
support file operations in WSO2 ESB.

However this is written on top of common-vfs. Common vfs support variety of
file systems or protocols. eg: ftp, samba etc. Due to that this is not
optimum for ftp/sftp. Also this provides limited options.

We have done a similar development to manage local file system using Java
NIO. [3] The idea of this project is to come up with similar inbound and
connector for ftp/sftp protocol.

Also please confirm that you are a full time student and currently not
employed since it is against GSoC rules.

[1] https://docs.wso2.com/display/ESB500/File+Inbound+Protocol
[2] https://store.wso2.com/store/assets/esbconnector/
details/48bab332-c6a6-4f5a-9b79-17e29c7ad4c6
[3] https://store.wso2.com/store/assets/esbconnector/
details/9ac7accf-6535-46c2-853e-9ca75c23cdef

On Tue, Feb 28, 2017 at 7:53 AM, Chanaka Lakmal  wrote:

> Hi,
>
> I'm interested in the project *Native inbound and connector for FTP/SFTP
> operations*. I would like to know more information regarding this.
>
> I am Chanaka Lakmal, an final year undergraduate from Department of
> Computer Science and Engineering, University of Moratuwa. I have the basic
> knowledge on Java NIO, File Systems and I have been working with ESB and
> connectors.
>
> Initially I went through following [1] to understand about File Inbound
> Protocol and I would like to know more about this project, especially on
> the expected outcomes and the scope of the project.
>
> [1] - https://docs.wso2.com/display/ESB490/File+Inbound+Protocol
>
> Thank you.
>
> Best Regards.
>
> *Chanaka Lakmal,*
> Undergraduate B.Sc.Eng.(Hons.)
> Department of Computer Science & Engineering,
> University of Moratuwa,
> Sri Lanka.
>
> [image: LinkedIn] 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

Best Regards,

Malaka Silva
Associate Director / Architect
M: +94 777 219 791
Tel : 94 11 214 5345
Fax :94 11 2145300
Skype : malaka.sampath.silva
LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
Blog : http://mrmalakasilva.blogspot.com/

WSO2, Inc.
lean . enterprise . middleware
https://wso2.com/signature
http://www.wso2.com/about/team/malaka-silva/

https://store.wso2.com/store/

Don't make Trees rare, we should keep them with care
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [MSF4J] Can we provide HTTP handler args in Interceptor level?

[Malintha Amarasinghe]

+ NuwanD, Sanjeewa

On Tue, Feb 28, 2017 at 10:28 PM, Malintha Amarasinghe 
wrote:

> Hi Vidura,
>
> I went through the links and the approaches you suggested and I have a
> couple of questions. I have also tried is to build the Request inside the
> Interceptor and get the Java method and the args from the Request (which
> was suggested during the offline discussion). For that, I tried to get this
> block of code [1] (which builds the request) inside the Interceptor. And
> that was successful, but I needed access to some of the internal objects in
> MSF4J request path. Ex: HttpResourceModel object [2]. They are not
> currently available in Interceptor level, so I had to modify ms4fj-core bit
> locally (just to check) to get them inside the Interceptor.
>
> Let's say we are following the approach 1.
>
>- *Write a custom context provider of your own which will describe how
>the injected value is generated by implementing a certain interface.*
>
> In the custom context provider, will we have access to the internal
> objects like [1] so that we can use them to generate the custom context
> object?
>
>- *Register the custom context provider to the MSF4J*
>- *Inject the value using @Context annotation (Ex:- @Context(String
>key) Object[] arguments)*
>
> Will it be possible to access the injected values within Interceptors?
> Since one of our requirement is to come up with an Interceptor to validate
> ETags in a central place, we need to access them within the Interceptor.
>
> [1] https://github.com/wso2/msf4j/blob/v2.1.1/core/src/
> main/java/org/wso2/msf4j/internal/MSF4JMessageProcessor.java#L137-L144
> [2] https://github.com/wso2/msf4j/blob/v2.1.1/core/src/main/
> java/org/wso2/msf4j/internal/MSF4JMessageProcessor.java#L129
>
> Thanks!
> Malintha
>
> On Mon, Feb 27, 2017 at 3:08 PM, Malintha Amarasinghe 
> wrote:
>
>> Hi Thusitha and all,
>>
>> Thank you very much for considering this.
>>
>> @Vidura, Thanks a lot for the detailed response. I will go through it and
>> get back to you.
>>
>> Thanks!
>> Malintha
>>
>>
>> On Mon, Feb 27, 2017 at 2:54 PM, Vidura Nanayakkara 
>> wrote:
>>
>>> [Adding Azeez]
>>>
>>> Hi,
>>>
>>> In relation to the offline discussion we had, it was clear that the
>>> above functionality is not sufficient for your requirement. As per the
>>> offline discussion, the suggested approach was to use custom contexts.
>>> [1] , [2]
>>> 
>>>  describes
>>> an Apache CXF example of using custom contexts.
>>>
>>> Currently in MSF4J using @Context annotation we can inject the Request,
>>> Response, HttpStreamer, FormParamIterator and MultivaluedMap instances.
>>> However, these are not accessible via interceptors as per the current
>>> implementation. The approach we were using to inject values is by using the
>>> approach I have explained in the previous email.
>>>
>>> Therefore to solve the above problem, there are 2 solutions we can
>>> introduce to MSF4J.
>>>
>>>1. *Introduce custom injection and lifecycle management [1]
>>>, [2]
>>>
>>> 
>>>to MSF4J.*
>>>
>>> Using this approach what you should basically do is:
>>>
>>>
>>>- Write a custom context provider of your own which will describe
>>>   how the injected value is generated by implementing a certain 
>>> interface.
>>>   - Register the custom context provider to the MSF4J
>>>   - Inject the value using @Context annotation (Ex:-
>>>   @Context(String key) Object[] arguments)
>>>
>>>
>>>1. *Have a Map map that could be injected using
>>>@Context annotation*
>>>
>>> Using this approach what you basically do is:
>>>
>>>
>>>- Add the arguments you need to inject using the @Context annotation
>>>   using @SetContext(String key, Object value). This can be done inside
>>>   interceptors or HTTP methods
>>>   - Inject the value to using @Context(String key)
>>>
>>> WDYT?
>>>
>>> [1] Custom Injection and Lifecycle Management
>>> 
>>> [2] Custom Context Providers for CXF with the Context Annotation
>>> 
>>>
>>> On Mon, Feb 27, 2017 at 9:59 AM, Vidura Nanayakkara 
>>> wrote:
>>>
 Hi Malintha,

 You can access the `Request` instance from the interceptors. You also
 can access the same Request instance from the HTTP resource by injecting
 the request to the HTTP method (`@Context Request request`). You also can
 set any argument in the request using `request.setProperty(String key,
 Object value)` method and retrieve the value using
 `request.getProperty(String key)` method. Will this be sufficient for your
 requirement?



 On M

Re: [Dev] [MSF4J] Can we provide HTTP handler args in Interceptor level?

[Thusitha Thilina Dayaratne]

Hi Malintha,

ATM if you try to access the request payload at the interceptor level, you
won't be able to access that again in the service level and it will cause
the particular thread to get wait.
Shall we have a quick discussion on that today? That will help to come up
with a solution for this.

Thanks
Thusitha

On Tue, Feb 28, 2017 at 10:29 PM, Malintha Amarasinghe 
wrote:

> + NuwanD, Sanjeewa
>
> On Tue, Feb 28, 2017 at 10:28 PM, Malintha Amarasinghe  > wrote:
>
>> Hi Vidura,
>>
>> I went through the links and the approaches you suggested and I have a
>> couple of questions. I have also tried is to build the Request inside the
>> Interceptor and get the Java method and the args from the Request (which
>> was suggested during the offline discussion). For that, I tried to get this
>> block of code [1] (which builds the request) inside the Interceptor. And
>> that was successful, but I needed access to some of the internal objects in
>> MSF4J request path. Ex: HttpResourceModel object [2]. They are not
>> currently available in Interceptor level, so I had to modify ms4fj-core bit
>> locally (just to check) to get them inside the Interceptor.
>>
>> Let's say we are following the approach 1.
>>
>>- *Write a custom context provider of your own which will describe
>>how the injected value is generated by implementing a certain interface.*
>>
>> In the custom context provider, will we have access to the internal
>> objects like [1] so that we can use them to generate the custom context
>> object?
>>
>>- *Register the custom context provider to the MSF4J*
>>- *Inject the value using @Context annotation (Ex:- @Context(String
>>key) Object[] arguments)*
>>
>> Will it be possible to access the injected values within Interceptors?
>> Since one of our requirement is to come up with an Interceptor to validate
>> ETags in a central place, we need to access them within the Interceptor.
>>
>> [1] https://github.com/wso2/msf4j/blob/v2.1.1/core/src/main/
>> java/org/wso2/msf4j/internal/MSF4JMessageProcessor.java#L137-L144
>> [2] https://github.com/wso2/msf4j/blob/v2.1.1/core/src/main/java
>> /org/wso2/msf4j/internal/MSF4JMessageProcessor.java#L129
>>
>> Thanks!
>> Malintha
>>
>> On Mon, Feb 27, 2017 at 3:08 PM, Malintha Amarasinghe > > wrote:
>>
>>> Hi Thusitha and all,
>>>
>>> Thank you very much for considering this.
>>>
>>> @Vidura, Thanks a lot for the detailed response. I will go through it
>>> and get back to you.
>>>
>>> Thanks!
>>> Malintha
>>>
>>>
>>> On Mon, Feb 27, 2017 at 2:54 PM, Vidura Nanayakkara 
>>> wrote:
>>>
 [Adding Azeez]

 Hi,

 In relation to the offline discussion we had, it was clear that the
 above functionality is not sufficient for your requirement. As per the
 offline discussion, the suggested approach was to use custom contexts.
 [1] , [2]
 
  describes
 an Apache CXF example of using custom contexts.

 Currently in MSF4J using @Context annotation we can inject the Request,
 Response, HttpStreamer, FormParamIterator and MultivaluedMap instances.
 However, these are not accessible via interceptors as per the current
 implementation. The approach we were using to inject values is by using the
 approach I have explained in the previous email.

 Therefore to solve the above problem, there are 2 solutions we can
 introduce to MSF4J.

1. *Introduce custom injection and lifecycle management [1]
, [2]

 
to MSF4J.*

 Using this approach what you should basically do is:


- Write a custom context provider of your own which will describe
   how the injected value is generated by implementing a certain 
 interface.
   - Register the custom context provider to the MSF4J
   - Inject the value using @Context annotation (Ex:-
   @Context(String key) Object[] arguments)


1. *Have a Map map that could be injected using
@Context annotation*

 Using this approach what you basically do is:


- Add the arguments you need to inject using the @Context
   annotation using @SetContext(String key, Object value). This can be 
 done
   inside interceptors or HTTP methods
   - Inject the value to using @Context(String key)

 WDYT?

 [1] Custom Injection and Lifecycle Management
 
 [2] Custom Context Providers for CXF with the Context Annotation
 

 On Mon, Feb 27, 2017 at 9:59 AM, Vidura Nanayakkara 
 wrote:

>>

Re: [Dev] Atom Plugin for Siddhi

[Ramindu De Silva]

Hi Supun,

As for the starting point, you can check how to create a simple plugin for
atom. Maybe syntax highlighting or providing suggestions or parsing a
language. This will require you to check the developing environment for
atom. And how to build the package structure and how to install on atom.
You can get an idea by looking at several language plugins such as
language-java, autocomplete-java or somewhat simple language.

Then, it'll be useful if you try to understand Siddhi grammar[1] and Siddhi
QL[2] and try to implement the syntax highlighting accordingly.

[1]
https://github.com/wso2/siddhi/blob/master/modules/siddhi-query-compiler/src/main/antlr4/org/wso2/siddhi/query/compiler/SiddhiQL.g4

[2] https://docs.wso2.com/display/CEP420/SiddhiQL+Guide+3.1

Best Regards,

On Tue, Feb 28, 2017 at 6:07 PM, Sriskandarajah Suhothayan 
wrote:

> Hi Ramindu
>
> Can you please share the necessary information with Supun please.
>
> Regards
> Suho
>
> On Tue, Feb 28, 2017 at 3:45 PM, Supun Arunoda <
> supunarunoda...@cse.mrt.ac.lk> wrote:
>
>> Hi Suhothayan,
>> I'm Supun Arunoda from University of Moratuwa, Sri Lanka. Currently I'm a
>> 4th year undergraduate. I worked with National Resource for Network Biology
>> in GSoC 2k16. I would like to do this project. Where should I start?
>> My previous work with NRNB http://supunarunoda.blogspot.com/
>>
>> Best Regards
>> *Supun Arunoda Munasinghe*
>> *Undergraduate at Department of Computer Science & Engineering*
>> *University of Moratuwa*
>>
>>
>>
>
>
> --
>
> *S. Suhothayan*
> Associate Director / Architect & Team Lead of WSO2 Complex Event Processor
> *WSO2 Inc. *http://wso2.com
> * *
> lean . enterprise . middleware
>
>
> *cell: (+94) 779 756 757 <+94%2077%20975%206757> | blog:
> http://suhothayan.blogspot.com/ twitter:
> http://twitter.com/suhothayan  | linked-in:
> http://lk.linkedin.com/in/suhothayan *
>



-- 
*Ramindu De Silva*
Software Engineer
WSO2 Inc.: http://wso2.com
lean.enterprise.middleware

email: ramin...@wso2.com 
mob: +94 772339350
mob: +94 719678895
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [MSF4J] Can we provide HTTP handler args in Interceptor level?

[Malintha Amarasinghe]

On Wed, Mar 1, 2017 at 9:19 AM, Thusitha Thilina Dayaratne <
thusit...@wso2.com> wrote:

> Hi Malintha,
>
> ATM if you try to access the request payload at the interceptor level, you
> won't be able to access that again in the service level and it will cause
> the particular thread to get wait.
> Shall we have a quick discussion on that today? That will help to come up
> with a solution for this.
>
Sure Thusitha. Let's have a discussion today. That would be great.

Thanks!
Malintha

>
> Thanks
> Thusitha
>
> On Tue, Feb 28, 2017 at 10:29 PM, Malintha Amarasinghe  > wrote:
>
>> + NuwanD, Sanjeewa
>>
>> On Tue, Feb 28, 2017 at 10:28 PM, Malintha Amarasinghe <
>> malint...@wso2.com> wrote:
>>
>>> Hi Vidura,
>>>
>>> I went through the links and the approaches you suggested and I have a
>>> couple of questions. I have also tried is to build the Request inside the
>>> Interceptor and get the Java method and the args from the Request (which
>>> was suggested during the offline discussion). For that, I tried to get this
>>> block of code [1] (which builds the request) inside the Interceptor. And
>>> that was successful, but I needed access to some of the internal objects in
>>> MSF4J request path. Ex: HttpResourceModel object [2]. They are not
>>> currently available in Interceptor level, so I had to modify ms4fj-core bit
>>> locally (just to check) to get them inside the Interceptor.
>>>
>>> Let's say we are following the approach 1.
>>>
>>>- *Write a custom context provider of your own which will describe
>>>how the injected value is generated by implementing a certain interface.*
>>>
>>> In the custom context provider, will we have access to the internal
>>> objects like [1] so that we can use them to generate the custom context
>>> object?
>>>
>>>- *Register the custom context provider to the MSF4J*
>>>- *Inject the value using @Context annotation (Ex:- @Context(String
>>>key) Object[] arguments)*
>>>
>>> Will it be possible to access the injected values within Interceptors?
>>> Since one of our requirement is to come up with an Interceptor to validate
>>> ETags in a central place, we need to access them within the Interceptor.
>>>
>>> [1] https://github.com/wso2/msf4j/blob/v2.1.1/core/src/main/
>>> java/org/wso2/msf4j/internal/MSF4JMessageProcessor.java#L137-L144
>>> [2] https://github.com/wso2/msf4j/blob/v2.1.1/core/src/main/java
>>> /org/wso2/msf4j/internal/MSF4JMessageProcessor.java#L129
>>>
>>> Thanks!
>>> Malintha
>>>
>>> On Mon, Feb 27, 2017 at 3:08 PM, Malintha Amarasinghe <
>>> malint...@wso2.com> wrote:
>>>
 Hi Thusitha and all,

 Thank you very much for considering this.

 @Vidura, Thanks a lot for the detailed response. I will go through it
 and get back to you.

 Thanks!
 Malintha


 On Mon, Feb 27, 2017 at 2:54 PM, Vidura Nanayakkara 
 wrote:

> [Adding Azeez]
>
> Hi,
>
> In relation to the offline discussion we had, it was clear that the
> above functionality is not sufficient for your requirement. As per the
> offline discussion, the suggested approach was to use custom contexts.
> [1] , [2]
> 
>  describes
> an Apache CXF example of using custom contexts.
>
> Currently in MSF4J using @Context annotation we can inject the
> Request, Response, HttpStreamer, FormParamIterator and MultivaluedMap
> instances. However, these are not accessible via interceptors as per the
> current implementation. The approach we were using to inject values is by
> using the approach I have explained in the previous email.
>
> Therefore to solve the above problem, there are 2 solutions we can
> introduce to MSF4J.
>
>1. *Introduce custom injection and lifecycle management [1]
>, [2]
>
> 
>to MSF4J.*
>
> Using this approach what you should basically do is:
>
>
>- Write a custom context provider of your own which will describe
>   how the injected value is generated by implementing a certain 
> interface.
>   - Register the custom context provider to the MSF4J
>   - Inject the value using @Context annotation (Ex:-
>   @Context(String key) Object[] arguments)
>
>
>1. *Have a Map map that could be injected using
>@Context annotation*
>
> Using this approach what you basically do is:
>
>
>- Add the arguments you need to inject using the @Context
>   annotation using @SetContext(String key, Object value). This can be 
> done
>   inside interceptors or HTTP methods
>   - Inject the value to using @Context(String key)
>
> WDYT?
>
> [1] Cus

Re: [Dev] Configuration Maven Plugin Repository

[Afkham Azeez]

Yeah same repo.

On Tue, Feb 28, 2017 at 8:50 PM, Vidura Nanayakkara 
wrote:

> Hi,
>
> In relation to the discussions, we had in "Invitation: C5 Carbon
> Configuration @ Mon Feb 27, 2017 2pm - 3pm (IST) (WSO2 Engineering Group)",
> we came to the conclusion that "org.wso2.carbon.configuration" should be
> moved to a separate repository.
>
> However, we did not discuss into which repository should the maven
> configuration plugin (org.wso2.carbon.extensions.configuration.maven.plugin)
> should belong. I am assuming it should be moved to the same repository as
> "org.wso2.carbon.configuration".
>
> WDYT?
>
> Best Regards,
>
> *Vidura Nanayakkara*
>
> Email : vidu...@wso2.com
> Mobile : +94 (0) 717 919277 <071%20791%209277>
> Web : http://wso2.com
>



-- 
*Afkham Azeez*
Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com
Member; Apache Software Foundation; http://www.apache.org/
* *
*email: **az...@wso2.com* 
* cell: +94 77 3320919blog: **http://blog.afkham.org*

*twitter: **http://twitter.com/afkham_azeez*

*linked-in: **http://lk.linkedin.com/in/afkhamazeez
*

*Lean . Enterprise . Middleware*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Traffic Manager HA deployment on DC/OS

[Pubudu Gunatilaka]

Hi,

Please go through the articles [1] and [2] which describes the scalable
traffic manager patterns.

[1] -
http://wso2.com/library/articles/2016/10/article-scalable-traffic-manager-deployment-patterns-for-wso2-api-manager-part-1/
[2] -
http://wso2.com/library/articles/2016/10/article-scalable-traffic-manager-deployment-patterns-for-wso2-api-manager-part-2/

Thank you!

On Tue, Feb 28, 2017 at 4:34 PM, JOSE MARIA ALVAREZ FERNANDEZ <
josemaria.alvarezfernan...@elcorteingles.es> wrote:

> Thank you all for your comments on this.
>
> We will try to follow the H2 approach, but we are facing another problem
> regarding the communication between Traffic Manager instances. As we are
> defining the service in DC/OS as one service, there is no good way to tell
> the node to replicate  the messages received from the APIGW only to the
> other TM instances. We have the idea to extend the jndi.properties parsing,
> to allow the use of the marathon API to get information about the other
> instances present in the service group. Could you give us a pointer to
> where we have to extend this to add the functionality?
>
> Thank you all,
>
> Jose Maria
>
> -Harsha Kumara  escribió: -
> Para: JOSE MARIA ALVAREZ FERNANDEZ  elcorteingles.es>
> De: Harsha Kumara 
> Fecha: 27/02/2017 07:51
> Cc: "WSO2 Developers' List" 
> Asunto: Re: [Dev] Traffic Manager HA deployment on DC/OS
>
>
> Hi Jose,
>
> On Thu, Feb 23, 2017 at 10:45 PM, JOSE MARIA ALVAREZ FERNANDEZ <
> josemaria.alvarezfernan...@elcorteingles.es> wrote:
>
>> Hi all,
>>
>> As you may know, we are implementing WSO2 in El Corte Ingles, and we are
>> trying to fit Traffic Manager in our architecture, based on DC/OS and
>> containers. We would like to know which approach you think it may be better
>> for the Traffic Manager component. As we are in a PaaS system, we would
>> like to be able to scale this system out without problems.
>>
>> a) It is our understanding that we have to create a different database
>> schema for every TM instance that we run. We would like to know if it is
>> possible to run this without having to create a new schema for every
>> component (that is, share the same schema). If we create a new schema, that
>> would force us to differentiate the component at DC/OS level, giving them
>> different configurations for different Traffic Manager instances.
>>
>
>> b) If that is not possible, we would like to know if it is possible to
>> run TM with H2 in memory. As there is nothing that should be persisted in
>> the TM schema, we thought that could be possible.
>>
> Message Broker(MB) instance running in TM required MB_STORE data source
> which shouldn't shared with TM instance.It's Ok to have H2 database for it.
> But by default, MB writes all messages first to the database. Enable HA in
> TM is same as enabling HA in CEP (https://docs.wso2.com/
> display/CLUSTER44x/Clustering+CEP+4.0.0). The additional JMS related
> changes need to be configured to communicate throttle decisions to the
> gateway nodes.
>
>>
>> If none of the options are viable, what deployment schema would be the
>> best for this component, taking into account that we would like to be
>> active/active (being able to scale out)?
>>
>> Thank you very much for your help and comments,
>>
>> Jose Maria.
>>
>>
>> www.elcorteingles.es
>>
>> 
>> ---
>> Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
>> contener información confidencial, siendo para uso exclusivo del
>> destinatario, quedando prohibida su divulgación copia o  distribución a
>> terceros sin la autorización expresa del remitente. Si Vd. ha recibido
>> este mensaje erróneamente, se ruega lo  notifique al remitente y
>> proceda a su borrado.
>> Gracias por su colaboración.
>>
>> This message (including any attachments) may contain confidential
>> information. It is intended for use by the recipient only. Any
>> dissemination, copying or distribution to third parties without the
>> express consent of the sender is strictly prohibited. If you have
>> received this message in error, please delete it immediately and
>> notify the sender.
>> Thank you for your collaboration.
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Harsha Kumara
> Software Engineer, WSO2 Inc.
> Mobile: +94775505618 <+94%2077%20550%205618>
> Blog:harshcreationz.blogspot.com
>
>
> www.elcorteingles.es
>
> 
> ---
>
> Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
> contener información confidencial, siendo para uso exclusivo del
> destinatario, quedando prohibida su divulgación copia o  distribución a
> terceros sin la autorización expresa del remitente. Si Vd. ha recibido
> este mensaje errónea

[Dev] Exceeding the 65535 bytes limit - idp-mgt-edit.jsp - method _jspService(HttpServletRequest, HttpServletResponse)

[Nisala Nanayakkara]

Hi all,

I am trying to upgrade tomcat version in carbon-kernel 4.4.11 from 7.0.73
to 7.0.75. After upgrading, I cannot access to Identity Provider’s add
page. It gives following error[1],

It seems like method ‘jspService(HttpServletRequest, HttpServletResponse)’
is hitting 64k limit. I have tried adding additional paramaters as follows
in to /conf/tomcat/web.xml

mappedfile
false


But it is not working also. So I think we need to refactor the jsp page[2].
WDYT ?

[1] -

An error occurred at line: [109] in the generated java file:
[wso2is-5.3.0/lib/tomcat/work/Catalina/localhost/_/proxytemp/hc_487567695/org/apache/jsp/idpmgt/idp_002dmgt_002dedit_jsp.java]
The code of method _jspService(HttpServletRequest, HttpServletResponse) is
exceeding the 65535 bytes limit

Stacktrace:
at
org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:103)
at
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:366)
at
org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:490)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:379)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:354)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:341)
at
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:662)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:364)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at
org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
at
org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
at
org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at
org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)
at
org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:603)
at
org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:542)
at
org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:37)
at
org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.include(ContextPathServletAdaptor.java:369)
at
org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:897)
at
org.apache.jasper.runtime.PageContextImpl.doInclude(PageContextImpl.java:688)
at
org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:682)
at sun.reflect.GeneratedMethodAccessor89.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.tiles.jsp.context.JspUtil.doInclude(JspUtil.java:87)
at
org.apache.tiles.jsp.context.JspTilesRequestContext.include(JspTilesRequestContext.java:88)
at
org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch(JspTilesRequestContext.java:82)
at
org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:465)
at
org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:140)
at
org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:117)
at
org.apache.tiles.jsp.taglib.RenderTagSupport.execute(RenderTagSupport.java:171)
at
org.apache.tiles.jsp.taglib.RoleSecurityTagSupport.doEndTag(RoleSecurityTagSupport.java:75)
at
org.apache.tiles.jsp.taglib.ContainerTagSupport.doEndTag(ContainerTagSupport.java:80)
at
org.apache.jsp.admin.layout.template_jsp._jspx_meth_tiles_005finsertAttribute_005f7(template_jsp.java:751)
at
org.apache.jsp.admin.layout.template_jsp._jspService(template_jsp.java:387)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
at org.apach

Re: [Dev] Exceeding the 65535 bytes limit - idp-mgt-edit.jsp - method _jspService(HttpServletRequest, HttpServletResponse)

[Darshana Gunawardana]

Hi Nisala,

With the kernel 4.4.11 we noticed the similar issue and reduced the content
of that page with commit [1].

Can you please follow similar approach and send a PR fixing this.

[1]
https://github.com/wso2/carbon-identity-framework/commit/c2ce2b81bce08b91eb94ef8a4581476c58199093

Thanks,

On Wed, Mar 1, 2017 at 12:54 PM, Nisala Nanayakkara  wrote:

> Hi all,
>
> I am trying to upgrade tomcat version in carbon-kernel 4.4.11 from 7.0.73
> to 7.0.75. After upgrading, I cannot access to Identity Provider’s add
> page. It gives following error[1],
>
> It seems like method ‘jspService(HttpServletRequest,
> HttpServletResponse)’ is hitting 64k limit. I have tried adding additional
> paramaters as follows in to /conf/tomcat/web.xml
> 
> mappedfile
> false
> 
>
> But it is not working also. So I think we need to refactor the jsp
> page[2]. WDYT ?
>
> [1] -
>
> An error occurred at line: [109] in the generated java file:
> [wso2is-5.3.0/lib/tomcat/work/Catalina/localhost/_/
> proxytemp/hc_487567695/org/apache/jsp/idpmgt/idp_002dmgt_
> 002dedit_jsp.java]
> The code of method _jspService(HttpServletRequest, HttpServletResponse)
> is exceeding the 65535 bytes limit
>
> Stacktrace:
> at org.apache.jasper.compiler.DefaultErrorHandler.javacError(
> DefaultErrorHandler.java:103)
> at org.apache.jasper.compiler.ErrorDispatcher.javacError(
> ErrorDispatcher.java:366)
> at org.apache.jasper.compiler.JDTCompiler.generateClass(
> JDTCompiler.java:490)
> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:379)
> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:354)
> at org.apache.jasper.compiler.Compiler.compile(Compiler.java:341)
> at org.apache.jasper.JspCompilationContext.compile(
> JspCompilationContext.java:662)
> at org.apache.jasper.servlet.JspServletWrapper.service(
> JspServletWrapper.java:364)
> at org.apache.jasper.servlet.JspServlet.serviceJspFile(
> JspServlet.java:395)
> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
> at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(
> ContextPathServletAdaptor.java:37)
> at org.eclipse.equinox.http.servlet.internal.
> ServletRegistration.service(ServletRegistration.java:61)
> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.
> processAlias(ProxyServlet.java:128)
> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.
> service(ProxyServlet.java:68)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.
> service(DelegationServlet.java:68)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:303)
> at org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:208)
> at org.apache.catalina.core.ApplicationDispatcher.invoke(
> ApplicationDispatcher.java:747)
> at org.apache.catalina.core.ApplicationDispatcher.doInclude(
> ApplicationDispatcher.java:603)
> at org.apache.catalina.core.ApplicationDispatcher.include(
> ApplicationDispatcher.java:542)
> at org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.
> include(RequestDispatcherAdaptor.java:37)
> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor$
> RequestDispatcherAdaptor.include(ContextPathServletAdaptor.java:369)
> at org.apache.jasper.runtime.JspRuntimeLibrary.include(
> JspRuntimeLibrary.java:897)
> at org.apache.jasper.runtime.PageContextImpl.doInclude(
> PageContextImpl.java:688)
> at org.apache.jasper.runtime.PageContextImpl.include(
> PageContextImpl.java:682)
> at sun.reflect.GeneratedMethodAccessor89.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.tiles.jsp.context.JspUtil.doInclude(JspUtil.java:87)
> at org.apache.tiles.jsp.context.JspTilesRequestContext.include(
> JspTilesRequestContext.java:88)
> at org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch(
> JspTilesRequestContext.java:82)
> at org.apache.tiles.impl.BasicTilesContainer.render(
> BasicTilesContainer.java:465)
> at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(
> InsertAttributeTag.java:140)
> at org.apache.tiles.jsp.taglib.InsertAttributeTag.render(
> InsertAttributeTag.java:117)
> at org.apache.tiles.jsp.taglib.RenderTagSupport.execute(
> RenderTagSupport.java:171)
> at org.apache.tiles.jsp.taglib.RoleSecurityTagSupport.doEndTag(
> RoleSecurityTagSupport.java:75)
> at org.apache.tiles.jsp.taglib.

[Dev] GSoC 2017 - Proposal 8: CLI tool for WSO2 API Manager

[Ayeshmantha Perera]

Hi All,

I'm Ayeshmantha Perera, from Sri Lanka Institute of Information Technology,
currently studying in the final (4th) year specializing in Software
Engineering.

I am interested in taking part in GSoC 2017 with WSO2 and and hope to apply
for the CLI tool on API Manager.

I have been following up the work done by the API Manager team of WSO2 and
went through the webinars that was handled by WSO2 API Manager team.

I have experienced  working on WSO2 API Manager in my previous working
experience as an Intern.And I'm experienced on WSO2 ESB and Also the WSO2
Data analytics server also.

Other than the experience on the products I have experience on working with
Go lang ,Java EE ,Maven,Git,OAuth2 protocol,JAX-RS,Spring ,Hibernater.And I
have 1 year experience on Node.js development, with Meanstack 1 and
Meanstack 2 and Also With React , Redux , Reactive Programming and Android,
Cross platform(React native ,Native Base.IO , Native Script , Ionic 2 ) And
also I have more than 2 year experience on working with .Net(Web pages ,
MVC , WEB API).
And also have experience with working on Azure , AWS also

And I'm getting familiar with SSO enabling that have been mentioned on the
subscription task.

For now I have wrote a blog on what I have done and also I have proposed my
solution for two tasks and also how to up and run with the product(Blog
URL:- http://gsocproposal8.blogspot.com/)


Considering above, I appreciate if you can guide me for getting started
with the project.

[1] [WSO2 Webinar : Introducing WSO2 API Manager for Complete API
Management]
https://www.youtube.com/watch?v=UcqW8o7I86Q

[2][WSO2Con USA 2015 : Extending and Customizing WSO2 API Manager]
https://www.youtube.com/watch?v=39bn6UL2R6I

Best Regards
Ayeshmantha
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev