from:"Asela Pathberiya"

[Dev] WSO2 Committers += Sajith Ekanayaka

2020-06-15 Thread Asela Pathberiya

Hi All,

It's my pleasure to announce Sajith Ekanayaka as a WSO2 Committer. He has
been a valuable contributor and enthusiast to the WSO2 IAM team.

In recognition of his contribution, dedication, and commitment, he has been
voted as a WSO2 committer.

Congratulations Sajith and keep up the good work...!!!

Thanks,
Asela.

-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Have we reviewed usefulness of interfaces ?

2019-02-18 Thread Asela Pathberiya

Hi IAM team,

This regarding [1]

I am just trying to write some extensions. It looks like that there is no
any useful method to update the token status.  Methods are more align with
the internal use cases not to use by external parties.

It is better if we can review these kind of interfaces.

[1]
https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/dao/AccessTokenDAO.java

Thanks,
Asela.
-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Identity Server 5.4.0 Beta Released !!!

2017-12-05 Thread Asela Pathberiya

On Fri, Dec 1, 2017 at 10:57 PM, Jayanga Kaushalya 
wrote:

> The WSO2 Identity and Access Management team is pleased to announce the
> release of WSO2 Identity Server 5.4.0 Beta.
>
> You can build the distribution from the source tag,
>
> Runtime: https://github.com/wso2/product-is/releases/tag/v5.4.0-beta
> Analytics: https://github.com/wso2/analytics-is/releases/tag/v5.4.0-beta
>
> following the steps given below.
>
> *Building from the source*
>
>1. Install Java8 or above
>2. Install Apache Maven 3.x.x(https://maven.apache.org/download.cgi#)
>3. Get the source,
>   - For the Runtime: Get a clone from https://github.com/wso2/p
>   roduct-is.git and checkout to v5.4.0-beta tag or you can directly
>   download the source for the tag from https://github.com/wso2/p
>   roduct-is/releases/tag/v5.4.0-beta
>   
>   - For the Analytics: Get a clone from https://github.com/wso2/
>   analytics-is.git and checkout to v5.4.0-beta tag or you can
>   directly download the source for the tag from
>   https://github.com/wso2/analytics-is/releases/tag/v5.4.0-beta
>   
>4. Run the one of the below maven commands from product-is directory,
>   - *mvn** clean install* (To build the binary and source
>   distributions with the tests)
>   - *mvn** clean install -Dmaven.test.skip=true* (To build the binary
>   and source distributions, without running any of the unit/integration 
> tests)
>5. You can find the,
>   - wso2is-5.4.0-beta.zip binary distribution in
>   product-is/modules/distribution/target directory.
>   - wso2is-analytics-5.4.0-beta.zip binary distribution in
>   analytics-is/modules/distribution/target directory.
>
> The following list contains all the features, improvements, and bug fixes
> available with the WSO2 Identity Server 5.4.0 Beta release.
>

What is reason for following two sections patch & bug.  What is the
difference ?

Thanks,
Asela.


>
>
> Patch
>
>- [IDENTITY-6198 ] - IS
>Authentication Flow Behavior Between Multiple Service Providers Not Handled
>- [IDENTITY-6924 ] - Add
>ability to sign SAML response using different key other than the private
>key defined in the primary keystore in the carbon.xml
>- [IDENTITY-6931 ] -
>Adding logout support for outbound WS-Federation(Passive)
>- [IDENTITY-6988 ] -
>ClientAuthHandler configuration in identity.xml only read last property in
>OAuthServerConfiguration
>
> Bug
>
>- [IDENTITY-2861 ] -
>Receive fault response from RemoteClaimManagerService
>- [IDENTITY-4331 ] - When
>you add Google Prov Connector in a SP OB Provisioning Configuration
>section, You cannot edit IDP again. Lead to a blank page and NPE
>- [IDENTITY-4655 ] -
>Google provisioning not working with IS 5.2.0 beta
>- [IDENTITY-4968 ] -
>Subject claim is returned in the incorrect format when subject claim uri is
>added/removed
>- [IDENTITY-5154 ] - When
>select Domain as PRIMARY Count users always set to -1
>- [IDENTITY-6102 ] -
>System claims can be modified by the User
>- [IDENTITY-6118 ] - Some
>properties of a Custom Inbound Authenticator is not displaying in UI
>properly
>- [IDENTITY-6286 ] - OIDC
>- Wrong claim value in ID token when multiple IDPs used through federated
>authentication
>- [IDENTITY-6345 ] - Ask
>passoword with management console (SOAP service)not working
>- [IDENTITY-6350 ] -
>Account gets locked even if the fails are not consecutive
>- [IDENTITY-6352 ] -
>cannot edit existing workflow without changing workflow name
>- [IDENTITY-6353 ] -
>cannot disable workflow engagements
>- [IDENTITY-6355 ] -
>secondary roles are not displayed when creating workflows in tenant mode
>- [IDENTITY-6361 ] -
>NumberFormatException with server startup with Oracle
>- [IDENTITY-6369 ] -
>Intermittent error when login in to dashboard after some idle time
>- [IDENTITY-6371

Re: [Dev] Introduce custom attributes to Identity Server embedded LDAP schema.

2017-12-04 Thread Asela Pathberiya

On Mon, Dec 4, 2017 at 12:48 PM, Isura Karunaratne  wrote:

> This is done with following PRs
>
> https://github.com/wso2-extensions/identity-userstore-ldap/pull/15/
>

> https://github.com/wso2/carbon-identity-framework/pull/1224
>
> Thanks
> Isura.
>
> On Wed, Nov 29, 2017 at 10:42 AM, Isura Karunaratne 
> wrote:
>
>>
>>
>> On Wed, Nov 29, 2017 at 10:16 AM, Isura Karunaratne 
>> wrote:
>>
>>> Hi all,
>>>
>>> We need to update the LDIF to support following attributes by default in
>>> the embedded LDAP.
>>>
>>>- verifyEmail
>>>- askPassword
>>>- forcePasswordReset
>>>- failedRecoveryAttempts
>>>- primaryChallengeQuestion
>>>- emailVerified
>>>- challengeQuestionUris
>>>- failedLockoutCount
>>>- lastLoginTime
>>>- lastPasswordUpdate
>>>- phoneVerified
>>>- accountDisabled
>>>
>>> It looks like updating identityPerson.ldif [1] file is not enough to
>>> cater to requirement and need to generate the is-default-schema.zip file as
>>> well.
>>>
>>

In PR, it seems to be that you are updated the ldif file.  Is there any
other thing which you did ?

Thanks,
Asela.


>
>>> What would be the best way to generate the is-default-schema.zip?
>>>
>>>
>>> [1] https://github.com/wso2-extensions/identity-userstore-ldap/b
>>> lob/master/features/org.wso2.carbon.ldap.server.server.featu
>>> re/resources/conf/identityPerson.ldif
>>>
>>> [2] https://github.com/wso2-extensions/identity-userstore-ld
>>> ap/blob/master/features/org.wso2.carbon.ldap.server.server.f
>>> eature/resources/conf/is-default-schema.zip
>>>
>>> --
>>>
>>> *Isura Dilhara Karunaratne*
>>> Associate Technical Lead | WSO2
>>> Email: is...@wso2.com
>>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>>> Blog : http://isurad.blogspot.com/
>>>
>>>
>>>
>>>
>>
>>
>> --
>>
>> *Isura Dilhara Karunaratne*
>> Associate Technical Lead | WSO2
>> Email: is...@wso2.com
>> Mob : +94 772 254 810 <+94%2077%20225%204810>
>> Blog : http://isurad.blogspot.com/
>>
>>
>>
>>
>
>
> --
>
> *Isura Dilhara Karunaratne*
> Associate Technical Lead | WSO2
> Email: is...@wso2.com
> Mob : +94 772 254 810 <+94%2077%20225%204810>
> Blog : http://isurad.blogspot.com/
>
>
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to configure the IS Dashboard for a IS cluster fronted by Nginx

2017-10-25 Thread Asela Pathberiya

On Tue, Oct 24, 2017 at 5:41 PM, Sashika Wijesinghe 
wrote:

> Hi All,
>
> We have configured two IS nodes fronted by Nginx and the site.json with
> server host details as below.
>
> {
> "proxy" : {
> "proxyHost" : "is.dev.wso2.org",
> "proxyHTTPSPort" : "443",
> "proxyContextPath" : "",
> "servicePath" : "/services"
> }
> }
>
>
> When I log in to the Management Console with the admin user,
> authentication was successful but failed to login to the IS Dashboard with
> admin user or any user who have permission to the IS Dashboard login.
>
> Following is the authentication exception logged in the terminal.
>
> Any suggestion to solve this issue is highly appreciated.
>

Don't we have a doc on configuring WSO2IS with Nginx  ?

Thanks,
Asela.

>
>
> TID: [-1234] [] [2017-10-24 05:28:50,683] ERROR {org.wso2.carbon.identity.
> authenticator.saml2.sso.SAML2SSOAuthenticator} -  Authentication Request
> is rejected. SAMLResponse AudienceRestriction validation failed.
> TID: [-1] [] [2017-10-24 05:28:50,683]  WARN {org.wso2.carbon.core.
> services.util.CarbonAuthenticationUtil} -  Failed Administrator login
> attempt 'admin@carbon.super[-1]' at [2017-10-24 05:28:50,683+]
> TID: [-1234] [] [2017-10-24 05:28:50,751]  WARN
> {org.wso2.carbon.server.admin.module.handler.AuthenticationHandler} -
>  Illegal access attempt at [2017-10-24 05:28:50,0751] from IP address
> 192.168.57.251 while trying to authenticate access to service
> WorkflowImplAdminService
>
> TID: [-1] [] [2017-10-24 05:28:49,939]  INFO {org.wso2.carbon.core.
> clustering.hazelcast.HazelcastClusterMessageListener} -  Received
> ClusteringMessage: org.wso2.carbon.identity.entitlement.
> PolicyStatusClusterMessage@d47e9b84
> TID: [-1234] [] [2017-10-24 05:28:50,778]  INFO
> {org.apache.axis2.transport.http.HTTPSender} -  Unable to sendViaPost to
> url[https://is.dev.wso2.org/services/WorkflowImplAdminService.
> WorkflowImplAdminServiceHttpsSoap11Endpoint/]
> org.apache.axis2.AxisFault: Transport error: 401 Error: Unauthorized
> at org.apache.axis2.transport.http.HTTPSender.handleResponse(HTTPSender.
> java:326)
> at org.apache.axis2.transport.http.HTTPSender.sendViaPost(
> HTTPSender.java:196)
> at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:77)
> at org.apache.axis2.transport.http.CommonsHTTPTransportSender.
> writeMessageWithCommons(CommonsHTTPTransportSender.java:451)
> at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(
> CommonsHTTPTransportSender.java:278)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
> at org.apache.axis2.description.OutInAxisOperationClient.send(
> OutInAxisOperation.java:430)
> at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(
> OutInAxisOperation.java:225)
> at org.apache.axis2.client.OperationClient.execute(
> OperationClient.java:149)
> at org.apache.axis2.client.ServiceClient.sendReceive(
> ServiceClient.java:554)
> at org.jaggeryjs.modules.ws.WSRequestHostObject.jsFunction_send(
> WSRequestHostObject.java:379)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
> at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386)
> at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
> at org.jaggeryjs.rhino.dashboard.controllers.login_logout.c1._
> c_getProfileList_3(/dashboard/controllers/login-logout/
> SAML2SSOAuthenticationClient.jag:98)
> at org.jaggeryjs.rhino.dashboard.controllers.login_logout.c1.
> call(/dashboard/controllers/login-logout/SAML2SSOAuthenticationClient.jag)
> at org.mozilla.javascript.optimizer.OptRuntime.
> callName0(OptRuntime.java:74)
> at org.jaggeryjs.rhino.dashboard.controllers.login_logout.c1._
> c_getBPSSessions_2(/dashboard/controllers/login-logout/
> SAML2SSOAuthenticationClient.jag:43)
> at org.jaggeryjs.rhino.dashboard.controllers.login_logout.c1.
> call(/dashboard/controllers/login-logout/SAML2SSOAuthenticationClient.jag)
> at org.mozilla.javascript.optimizer.OptRuntime.callName(
> OptRuntime.java:63)
> at org.jaggeryjs.rhino.dashboard.controllers.login_logout.c1._
> c_login_1(/dashboard/controllers/login-logout/
> SAML2SSOAuthenticationClient.jag:34)
> at org.jaggeryjs.rhino.dashboard.controllers.login_logout.c1.
> call(/dashboard/controllers/login-logout/SAML2SSOAuthenticationClient.jag)
> at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
> at org.jaggeryjs.rhino.dashboard.c6._c_script_0(/dashboard//acs.jag:67)
> at org.jaggeryjs.rhino.dashboard.c6.call(/dashboard//acs.jag)
> at org.mozilla.javascript.ContextFactory.doTopCall(
> ContextFactory.java:394)
> at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRunti

Re: [Dev] Regarding auth_time claim in OIDC id_token

2017-08-29 Thread Asela Pathberiya

On Tue, Aug 29, 2017 at 4:29 PM, Hasini Witharana  wrote:

> Hi Asela,
>
> If SP sends a force auth request, we update the existing session.
>

So;  Are we generating new auth_time when session is updated ?


>
> Thanks,
> Hasini
>
>
>
> On Wed, Aug 23, 2017 at 1:27 PM, Asela Pathberiya  wrote:
>
>>
>>
>> On Wed, Aug 23, 2017 at 12:46 PM, Hasini Witharana 
>> wrote:
>>
>>> Hi,
>>>
>>> In the OIDC specification auth_time is defined as below.[1]
>>>
>>> Time when the End-User authentication occurred. Its value is a JSON
>>> number representing the number of seconds from 1970-01-01T0:0:0Z as
>>> measured in UTC until the date/time. When a max_age request is made or
>>> when auth_time is requested as an Essential Claim, then this Claim is
>>> REQUIRED; otherwise, its inclusion is OPTIONAL.
>>>
>>> In the current implementation when the user is authenticated for the
>>> first time using user credentials, auth_time is considered as the session
>>> created time. After that when user is implicitly login in using a cookie
>>> without giving user credentials, auth_time is considered as session updated
>>> time.
>>>
>>
>> If SP sends a force authe request,  Are we creating a new session or
>> update the existing session ?
>>
>> If max_age is expired,  Does SP need to send a force auth request or just
>> an authentication request ?
>>
>> Thanks,
>> Asela.
>>
>>>
>>> As I think the auth_time should be the first time user authenticated
>>> using credentials.
>>> [2] is the fix made for this issue.
>>>
>>> Thank you.
>>>
>>> [1] - http://openid.net/specs/openid-connect-core-1_0.html
>>> [2] - https://github.com/wso2-extensions/identity-inbound-auth-oau
>>> th/pull/455
>>>
>>> --
>>>
>>> *Hasini Witharana*
>>> Software Engineering Intern | WSO2
>>>
>>>
>>> *Email : hasi...@wso2.com *
>>>
>>> *Mobile : +94713850143 <+94%2071%20385%200143>[image:
>>> http://wso2.com/signature] <http://wso2.com/signature>*
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933 <+94%2077%20762%205933>
>>  +358 449 228 979
>>
>> http://soasecurity.org/
>> http://xacmlinfo.org/
>>
>
>
>
> --
>
> *Hasini Witharana*
> Software Engineering Intern | WSO2
>
>
> *Email : hasi...@wso2.com *
>
> *Mobile : +94713850143 <+94%2071%20385%200143>[image:
> http://wso2.com/signature] <http://wso2.com/signature>*
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Audience(aud) value in OpenID Connect ID Token vs Token Introspection response

2017-08-23 Thread Asela Pathberiya

On Wed, Aug 23, 2017 at 1:58 PM, Gayan Gunawardana  wrote:

>
>
> On Wed, Aug 23, 2017 at 1:46 PM, Asela Pathberiya  wrote:
>
>>
>>
>> On Tue, Aug 22, 2017 at 11:32 AM, Gayan Gunawardana 
>> wrote:
>>
>>> According to OpenID connect specification [1] "aud" value is client id
>>> with identifiers for other audiences.
>>>
>>>  {
>>>"iss": "https://server.example.com";,
>>>"sub": "24400320",
>>>"aud": "s6BhdRkqt3",
>>>"nonce": "n-0S6_WzA2Mj",
>>>"exp": 1311281970,
>>>"iat": 1311280970,
>>>"auth_time": 1311280969,
>>>"acr": "urn:mace:incommon:iap:silver"
>>>   }
>>>
>>> But in token introspection "aud" value is more like service provider URL
>>> with identifiers for other audiences.
>>>
>>
>> Where is it mentioned that it must be the SP URL.  I guess it must be
>> some kind of identification such as client id.  Isn't it ?
>>
> Yes no it is not a URL but kind of URI which represent service provider.
> According to offline chat had with Ruwan in Oauth/OpenID connect
> configuration there should be a way to configure Audiences like in SAML.
>

I do not think it is mentioned as URI.   +1 Yes. we need to allow to
configure multiple values & keep the client id as default.


>
>>
>>>
>>>  {
>>>   "active": true,
>>>   "client_id": "l238j323ds-23ij4",
>>>   "username": "jdoe",
>>>   "scope": "read write dolphin",
>>>   "sub": "Z5O3upPC88QrAjx00dis",
>>>   "aud": "https://protected.example.net/resource";,
>>>   "iss": "https://server.example.com/";,
>>>   "exp": 1419356238,
>>>   "iat": 1419350238,
>>>   "extension_field": "twenty-seven"
>>>  }
>>>
>>> Can we have different Audience values for token introspection response
>>> and ID Token ? If not we can have both as Audience values.
>>>
>>> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken
>>> [2] https://tools.ietf.org/html/rfc7662#section-2.2
>>>
>>> Thanks,
>>> Gayan
>>>
>>> --
>>> Gayan Gunawardana
>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
>>> Email: ga...@wso2.com
>>> Mobile: +94 (71) 8020933
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933 <+94%2077%20762%205933>
>>  +358 449 228 979
>>
>> http://soasecurity.org/
>> http://xacmlinfo.org/
>>
>
>
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Audience(aud) value in OpenID Connect ID Token vs Token Introspection response

2017-08-23 Thread Asela Pathberiya

On Tue, Aug 22, 2017 at 11:32 AM, Gayan Gunawardana  wrote:

> According to OpenID connect specification [1] "aud" value is client id
> with identifiers for other audiences.
>
>  {
>"iss": "https://server.example.com";,
>"sub": "24400320",
>"aud": "s6BhdRkqt3",
>"nonce": "n-0S6_WzA2Mj",
>"exp": 1311281970,
>"iat": 1311280970,
>"auth_time": 1311280969,
>"acr": "urn:mace:incommon:iap:silver"
>   }
>
> But in token introspection "aud" value is more like service provider URL
> with identifiers for other audiences.
>

Where is it mentioned that it must be the SP URL.  I guess it must be some
kind of identification such as client id.  Isn't it ?


>
>  {
>   "active": true,
>   "client_id": "l238j323ds-23ij4",
>   "username": "jdoe",
>   "scope": "read write dolphin",
>   "sub": "Z5O3upPC88QrAjx00dis",
>   "aud": "https://protected.example.net/resource";,
>   "iss": "https://server.example.com/";,
>   "exp": 1419356238,
>   "iat": 1419350238,
>   "extension_field": "twenty-seven"
>  }
>
> Can we have different Audience values for token introspection response and
> ID Token ? If not we can have both as Audience values.
>
> [1] http://openid.net/specs/openid-connect-core-1_0.html#IDToken
> [2] https://tools.ietf.org/html/rfc7662#section-2.2
>
> Thanks,
> Gayan
>
> --
> Gayan Gunawardana
> Senior Software Engineer; WSO2 Inc.; http://wso2.com/
> Email: ga...@wso2.com
> Mobile: +94 (71) 8020933
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding auth_time claim in OIDC id_token

2017-08-23 Thread Asela Pathberiya

On Wed, Aug 23, 2017 at 12:46 PM, Hasini Witharana  wrote:

> Hi,
>
> In the OIDC specification auth_time is defined as below.[1]
>
> Time when the End-User authentication occurred. Its value is a JSON number
> representing the number of seconds from 1970-01-01T0:0:0Z as measured in
> UTC until the date/time. When a max_age request is made or when auth_time
> is requested as an Essential Claim, then this Claim is REQUIRED; otherwise,
> its inclusion is OPTIONAL.
>
> In the current implementation when the user is authenticated for the first
> time using user credentials, auth_time is considered as the session created
> time. After that when user is implicitly login in using a cookie without
> giving user credentials, auth_time is considered as session updated time.
>

If SP sends a force authe request,  Are we creating a new session or update
the existing session ?

If max_age is expired,  Does SP need to send a force auth request or just
an authentication request ?

Thanks,
Asela.

>
> As I think the auth_time should be the first time user authenticated using
> credentials.
> [2] is the fix made for this issue.
>
> Thank you.
>
> [1] - http://openid.net/specs/openid-connect-core-1_0.html
> [2] - https://github.com/wso2-extensions/identity-inbound-
> auth-oauth/pull/455
>
> --
>
> *Hasini Witharana*
> Software Engineering Intern | WSO2
>
>
> *Email : hasi...@wso2.com *
>
> *Mobile : +94713850143 <+94%2071%20385%200143>[image:
> http://wso2.com/signature] *
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Introducing a new attribute in CacheConfig for persistence

2017-07-28 Thread Asela Pathberiya

On Fri, Jul 28, 2017 at 2:56 PM, Johann Nallathamby  wrote:

> Do you think we can live with these two kind of caches only? I am not sure.
>

Above properties for only the caches which are in framework. Basically to
handle the end user's session related stuff..  I do not think we need
separate configuration for each caches in framework.

But;  Yes.  we can consider separate configurations for other caches in
different components.

+1 If above configurations ("SessionDataPersist") are used by other
components such as OAuth2  it is wrong.  We need to fix with different
configuration.

Thanks,
Asela.


> May be others from IAM team can chip in. My objective is to use sticky
> sessions as much as possible and persist as less as possible, make the
> flows optimized. If there are no limitations in this I am fine
>

> E.g. SAML2 SSO and OAuth2 should work in a single setup without any issue
> and I want be able to disable all kind of temporary caches for SAML2 SSO
> because it can take advantage of sticky sessions, only having the user SSO
> session cache and SAML2 participant cache persisted, while for OAuth2 we
> need to persist some additional caches such AuthorizationGrantCache because
> it is used from Token endpoint which can't use sticky sessions. Is this
> possible now? If it's possible then it's fine and my thinking may be wrong.
>
> Regards,
> Johann.
>
> On Fri, Jul 28, 2017 at 2:13 PM, Asela Pathberiya  wrote:
>
>>
>>
>> On Fri, Jul 28, 2017 at 12:42 PM, Johann Nallathamby 
>> wrote:
>>
>>> Hi,
>>>
>>> What do you think about introducing $subject to selectively persist each
>>> and every cache we have? Right now I think all the caches are controlled by
>>> just two attributes "SessionDataPersist.Enabled" and
>>> "SessionDataPersist.Temporary". This classification is too broad I
>>> think with the recent performance issues we faced. So shall we do $subject?
>>>
>>
>> IMO;  we have used above two properties when it comes to persist the end
>> user's SSO session.  There may be few caches which governs by the
>> "SessionDataPersist.Temporary" property.  Do we really need multiple
>> properties for each caches ?  What is the actual use of it ? I suspect it
>> would make configuration more complex.
>>
>> Thanks,
>> Asela.
>>
>>
>>> I think the change won't take that much effort. May be about 30mins for
>>> Farasath :)
>>>
>>> Thanks & Regards,
>>> Johann.
>>>
>>> --
>>>
>>> *Johann Dilantha Nallathamby*
>>> Senior Lead Solutions Engineer
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+9476950*
>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933 <+94%2077%20762%205933>
>>  +358 449 228 979
>>
>> http://soasecurity.org/
>> http://xacmlinfo.org/
>>
>
>
>
> --
> Thanks & Regards,
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Introducing a new attribute in CacheConfig for persistence

2017-07-28 Thread Asela Pathberiya

On Fri, Jul 28, 2017 at 12:42 PM, Johann Nallathamby 
wrote:

> Hi,
>
> What do you think about introducing $subject to selectively persist each
> and every cache we have? Right now I think all the caches are controlled by
> just two attributes "SessionDataPersist.Enabled" and
> "SessionDataPersist.Temporary". This classification is too broad I think
> with the recent performance issues we faced. So shall we do $subject?
>

IMO;  we have used above two properties when it comes to persist the end
user's SSO session.  There may be few caches which governs by the
"SessionDataPersist.Temporary" property.  Do we really need multiple
properties for each caches ?  What is the actual use of it ? I suspect it
would make configuration more complex.

Thanks,
Asela.

> I think the change won't take that much effort. May be about 30mins for
> Farasath :)
>
> Thanks & Regards,
> Johann.
>
> --
>
> *Johann Dilantha Nallathamby*
> Senior Lead Solutions Engineer
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - *+9476950*
> Blog - *http://nallaa.wordpress.com *
>

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] Why we use timestampSkew default value as 300 seconds in identity.xml, why not 0 seconds.

2017-05-31 Thread Asela Pathberiya

On Wed, May 31, 2017 at 1:08 PM, Farasath Ahamed  wrote:

>
> On Wed, May 31, 2017 at 12:28 PM, Thanuja Jayasinghe 
> wrote:
>
>> Hi Dinali,
>>
>> Consider the following calculation.
>>
>> expiry time = issuedTimeInMillis + validityPeriodMillis -
>> (System.currentTimeMillis() - timestampSkew)
>>
>> So actually token is valid for (validityPeriodMillis + timestampSkew)
>> seconds. This additional time is added to avoid the error occurred due to
>> the time synchronization issues between servers.
>>
>> If your servers are perfectly synced then you can use timestampSkew
>> value as 0.
>>
>
> If we do not have any reasoning behind this 300s value the shouldn't our
> default value be 0 as Dinali has suggested?
>

Yes.  Best practice is to syn server's time properly.  +1 keeping  0 as the
default value..


>
>
>> Thanks,
>> Thanuja
>>
>>
>> On Wed, May 31, 2017 at 12:01 PM, Dinali Dabarera 
>> wrote:
>>
>>> Hi All,
>>>
>>> In our identity.xml the default timeStampScrew value is used as 300
>>> seconds. Shouldn't this be 0 seconds?
>>>
>>> Because when we are getting a token from password grant type again and
>>> again *without a time delay*, the expiry time of the token
>>> increases than its accepted value because of this equation we are using.
>>>
>>> expiry time = issuedTimeInMillis + validityPeriodMillis - (System.
>>> currentTimeMillis() - timestampSkew);
>>>
>>> Since timestampSkew = 300 seconds, validityPeriodMillis = 3600 seconds,
>>> therefore, expiry time = 3644 seconds which can not be happened.
>>>
>>> Therefore, it is better to have the default timeStampScrew value as 0
>>> seconds in order to get correct results.
>>>
>>>
>>> Thanks!
>>>
>>> --
>>> *Dinali Rosemin Dabarera*
>>> Software Engineer
>>> WSO2 Lanka (pvt) Ltd.
>>> Web: http://wso2.com/
>>> Email : gdrdabar...@gmail.com
>>> LinkedIn 
>>> Mobile: +94770198933 <+94%2077%20019%208933>
>>>
>>>
>>>
>>>
>>> 
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> *Thanuja Lakmal*
>> Associate Technical Lead
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891
>>
>> ___
>> Architecture mailing list
>> architect...@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] NoSecurity Module for Rampart

2017-04-28 Thread Asela Pathberiya

On Fri, Apr 28, 2017 at 7:49 PM, Mukesh Yadav  wrote:

> Hi,
>
> Is there any latest code from this repository,
>
> https://svn.wso2.org/repos/wso2/people/asela/ws-security/no-security/
>

You can use above...  it is an axsi2 handler..  Therefore it can be used
with any version as handler api has not been changed.


>
> How do I use it in AS 5.3.0 ?
>

>
> --
> Regards
> Mukesh Yadav
> mukeshyadav.com
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] What is the proper configurations for caching in WSO2IS 5.2.0/5.3.0 versions.

2017-02-15 Thread Asela Pathberiya

Hi Devs,

Default configurations of the WSO2IS 5.2.0/5.3.0 have been defined to
switch off the framework level caching.

Once you disable the caching;  when single user is authenticated
with WSO2IS using SSO,  there are around 12 INSERT queries in to database.

It is important to know the exact recommendation for WSO2IS 5.2.0/5.3.0 as
we can not found them in docs [1].

Can someone please update docs with proper recommendation ?

[1]
https://docs.wso2.com/display/IS530/Deployment+Guidelines+in+Production
https://docs.wso2.com/display/IS530/Performance+Tuning+Recommendations
https://docs.wso2.com/display/IS530/Enabling+Authentication+
Session+Persistence


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Current time is not picked by XACML engine

2016-10-30 Thread Asela Pathberiya

On Sun, Oct 30, 2016 at 8:07 PM, Pulasthi Mahawithana 
wrote:

> Hi,
>
> I wrote a XACML policy which has a rule involving the current time. When a
> request is made the XACML response is given as below.
>
> <
> Result>Indeterminate Value="urn:oasis:names:tc:xacml:1.0:status:missing-
> attribute"/>Couldn't find AttributeDesignator
> attribute
> http://www.w3.org/
> 2001/XMLSchema#time" Category="urn:oasis:names:tc:
> xacml:3.0:attribute-category:environment" >
> 
>
> Although the "CurrentEnvModule" class is able to provide the current time.
> It is not not even called.
>
> When I debugged for the reason, I found out that at [1], the callHelper
> method (which will pick the missing values from attribute finders) is not
> called when the 'mapAttributes' do not have the category of the missing
> attribute. Since the 'mappedAttributes' are taken from the XACML request,
> according to the current implementation, The request should have at least
> one attribute each from the categories we include in the policy. In my case
> I need to send an attribute from "urn:oasis:names:tc:xacml:3.0:
> attribute-category:environment" category in the XACML request in order to
> get the current time.
>
> Is this intentional? Shouldn't we move the code at [1] to L146?
>

Yes.. it seems to be.  Please check line 5277 in XACML spec [2]

[2] http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf


>
> [1] https://github.com/wso2/balana/blob/master/modules/
> balana-core/src/main/java/org/wso2/balana/ctx/xacml3/
> XACML3EvaluationCtx.java#L142-L144
> --
> *Pulasthi Mahawithana*
> Senior Software Engineer
> WSO2 Inc., http://wso2.com/
> Mobile: +94-71-5179022
> Blog: http://blog.pulasthi.org
>
> 
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Public cert download link not seen in the custom tenant keystore

2016-10-17 Thread Asela Pathberiya

On Mon, Oct 17, 2016 at 5:33 PM, Niranda Perera  wrote:

> Hi all,
>
> I have replaced my tenant keystore with a another keystore following this
> blog from Asela [1]
>
> One thing I noticed while doing this is, the Public cert download link
> does not appear in the subsequently added keystores. Please refer the
> screenshots attached.
>
> 
>  before.jpg
> 
> 
>  after.jpg
> 
> 
>
> Is this the expected behavior? or is it a problem in creating the KS?
>

Yes.  There is some registry association for public key & certificate is
stored separately.  But;  when you manually create a keystore/password.
You have the public key.  Therefore we may not need to download it
separately.


>
> Best 
>
> [1] http://xacmlinfo.org/2014/11/05/how-to-changing-the-prim
> ary-keystore-of-a-tenant-in-carbon-products/
>
> --
> *Niranda Perera*
> Software Engineer, WSO2 Inc.
> Mobile: +94-71-554-8430
> Twitter: @n1r44 
> https://pythagoreanscript.wordpress.com/
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Extract SSL certificate information from org.apache.http.nio.reactor.ssl.SSLIOSession

2015-07-20 Thread Asela Pathberiya

On Mon, Jul 20, 2015 at 12:44 PM, Jagath Sisirakumara Ariyarathne
 wrote:
> Hi,
>
> I am working on JIRA issue[1] and need to extract SSL session's certificate
> from SSLIOSession and set it to Axis2MessageContext. With the patch done
> in[2], we can obtain this from "ssl.client.auth.cert.X509" attribute in
> httpcore-nio_4.2.3.
>
> But the latest ESB 4.9.0 is using httpcore-nio_4.3.3. Rather than updating
> in httpcore-nio, we can get this information directly from SSLIOSession at
> ServerWorker level and set it to message context. Is there any problem with
> this approach?

Yes. It would be fine.. If it is available for Axis2 handlers.. AFAIK,
this property is read by Axis2 handlers (rampart)..

Thanks,
Asela.

>
> [1] - https://wso2.org/jira/browse/ESBJAVA-3857
> [2] - https://wso2.org/jira/browse/ESBJAVA-2390
>
> Thanks.
> --
> Jagath Ariyarathne
> Technical Lead
> WSO2 Inc.  http://wso2.com/
> Email: jaga...@wso2.com
> Mob  : +94 77 386 7048
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV] Identity Server Federated Authentication with Google not working?

2015-07-16 Thread Asela Pathberiya

On Thu, Jul 16, 2015 at 1:54 PM, Malaka Silva  wrote:
> Hi,
>
> I tried to setup the $subject and it seems it's not supported with google
> anymore.
>
> Getting the following error. Is there any solution for this?

You can use Openid Connect to integrate with google and WSO2IS 5.0.0.
Please check here [1]

[1] http://xacmlinfo.org/2014/12/02/621/

Thanks,
Asela.

>
> OpenID 2.0 for Google Accounts has gone away--
>
> Best Regards,
>
> Malaka Silva
> Senior Tech Lead
> M: +94 777 219 791
> Tel : 94 11 214 5345
> Fax :94 11 2145300
> Skype : malaka.sampath.silva
> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
> Blog : http://mrmalakasilva.blogspot.com/
>
> WSO2, Inc.
> lean . enterprise . middleware
> http://www.wso2.com/
> http://www.wso2.com/about/team/malaka-silva/
>
> Save a tree -Conserve nature & Save the world for your future. Print this
> email only if it is absolutely necessary.



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [User-core][Authentication] Multiple requests to LDAP/AD when authentication fails

2015-06-26 Thread Asela Pathberiya

This has been done to support multiple DN pattern  which is fixed for
ticket [1]. If we just return the false,  there can be some problem
with it.  Therefore we need to check whether multiple DN has been
configured or not and then return the "false"

[1] https://wso2.org/jira/browse/CARBON-13631

Thanks,
Asela.

On Thu, Jun 25, 2015 at 6:14 PM, Damith Senanayake  wrote:
> Sorry, in the above code the section
> if (name != null) {
> try {
> if (debug) {
> log.debug("Cache hit. Using DN " + name);
> }
> bValue = this.bindAsUser(userName,name, (String)
> credential);
> } catch (NamingException e) {
> // do nothing if bind fails since we check for other DN
> // patterns as well.
> if (log.isDebugEnabled()) {
> log.debug("Checking authentication with UserDN " + name
> + "failed " +
> e.getMessage(), e);
> }
> }
>
> return bValue;
>
> }
>  should be changed as
>
> if (name != null) {
> try {
> if (debug) {
> log.debug("Cache hit. Using DN " + name);
> }
> bValue = this.bindAsUser(userName,name, (String)
> credential);
> } catch (NamingException e) {
> // do nothing if bind fails since we check for other DN
> // patterns as well.
> if (log.isDebugEnabled()) {
> log.debug("Checking authentication with UserDN " + name
> + "failed " +
> e.getMessage(), e);
> }
> }
>
>  if(bValue){
>   return bValue;
>  }
> }
>
>
>
> On Thu, Jun 25, 2015 at 6:11 PM, Damith Senanayake  wrote:
>>
>> in org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager.java, the
>> following section follows a logic as
>>
>> 1. Check cache for user RDN
>> -a) if RDN in cache, try authentication with User Store, and return true
>> if successful,
>> -b) if RDN in cache and authentication fails, continue,
>>
>> 2.  Try creating user RDN from UserDN Patterns, and attempt authentication
>> 3. If UserDN patterns are null,  try authentication from UserBase, and
>> attempt authentication.
>>
>> The code is as below
>>
>>  boolean debug = log.isDebugEnabled();
>>
>> if (userName == null || credential == null) {
>> return false;
>> }
>>
>> userName = userName.trim();
>>
>> String password = (String) credential;
>> password = password.trim();
>>
>> if (userName.equals("") || password.equals("")) {
>> return false;
>> }
>>
>> if (debug) {
>> log.debug("Authenticating user " + userName);
>> }
>>
>> boolean bValue = false;
>> // check cached user DN first.
>> String name = userCache.get(userName);
>> if (name != null) {
>> try {
>> if (debug) {
>> log.debug("Cache hit. Using DN " + name);
>> }
>> bValue = this.bindAsUser(userName,name, (String)
>> credential);
>> } catch (NamingException e) {
>> // do nothing if bind fails since we check for other DN
>> // patterns as well.
>> if (log.isDebugEnabled()) {
>> log.debug("Checking authentication with UserDN " +
>> name + "failed " +
>> e.getMessage(), e);
>> }
>> }
>>
>> return bValue;
>>
>> }
>>
>> // read list of patterns from user-mgt.xml
>> String patterns =
>> realmConfig.getUserStoreProperty(LDAPConstants.USER_DN_PATTERN);
>>
>> if (patterns != null && !patterns.isEmpty()) {
>>
>> if (debug) {
>> log.debug("Using UserDNPatterns " + patterns);
>> }
>>
>> // if the property is present, split it using # to see if
>> there are
>> // multiple patterns specified.
>> String[] userDNPatternList = patterns.split("#");
>> if (userDNPatternList.length > 0) {
>> for (String userDNPattern : userDNPatternList) {
>> name = MessageFormat.format(userDNPattern,
>>
>> escapeUsernameSpecialCharacters(userName,true));
>> if (debug) {
>> log.debug("Authenticating with " + name);
>> }
>> try {
>> if (name != null) {
>> bValue = this.bindAsUser(userName, name,
>> (String) credential);
>> if (bValue) {
>> userCache.put(userName, name);
>> break;
>> }
>> }
>>

Re: [Dev] XACML Sample Policy : Invalid Entitlement Policy

2015-06-20 Thread Asela Pathberiya

On Sat, Jun 20, 2015 at 11:07 AM, Abimaran Kugathasan 
wrote:

> I defined below policy,
>
> > PolicyId="SimplePolicy"
>> RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides"
>> Version="1.0">
>>
>>
>>   
>>  
>> 
>>> FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
>>   http://www.w3.org/2001/XMLSchema#string";>
>> http://localhost:8280/services/echo/
>>   > AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
>> Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
>> DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/>
>>
>>> FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
>>   http://www.w3.org/2001/XMLSchema#string";>read
>>   > AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"
>> Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="
>> http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/>
>>
>> 
>> > FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-is-in">
>>http://www.w3.org/2001/XMLSchema#string";>admin
>>http://wso2.org/claims/role";
>> Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
>> DataType="http://www.w3.org/2001/XMLSchema#string"; MustBePresent="true"/>
>> 
>>  
>>   
>>
>> 
>
>
>
> And, through Entitelment Mediator with ESB, when I send the request from a
> client with resource http://localhost:8280/services/echo/. I saw
> following debug logs in the ESB.
>
>
> [2015-06-20 11:03:33,315] DEBUG - EntitlementMediator Mediation for
> Entitlement started
> [2015-06-20 11:03:33,315] DEBUG - EntitlementCallbackHandler Service name
> http://abimaran:8280/services/echo/
> [2015-06-20 11:03:33,315] DEBUG - EntitlementMediator Subject ID is :
> admin Resource ID is : http://abimaran:8280/services/echo//POST Action ID
> is : POST.
> [2015-06-20 11:03:33,358] DEBUG - EntitlementMediator Entitlement Decision
> is : NotApplicable
> [2015-06-20 11:03:33,358] DEBUG - EntitlementMediator User is not
> authorized to perform the action
>
> Anyone plese advise me, why XACML engine return NotApplicable? And why
> Resource ID is http://abimaran:8280/services/echo//POST?
>


PDP  usually can return  NotApplicable result when there is no any policy
or no matching policy in its PDP.  Above policy is evaluated to
NotApplicable as there are no any matching rules for given request.

Resource/User/Action are extracted from entitlement mediator using callback
handler [1]  It seems to be that  "EntitlementMediator" has some logic to
append the action in to it resource name.  So,  we can change the policy
and see..

[1]
http://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.entitlement.mediator/4.2.2/src/main/java/org/wso2/carbon/identity/entitlement/mediator/callback/EntitlementCallbackHandler.java

Thanks,
Asela.


>
> On Sat, Jun 20, 2015 at 10:54 AM, Abimaran Kugathasan 
> wrote:
>
>> [+Thanuja]
>>
>> On Sat, Jun 20, 2015 at 10:02 AM, Abimaran Kugathasan 
>> wrote:
>>
>>> Applied SP1 for a fresh IS and tested, still same errror.
>>>
>>> On Sat, Jun 20, 2015 at 9:46 AM, Abimaran Kugathasan 
>>> wrote:
>>>


 On Sat, Jun 20, 2015 at 9:04 AM, Abimaran Kugathasan >>> > wrote:

> Hi Harsha,
>
> Please find the policy.
>
>  RuleCombiningAlgId=
> "urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"
> xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">
> Sample XACML Authorization Policy.
> 
>  RuleId= "urn:oasis:names:tc:xacml:3.0:example:SimpleRule1"
> Effect="Permit">
> 
> Sample XACML Authorization Policy.
> 
> 
> 
> 
>  MatchId=
> "urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
> http://www.w3.org/2001/XMLSchema#string";
> >
> http://localhost:8280/services/echo/
>  MustBePresent="false"
> Category=
> "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
> AttributeId=
> "urn:oasis:names:tc:xacml:1.0:resource:resource-id"
> DataType="
> http://www.w3.org/2001/XMLSchema#string";
> />
> 
> 
> 
> 
> 
> 
>
> No, I haven't install any patches or SPs.
>
> On Sat, Jun 20, 2015 at 9:00 AM, Harsha Thir

Re: [Dev] CipherTool - Use of true/false flag in cipher-tool.properties

2015-06-09 Thread Asela Pathberiya

On Tue, Jun 9, 2015 at 12:23 PM, Niranjan Karunanandham
 wrote:
> Hi Asela,
>
> Currently I am refracting the CipherTool code and noticed that in
> cipher-tool.properties [1], it is mentioned to set the value after the xpath
> as false if xml element starts with capital letter else true. In the code
> [2], we check for this value, but it is not used. Shall I remove this
> parameter?

+1..  I am not exactly sure what is reason for putting this..  But i
remember that there is some check for case sensitive letters in
securevault [1].  But,  it can not be related to the
cipher-tool.properties file.

[1] 
http://svn.wso2.org/repos/wso2/trunk/commons/securevault/src/main/java/org/wso2/securevault/SecretResolverFactory.java

Thanks,
Asela.

>
> [1] -
> https://github.com/wso2/cipher-tool/blob/master/src/main/resources/cipher-tool.properties
> [2] -
> https://github.com/wso2/cipher-tool/blob/master/src/main/java/org/wso2/ciphertool/CipherTool.java
>
> Regards,
> Nira
> --
>
> Niranjan Karunanandham
> Senior Software Engineer - WSO2 Inc.
> WSO2 Inc.: http://www.wso2.com



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979

http://soasecurity.org/
http://xacmlinfo.org/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] isInList like function for two attributes in XACML

2015-04-21 Thread Asela Pathberiya

On Wed, Apr 22, 2015 at 9:54 AM, Rushmin Fernando  wrote:
> Say I have following attributes in my XACML request
>
> role = admin
> allowedRoles = admin, creator
>
> Is there a XACML function or a series of functions where i can determine
> whether the role in in the allowedRoles ?

I guess,  you can use "is-in" function.   You can find the description
about all the functions that are supported by default from here [1]

[1] (4014 A.3 Functions)
http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-cs-01-en.pdf

Thanks,
Asela.

>
> Thanks
> Rushmin
>
> --
> Rushmin Fernando
> Technical Lead
>
> WSO2 Inc. - Lean . Enterprise . Middleware
>
> email : rush...@wso2.com
> mobile : +94772310855
>
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Discuss] Configuring SAML SSO in ASP.NET MVC 4.5 with WSO2 IS

2015-03-29 Thread Asela Pathberiya

On Sun, Mar 29, 2015 at 5:48 PM, Imesh Gunaratne  wrote:
> Hi Devs,
>
> Has anyone tried $subject with WSO2 IS 5.0.0? I'm looking for a sample
> ASP.NET MVC 4.5 web application for this. I found this [1] which Chintana
> has written some time back.

AFAIK,  .Net does not support the SAML2 SSO by default.. You may need
to add some plugins for it...  But it supports the passive sts profile
as described in the article  [1]. This must work...  WSO2IS 5.0.0 has
been already integrated with  .net application using passive sts...
(but not sure about the sample .net client in article.. )

Thanks,
Asela.

>
> Appreciate your thoughts on this.
>
> [1]
> http://wso2.com/library/articles/2011/12/configuring-wso2-identity-server-passive-sts-aspnet-client/
>
> Thanks
>
> --
> Imesh Gunaratne
> Technical Lead
> WSO2 Inc: http://wso2.com
> T: +94 11 214 5345 M: +94 77 374 2057
> W: http://imesh.gunaratne.org
> Lean . Enterprise . Middleware
>

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Evaluating a specific XACML policy passing the policy ID

2015-03-22 Thread Asela Pathberiya

On Sun, Mar 22, 2015 at 2:27 PM, Farasath Ahamed  wrote:
> Hi Rushmin,
>
> I suppose you are planning to map the 'conditions' to policyIDs and reuse
> them.

Yes..  Policy target can be used to pick policies and rules..  But i
do not think,  it is good idea to model to send the policy id in the
XACML request.. Can't we use some other.. ?

Thanks,
Asela.

>
> AFAIK you can send the policyID as an attribute with the XACML request and
> add the policyID as in the target within the XACML Policy Target to achieve
> this. You can easily write an AttributeFinder module to get the policyID
> from wherever you plan to get it from(PolicyID mapped to 'conditions'). This
> works if you are planning to have a mapping of PolicyID for 'conditions' as
> you mentioned above.
>
> Alternatively you can also use  element to refer to a
> policy by its ID [1]
>
> [1]
> http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047116
> Adding @Asela for further opinion
>
> On Sun, Mar 22, 2015 at 7:47 AM, Rushmin Fernando  wrote:
>>
>> Thanks Farasath for your response.
>>
>> Yes, both would solve my problem.
>>
>> So you are saying that we can pass a policy id in the XACML request, so
>> that the XACML engine will only consider that policy when it comes to
>> evaluating ?
>>
>> Thanks
>> Rushmin
>>
>> On Sat, Mar 21, 2015 at 10:21 PM, Farasath Ahamed 
>> wrote:
>>>
>>> Hi Rushmin,
>>>
>>> So what you basically want is a XACML policy which becomes applicable
>>> based on a policy ID?
>>> or do you want to reuse 'conditions' generated by the user by say giving
>>> them a referenceID or something?
>>>
>>> I think both of which is possible in XACML 3.0. Can you elaborate more on
>>> the condition 'part' you have mentioned above?
>>>
>>> On Sat, Mar 21, 2015 at 1:16 PM, Rushmin Fernando 
>>> wrote:

 Hi IS Team,

 In App Manager we have the following requirement.

 1) App creator need to associate authorization rules for URL pattern +
 HTTP verb combinations

 2) They are given a UI to add a URL pattern, select an HTTP verb and
 then apply an authorization rule.

 3) App Manager uses XACML for these authorization rules.

 4) Since the 'resource' and 'action' parts of the XACML policy is
 determined the aforementioned UI inputs, user is only allowed to write the
 'condition' part. And the actual XACML policy is generated using these
 parts.

 5) But the thing is, we need to re-use these 'conditions'. We do it in
 App Manager level. But we end up with generating XACML policies for
 'resource' + 'action' combinations.

 Is there a way that we can have a single XACML policy which only has the
 condition 'part' and evaluate the XACML request using that specific policy
 (by giving the policy ID ) ?

 --
 Rushmin Fernando
 Technical Lead

 WSO2 Inc. - Lean . Enterprise . Middleware

 email : rush...@wso2.com
 mobile : +94772310855



 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev

>>>
>>>
>>>
>>> --
>>> Farasath Ahamed
>>> Software Engineering Intern
>>> WSO2 Inc.; http://wso2.com
>>>
>>> Mobile: +94 777 603 866
>>> E-Mail:  farasa...@wso2.com
>>> Blog: http://thepseudocode.blogspot.com/
>>
>>
>>
>>
>> --
>> Rushmin Fernando
>> Technical Lead
>>
>> WSO2 Inc. - Lean . Enterprise . Middleware
>>
>> email : rush...@wso2.com
>> mobile : +94772310855
>>
>>
>
>
>
> --
> Farasath Ahamed
> Software Engineering Intern
> WSO2 Inc.; http://wso2.com
>
> Mobile: +94 777 603 866
> E-Mail:  farasa...@wso2.com
> Blog: http://thepseudocode.blogspot.com/



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Use of UserDNPattern property in ADs

2015-02-25 Thread Asela Pathberiya

On Thu, Feb 26, 2015 at 11:44 AM, Harshan Liyanage  wrote:
> Hi,
>
> Why don't we use the UserDNPattern attribute in user-store configuration for
> AD? Is that not mandatory or no necessary at all?

It is not required. It can be used to improve the searching when there
is a flat user structure in your user/role base.  It is mentioned here
[1]

[1] 
https://docs.wso2.com/display/IS500/Working+with+Properties+of+Primary+User+Stores

Thanks,
Asela.
>
> [1].
> https://docs.wso2.com/display/IS500/Configuring+an+Active+Directory+User+Store
>
> Thanks,
>
> Lakshitha Harshan
> Software Engineer
> Mobile: +94724423048
> Email: hars...@wso2.com
> Blog : http://harshanliyanage.blogspot.com/
> WSO2, Inc. : wso2.com
> lean.enterprise.middleware.



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Client authentication for SAML2 Bearer Assertion Profiles

2015-02-20 Thread Asela Pathberiya

On Fri, Feb 20, 2015 at 3:55 PM, Dulanja Liyanage  wrote:
> IMO we should have a config like "strictClientCredentialValidation".
>
> true: must validate the credentials,
> false: validate only when credentials are available in the request.
>
> And this check should be done before hitting the BasicAuthClientAuthHandler,
> at the authentication manager level.
>
> We can start from there and then think about integration to the UI, which
> would be required especially because for mutitenancy scenarios.

+1  Sometimes we may need to enable/disable it based on the client
application...

Thanks,
Asela.

>
> On Fri, Feb 20, 2015 at 3:04 PM, Nuwandi Wickramasinghe 
> wrote:
>>
>> Hi,
>>
>> I have some concerns regarding JIRA issue [1]
>>
>> If client credentials are unavailable, is it ok to skip client
>> authentication process in issue() method
>> (org.wso2.carbon.identity.oauth2.token.AccessTokenIssuer) for SAML2 bearer
>> type ?
>>
>> Also should we give an option for user to select whether client
>> credentials are optional or not? And fail authentication if no credentials
>> are available and user says it's mandatory?
>>
>> [1] https://wso2.org/jira/browse/IDENTITY-3028
>> --
>>
>> Best Regards,
>>
>> Nuwandi Wickramasinghe
>>
>> Software Engineer
>>
>> WSO2 Inc.
>>
>> Web : http://wso2.com
>>
>> Mobile : 0719214873
>
>
>
>
> --
> Dulanja Liyanage
> WSO2 Inc.
> M: +94776764717
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to retrieve all the users from listUsers method in UserAdminStub

2015-01-26 Thread Asela Pathberiya

On Mon, Jan 26, 2015 at 7:03 PM, Punnadi Gunarathna  wrote:
> Hi All,
>
> I am using listUsers method in UserAdminStub found in
> org.wso2.carbon.user.mgt.stub 4.2.0.
> If my requirment is to get all the available users with a single call, what
> should be the maxLimit value.
>
> I had a offline chat with Pushpalanka and it was found out that the [1] does
> the final call to LDAP.
> According to [2] if 0 is passed, it will return all the entries. But
> according to [1]'s doListUsers method, if 0 is passed, it will return an
> empty array.
>
> If there is no user-mgt.xml associated, how to retrieve all the available
> users at once?

It seems to be -1 also is not working ?   It is noted to fix this for
next release.  However,  If you are using user/role management stuff
using WSO2IS APIs,  It is better if we can use
RemoteUserStoreManagerService[1]...  Because  UserAdmin has been
written to fulfill some UI requirements and it may not be simple as
RemoteUserStoreManagerService.  As i remember,  it would work for -1
to retrieve all users..

[1] 
http://soasecurity.org/2013/12/10/user-role-management-with-wso2-identity-server-apis/

Thanks,
Asela.
>
> [1]
> https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/core/org.wso2.carbon.user.core/4.2.0/src/main/java/org/wso2/carbon/user/core/ldap/ReadOnlyLDAPUserStoreManager.java
>
> [2]
> http://docs.oracle.com/javase/7/docs/api/javax/naming/directory/SearchControls.html#setCountLimit%28long%29
>
> Please advice.
> --
> Thanks and Regards,
>
> Punnadi Gunarathna
> Senior Software Engineer,
> WSO2, Inc.; http://wso2.com
> Blog: http://hi-my-world.blogspot.com/
> Tel : 94 11 214 5345
> Fax :94 11 2145300
>
>
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] APIM 1.8.0 skips the user consent page by default ?

2015-01-14 Thread Asela Pathberiya

Hi APIM Team,

I just tried with APIM 1.8.0 fresh pack.  It seems to be that it skips
the user consent page by default.  Is there any reason for making it
as default behavior ?

We need to configure  following in identity.xml file to populate the
user consent page. Did we just miss to ship this configuration in
identity.xml file?

  
   false


Thanks,
Asela.

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Does it required to enable sticky sessions in a Identity Server 5.0 cluster?

2014-12-17 Thread Asela Pathberiya

On Wed, Dec 17, 2014 at 3:09 PM, Darshana Gunawardana  wrote:
> Hi folks,
>
> What is our stand for $subject?
>
> AFAIK, the new authentication framework doesn't depends on the tomcat
> session, so it doesn't required to have sticky session enable in the load
> balancer. (May be OpenID have a exception)
>
> But for management console operations, its required enable sticky sessions..
>
> What are the other concerns, if we disable sticky sessions in the load
> balancer?

I guess,  Framework is working without sticky session as it replicates
all states data...   Sometime,  OpenId may maintains some state in
session...  we could avoid it using caching as well...?

Yes.. I think, sticky session is required when accessing console and
admin services (can you basic auth as well)  using LB.

Thanks,
Aseka

>
> Thanks,
> Darshana
> --
> Regards,
>
> Darshana Gunawardana
> Software Engineer
> WSO2 Inc.; http://wso2.com
> E-mail: darsh...@wso2.com
> Mobile: +94718566859
> Lean . Enterprise . Middleware



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Reproducing IDENTITY-2552

2014-10-21 Thread Asela Pathberiya

On Tue, Oct 21, 2014 at 5:59 PM, Milinda Perera  wrote:
> Hi Asela,
>
> I'm working on [1]. Can you provide more information to reproduce that
> scenario. My current reproducing setup is travelocity[2] sample with two IS
> instances with SAML2 SSO based federated authentication to execute
> org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager.

You may need to use POST binding for Auth Request.. not HTTP redirect.

Thanks,
Asela.

>
> [1] https://wso2.org/jira/browse/IDENTITY-2552
> [2] https://docs.wso2.com/display/IS500/Configuring+SAML2+SSO
>
> Thanks,
> Milinda
>
> --
> Milinda Perera
> Software Engineer;
> WSO2 Inc. http://wso2.com ,
> Mobile: (+94) 714 115 032
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Add keystore info to https connector in catalina-server.xml

2014-10-18 Thread Asela Pathberiya

On Sat, Oct 18, 2014 at 5:19 PM, Johann Nallathamby  wrote:
> Hi Asela,
>
> On Fri, Oct 17, 2014 at 12:41 PM, Asela Pathberiya  wrote:
>>
>> On Fri, Oct 17, 2014 at 12:20 PM, KasunG Gajasinghe 
>> wrote:
>> >
>> > On Fri, Oct 17, 2014 at 12:14 PM, Darshana Gunawardana
>> > 
>> > wrote:
>> >>
>> >> Hi KasunG,
>> >>
>> >> So this means we gonna get rid of registry keystore in the carbon.xml
>> >> right?
>>
>> Then we have only one keystore in carbon.xml and It would be used for
>> encrypt/decrypt.. ?  But there are several other places that it has
>> been referred by default (Sign SAML, Pass through transport, Thrift
>> and so on). I think, it is better to have registry keystore that would
>> only be used for encrypt/decrypt.
>
>
> I thought SAML SSO uses KeyStore and not RegistryKeyStore for singing and
> encryption, because we need to sign and encrypt using super-tenant keys.

I meant we uses keystore (primary) for Sign SAML, Pass through
transport, Thrift  and so on.  Therefore it is not good to use it for
encrypt/decrypt as well... and it is better to keep separate keystore
(registry keystore ).

Thanks,
Asela.
>
> ESB transports' SSL configurations can be specified in axis2.xml if it has
> to be different from the one in carbon.xml right..? I am not sure of Thrift
> but we should be able to do the same there also.
>
> I fail to see the usage of two separate key stores in carbon.xml apart from
> all the SSL configurations. If SSL can be configured in other files then we
> should be able to live with one key store right? That will be the super
> tenant's primary key store. Unless you want to have a separate key store
> when encrypting stuff in the registry which is also OK. In that case also
> the registry key store should only be used for registry encryption, if we
> are using it for SAML signing it is wrong in my opinion.
>
> Thanks,
> Johann.
>>
>>
>> Thanks,
>> Asela.
>>
>> >>
>> >
>> > Yes.
>> >
>> >>
>> >> Thanks,
>> >> Darshana
>> >>
>> >> On Fri, Oct 17, 2014 at 12:04 PM, KasunG Gajasinghe 
>> >> wrote:
>> >>>
>> >>> Hi,
>> >>>
>> >>> In Carbon 4.3.0, we re-added the keyStore configuration to
>> >>> catalina-server.xml. It seems some products like ESB uses custom
>> >>> catalina-server.xml files. So, please make sure to update the
>> >>> customized
>> >>> catalina-server.xml to have the keystore configuration as follows.
>> >>>
>> >>> You need to add the following two attributes into your
>> >>> catalina-server.xml under the https connector.
>> >>>
>> >>>
>> >>>
>> >>> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks"
>> >>>   keystorePass="wso2carbon"
>> >>>
>> >>>
>> >>> @docs team, please note this change for Carbon 4.3.0.
>> >>>
>> >>> Regards,
>> >>> KasunG
>> >>>
>> >>>
>> >>> --
>> >>> Kasun Gajasinghe
>> >>> Senior Software Engineer, WSO2 Inc.
>> >>> email: kasung AT spamfree wso2.com
>> >>> linked-in: http://lk.linkedin.com/in/gajasinghe
>> >>> blog: http://kasunbg.org
>> >>>
>> >>>
>> >>>
>> >>> ___
>> >>> Dev mailing list
>> >>> Dev@wso2.org
>> >>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Regards,
>> >>
>> >> Darshana Gunawardana
>> >> Software Engineer
>> >> WSO2 Inc.; http://wso2.com
>> >> E-mail: darsh...@wso2.com
>> >> Mobile: +94718566859
>> >> Lean . Enterprise . Middleware
>> >
>> >
>> >
>> >
>> > --
>> > Kasun Gajasinghe
>> > Senior Software Engineer, WSO2 Inc.
>> > email: kasung AT spamfree wso2.com
>> > linked-in: http://lk.linkedin.com/in/gajasinghe
>> > blog: http://kasunbg.org
>> >
>> >
>> >
>> > ___
>> > Dev mailing list
>> > Dev@wso2.org
>> > http://wso2.org/cgi-bin/mailman/listinfo/dev
>> >
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933
>>  +358 449 228 979
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
>
> --
> Thanks & Regards,
>
> Johann Dilantha Nallathamby
> Associate Technical Lead & Product Lead of WSO2 Identity Server
> Integration Technologies Team
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - +9476950
> Blog - http://nallaa.wordpress.com



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Commit to Kernal patch009

2014-10-17 Thread Asela Pathberiya

On Thu, Oct 16, 2014 at 8:01 PM, Johann Nallathamby  wrote:
> Make it a private constant. And the user-mgt.xml change should be optional.

+ 1 Yes.. it have not been referred from any other.

Thanks,
Asela.
>
> Thanks,
> Johann.
>
> On Thu, Oct 16, 2014 at 7:52 PM, Isura Karunaratne  wrote:
>>
>> Adding asela
>>
>> On Thu, Oct 16, 2014 at 7:47 PM, Manoj Kumara  wrote:
>>>
>>> Hi Isura,
>>>
>>> This patch introduce a new public constant and new entry to the
>>> user-mgt.xml. We cannot add new API's using patches.
>>>
>>> Thanks,
>>> Manoj
>>>
>>>
>>> Manoj Kumara
>>> Software Engineer
>>> WSO2 Inc. http://wso2.com/
>>> lean.enterprise.middleware
>>> Mobile: +94713448188
>>>
>>> On Thu, Oct 16, 2014 at 9:16 AM, Isura Karunaratne 
>>> wrote:

 Hi All,

 Please commit following

 https://wso2.org/jira/browse/IDENTITY-2784


 Thanks
 Isura
 --
 Isura Dilhara Karunaratne
 Software Engineer

 Mob +94 772 254 810

>>>
>>
>>
>>
>> --
>> Isura Dilhara Karunaratne
>> Software Engineer
>>
>> Mob +94 772 254 810
>>
>
>
>
> --
> Thanks & Regards,
>
> Johann Dilantha Nallathamby
> Associate Technical Lead & Product Lead of WSO2 Identity Server
> Integration Technologies Team
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - +9476950
> Blog - http://nallaa.wordpress.com



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Add keystore info to https connector in catalina-server.xml

2014-10-17 Thread Asela Pathberiya

On Fri, Oct 17, 2014 at 12:20 PM, KasunG Gajasinghe  wrote:
>
> On Fri, Oct 17, 2014 at 12:14 PM, Darshana Gunawardana 
> wrote:
>>
>> Hi KasunG,
>>
>> So this means we gonna get rid of registry keystore in the carbon.xml
>> right?

Then we have only one keystore in carbon.xml and It would be used for
encrypt/decrypt.. ?  But there are several other places that it has
been referred by default (Sign SAML, Pass through transport, Thrift
and so on). I think, it is better to have registry keystore that would
only be used for encrypt/decrypt.

Thanks,
Asela.

>>
>
> Yes.
>
>>
>> Thanks,
>> Darshana
>>
>> On Fri, Oct 17, 2014 at 12:04 PM, KasunG Gajasinghe 
>> wrote:
>>>
>>> Hi,
>>>
>>> In Carbon 4.3.0, we re-added the keyStore configuration to
>>> catalina-server.xml. It seems some products like ESB uses custom
>>> catalina-server.xml files. So, please make sure to update the customized
>>> catalina-server.xml to have the keystore configuration as follows.
>>>
>>> You need to add the following two attributes into your
>>> catalina-server.xml under the https connector.
>>>
>>>
>>> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks"
>>>   keystorePass="wso2carbon"
>>>
>>>
>>> @docs team, please note this change for Carbon 4.3.0.
>>>
>>> Regards,
>>> KasunG
>>>
>>>
>>> --
>>> Kasun Gajasinghe
>>> Senior Software Engineer, WSO2 Inc.
>>> email: kasung AT spamfree wso2.com
>>> linked-in: http://lk.linkedin.com/in/gajasinghe
>>> blog: http://kasunbg.org
>>>
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>
>>
>>
>> --
>> Regards,
>>
>> Darshana Gunawardana
>> Software Engineer
>> WSO2 Inc.; http://wso2.com
>> E-mail: darsh...@wso2.com
>> Mobile: +94718566859
>> Lean . Enterprise . Middleware
>
>
>
>
> --
> Kasun Gajasinghe
> Senior Software Engineer, WSO2 Inc.
> email: kasung AT spamfree wso2.com
> linked-in: http://lk.linkedin.com/in/gajasinghe
> blog: http://kasunbg.org
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
 +358 449 228 979
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] XACML cache invalidation notification when changes are made to Identities

2014-09-09 Thread Asela Pathberiya

Hi Hasintha,

Sorry for late response

On Wed, Sep 3, 2014 at 6:37 PM, Hasintha Indrajee  wrote:
> Hi Asela,
>
> I am working on the issue [1]. Can you please elaborate bit on the cache
> implementation of PIP side in XACML. As far as I noticed, as a solution for
> the bug part of the issue, invalidating Attribute cache and Decision cache
> is sufficient when an update occurs to user information (when firing user
> management listener).
>
> Are we using hazelcast for caching in XACML ? If not do we need to send
> cluster messages on the event of cache invalidation ?. Has this been already
> implemented in any of the caches in XACML ?

Yes.. Entitlement component is using the Hazelcast...  Therefore you
do not need to send cluster messages...

>
> What are the usages (differences) of DecisionCache and
> DecisionInvalidationCache ?

Decision cache keeps the XACML request and response and it is a local
cache.   DecisionInvalidationCache cache is used to invalidate the
local caches in the cluster node when any update or API call is done.

Thanks,
Asela.

>
>
> [1] https://wso2.org/jira/browse/IDENTITY-2567
> [2] https://redmine.wso2.com/issues/2901 - redmine issue



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Commits to kernel patch0009

2014-08-06 Thread Asela Pathberiya

Hi Shameera,

There is no any API in user core patch...  We have only added a
private method.  As i got to know,  It is not allowed to add even
private method.  Therefore i modified the code and attached the patch
in to the jira.

AFAIK, there is no any caching API changes in caching.core as well...

Therefore i hope it is fine to apply the patches...

Adding Azeez...

Thanks,
Asela.

On Wed, Aug 6, 2014 at 2:13 PM, Shameera Rathnayaka  wrote:
> Hi Asela,
>
> As we discussed,  it is not allowed to do any API changes to 4.2.0 patches.
> So please reattached the patch removing all API changes. And the already
> attached patch can be applied to 4.3.0 git repo. So please send those as
> pull request.
>
> Thanks,
> Shameera.
>
>
> On Wed, Aug 6, 2014 at 1:02 PM, Asela Pathberiya  wrote:
>>
>> Hi All,
>>
>> Please commit following
>>
>> https://wso2.org/jira/browse/CARBON-14891
>> https://wso2.org/jira/browse/CARBON-14905
>>
>> Thanks,
>> Asela.
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933
>
>
>
>
> --
> Software Engineer - WSO2 Inc.
> email: shameera AT wso2.com , shameera AT apache.org
> phone:  +9471 922 1454
>
> Linked in : http://lk.linkedin.com/pub/shameera-rathnayaka/1a/661/561
> Twitter : https://twitter.com/Shameera_R



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Commits to kernel patch0009

2014-08-06 Thread Asela Pathberiya

Hi All,

Please commit following

https://wso2.org/jira/browse/CARBON-14891
https://wso2.org/jira/browse/CARBON-14905

Thanks,
Asela.

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Identity Sever: Cache $local$.PDP_DECISION_CACHE

2014-07-07 Thread Asela Pathberiya

Hi Daya,

It seems to be that,  there is some issue with the building the cache
and it has not been properly synchronized.  I created a jira [1] and
attached the possible patched jar file. It would be great, If you
could continue testing with patched jar file.

[1] https://wso2.org/jira/browse/IDENTITY-2594

Thanks,
Asela.

On Mon, Jul 7, 2014 at 11:00 AM, Daya Attapattu  wrote:
> I am running performance tests on EC2.  After several hours of running IS
> breaks with the message:
>
> [2014-07-07 05:19:45,182] ERROR
> {org.wso2.carbon.identity.entitlement.EntitlementService} -  Error occurred
> while evaluating XACML request
> javax.cache.CacheException: Cache $__local__$.PDP_DECISION_CACHE already
> exists
>
> Why is that?
>
> - Daya
>
> --
> Daya Atapattu
> WSO2 Inc.
> Phone: +94 77 047 4730, +1 203 484 7099
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS 4.6.0] New tenant creation error

2014-07-03 Thread Asela Pathberiya

On Sat, Jun 14, 2014 at 10:39 AM, Supun Nakandala
 wrote:
> Hi Prabath,
>
> I have attached the server side log herewith.

Are you able to resolve this issue ?  It seems to be error is
generating when doing password encryption using the certificate of
your keystore. May be some issue with your certificate. If you like,
you can provide the keystore, certificate or out put of it content?

Thanks,
Asela.

>
>
> On Sat, Jun 14, 2014 at 1:39 AM, Prabath Siriwardena 
> wrote:
>>
>> The error you attached does not help - its the client side error. There
>> should be a server side error too - please attach the complete error log.
>>
>> Thanks & regards,
>> -Prabath
>>
>>
>> On Fri, Jun 13, 2014 at 11:16 PM, Supun Nakandala
>>  wrote:
>>>
>>> Hi All,
>>>
>>> I have a IS 4.6.0 instance running which uses a custom jks key store.
>>> When I try to create a new tenant I get an error. I have attached the
>>> complete stack trace herewith. But if I use the default wso2carbon.jks key
>>> store I can successfully create a new tenant. In the custom key store I have
>>> only the private key and the server certificate. Do I need to add something
>>> more here?
>>>
>>> Thank you.
>>> Supun
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Prabath
>>
>> Twitter : @prabath
>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena
>>
>> Mobile : +94 71 809 6732
>>
>> http://blog.facilelogin.com
>> http://blog.api-security.org
>
>
>
>
> --
> Thank you
> Supun Nakandala
> Dept. Computer Science and Engineering
> University of Moratuwa
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Debug log prints every 2 seconds

2014-06-15 Thread Asela Pathberiya

On Sun, Jun 15, 2014 at 12:06 AM, Nirmal Fernando  wrote:

> IS 5.0;
>
> TID: [0] [IS] [2014-06-14 18:34:57,360] DEBUG
> {org.wso2.carbon.user.core.common.RealmCache} -  created authorization
> cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
> {org.wso2.carbon.user.core.common.RealmCache}
> TID: [0] [IS] [2014-06-14 18:34:59,444] DEBUG
> {org.wso2.carbon.user.core.common.RealmCache} -  created authorization
> cache : org.wso2.carbon.caching.impl.CacheImpl@922bea56
> {org.wso2.carbon.user.core.common.RealmCache}
>

I think, debug log is little bit confusing [1]. Cache Manager would return
the same cache instance...

[1]
http://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/patches/patch0008/core/org.wso2.carbon.user.core/4.2.0/src/main/java/org/wso2/carbon/user/core/common/RealmCache.java

Thanks,
Asela.


>
> --
>
> Thanks & regards,
> Nirmal
>
> Senior Software Engineer- Platform Technologies Team, WSO2 Inc.
> Mobile: +94715779733
> Blog: http://nirmalfdo.blogspot.com/
>
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Identity Server 5.0.0 - chpasswd.sh not working

2014-06-10 Thread Asela Pathberiya

On Mon, Jun 9, 2014 at 3:23 PM, Samisa Abeysinghe  wrote:
> Should not this script help with LDAP too?

Normally LDAP are maintained by separate tools. Therefore i think,  it
is fine to use them.  With JDBC, it is a user store that is related to
Carbon.  However, we can modify the chpasswd as well.. [1]. I do not
think, it would not be a major issue to fix.

[1] https://wso2.org/jira/browse/IDENTITY-2549

Thanks,
Asela.

>
> Thanks,
> Samisa...
>
>
> Samisa Abeysinghe
>
> Vice President Delivery
>
> WSO2 Inc.
> http://wso2.com
>
>
>
> On Mon, Jun 9, 2014 at 11:23 AM, Asela Pathberiya  wrote:
>>
>> On Mon, Jun 9, 2014 at 1:30 AM, Samisa Abeysinghe  wrote:
>> >
>> > http://stackoverflow.com/questions/24105848/wso2-identity-server-5-0-0-chpasswd-sh-not-working
>> >
>> > I get the same error as the one this user has reported.
>>
>> Yes..  By default, Identity Server uses LDAP user store and chpasswd
>> script file only for changing password in JDBC based user stores.
>>
>> Thanks,
>> Asela.
>>
>> >
>> > Thanks,
>> > Samisa...
>> >
>> >
>> > Samisa Abeysinghe
>> >
>> > Vice President Delivery
>> >
>> > WSO2 Inc.
>> > http://wso2.com
>> >
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933
>
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Identity Server 5.0.0 - chpasswd.sh not working

2014-06-08 Thread Asela Pathberiya

On Mon, Jun 9, 2014 at 1:30 AM, Samisa Abeysinghe  wrote:
> http://stackoverflow.com/questions/24105848/wso2-identity-server-5-0-0-chpasswd-sh-not-working
>
> I get the same error as the one this user has reported.

Yes..  By default, Identity Server uses LDAP user store and chpasswd
script file only for changing password in JDBC based user stores.

Thanks,
Asela.

>
> Thanks,
> Samisa...
>
>
> Samisa Abeysinghe
>
> Vice President Delivery
>
> WSO2 Inc.
> http://wso2.com
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [ESB 4.8.1] Cloud Agent try to create ROLE even though LDAP is in read only mode.

2014-05-22 Thread Asela Pathberiya

On Fri, May 23, 2014 at 1:18 AM, Isuru Perera  wrote:
> I think we should modify the Cloud Agent to use internal roles.
>
> IS Team, WDYT?

+1  we can create them as internal roles..

>
>
> On Thu, May 22, 2014 at 7:40 AM, Harsha Thirimanna  wrote:
>>
>> Hi,
>>
>> Because of $subject, it throws exception when ESB start.
>>
>> ERROR
>> {org.wso2.carbon.cloud.gateway.agent.internal.CGAgentServiceComponent} -
>> Cloud not activated the CGAgentServiceComponent.
>> {org.wso2.carbon.cloud.gateway.agent.internal.CGAgentServiceComponent}
>> org.wso2.carbon.user.core.UserStoreException: Cannot add role to Read Only
>> user store unless it is primary
>> at
>> org.wso2.carbon.user.core.common.AbstractUserStoreManager.addRole(AbstractUserStoreManager.java:2070)
>> at
>> org.wso2.carbon.user.core.common.AbstractUserStoreManager.addRole(AbstractUserStoreManager.java:3391)
>> at
>> org.wso2.carbon.cloud.gateway.agent.internal.CGAgentServiceComponent.activate(CGAgentServiceComponent.java:123)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at
>> org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
>> at
>> org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
>> at
>> org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:347)
>> at
>> org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
>> at
>> org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
>> at
>> org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
>> at
>> org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
>> at
>> org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107)
>> at
>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.dispatchEvent(BundleContextImpl.java:861)
>> at
>> org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
>> at
>> org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:148)
>> at
>> org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:819)
>> at
>> org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:771)
>> at
>> org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
>> at
>> org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:214)
>> at
>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:433)
>> at
>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.registerService(BundleContextImpl.java:451)
>> at
>> org.wso2.carbon.core.init.CarbonServerManager.initializeCarbon(CarbonServerManager.java:517)
>> at
>> org.wso2.carbon.core.init.CarbonServerManager.start(CarbonServerManager.java:219)
>> at
>> org.wso2.carbon.core.internal.CarbonCoreServiceComponent.activate(CarbonCoreServiceComponent.java:77)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at
>> org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
>> at
>> org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
>> at
>> org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:347)
>> at
>> org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
>> at
>> org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
>> at
>> org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
>> at
>> org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
>> at
>> org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:107)
>> at
>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.dispatchEvent(BundleContextImpl.java:861)
>> at
>> org.eclipse.osgi.framework.eventmgr.EventMan

Re: [Dev] Patch for IDENTITY-2464

2014-05-19 Thread Asela Pathberiya

On Mon, May 19, 2014 at 2:52 PM, Dinesh Bandara  wrote:
> Hi,
>
> Please apply the attached patch in [1] to the location [2]
>
> @Asela, could you please review the fix?
>
> [1] https://wso2.org/jira/browse/IDENTITY-2464
> [2]
> https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/patches/patch0008/core/


+1

Thanks,
Asela.

>
> Thanks,
> DineshB
>
> --
> Dinesh Bandara
> Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Kernel commit in user core

2014-05-06 Thread Asela Pathberiya

Hi Manoj,

Please commit following attached patches to kernel..

[1] https://wso2.org/jira/browse/CARBON-14769
[2] https://wso2.org/jira/browse/IDENTITY-2281

Thanks,
Asela.

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] AppServer - CommodityQuote Sample - scenario 4 (Encryption) does not work

2014-05-02 Thread Asela Pathberiya

On Thu, May 1, 2014 at 5:03 PM, Afkham Azeez  wrote:
> I get the following error on the server side when I try to run the sample
> client:

Just tried sample with AS 5.2.1.  It seems to be that sample is
working file..  Null point can be geneated when encrypted key or data
in the security header is not sent from the client.  Could you please
try with tcpmon and verify the message from client to server.

Thanks,
Asela.

>
> [2014-05-01 16:58:54,385] ERROR
> {org.apache.catalina.core.StandardWrapperValve} -  Servlet.service() for
> servlet [bridgeservlet] in context with path [/] threw exception
>
> java.lang.NullPointerException
>
> at
> org.apache.rampart.builder.SymmetricBindingBuilder.getEncryptedKey(SymmetricBindingBuilder.java:840)
>
> at
> org.apache.rampart.builder.SymmetricBindingBuilder.doSignBeforeEncrypt(SymmetricBindingBuilder.java:418)
>
> at
> org.apache.rampart.builder.SymmetricBindingBuilder.build(SymmetricBindingBuilder.java:86)
>
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:144)
>
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
>
> at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
>
> at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
>
> at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
>
> at org.apache.axis2.engine.AxisEngine.sendFault(AxisEngine.java:515)
>
> at
> org.apache.axis2.transport.http.AxisServlet.handleFault(AxisServlet.java:433)
>
> at
> org.apache.axis2.transport.http.AxisServlet.processAxisFault(AxisServlet.java:398)
>
> at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:188)
>
>
> What could be the reason?
>
>
> --
> Afkham Azeez
> Director of Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
>
> email: az...@wso2.com cell: +94 77 3320919
> blog: http://blog.afkham.org
> twitter: http://twitter.com/afkham_azeez
> linked-in: http://lk.linkedin.com/in/afkhamazeez
>
> Lean . Enterprise . Middleware



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Is the functionality for applying security policies obsolete?

2014-03-07 Thread Asela Pathberiya

On Fri, Mar 7, 2014 at 4:15 PM, Rukshani Weerasinha  wrote:
>
>
> Hi,
>
> The Jira task https://wso2.org/jira/browse/DOCUMENTATION-613 requires the
> following page to have more information about how to use the UI for the
> Policy Selection UI.
>
> https://docs.wso2.org/display/ESB481/Applying+Security+Policies
>
> When I spoke to the Security Team, I was told that this UI is no longer used
> and the functionality no longer works as it is supposed to. It was also said
> that there is no services.xml file as mentioned in the documentation file.
>
> Does anyone have any further input on this? If this page refers to obsolete
> functionality, shall I remove it?

Yes.. what is in the current document, is not correct now, Because we
are not exposing the service.xml file to configure policy attachments
...  Therefore,  users can use the "Policy Selection" management
console UI to define policies for service, binding and operational,
message levels...  But actually, there are some issues with the UI...
some functions are not working as they are provided in the UI. I guess
there are public jira for them..  But still we can define separate
policies for service and binding level..  Therefore we can update the
current document with "Policy Selection"  UI by providing
configuration details with screen shots.

However design view of  "The WS-Policy Editor"  that is no longer used
and It is safe to remove it from the document.

Thanks,
Asela.

>
> Best Regards,
>
> --
> Rukshani Weerasinha
>
> WSO2 Inc.
> Web:http://wso2.com
>
>
>
>
> --
> Rukshani Weerasinha
>
> WSO2 Inc.
> Web:http://wso2.com
>

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Applying changes for Kernel

2014-02-17 Thread Asela Pathberiya

On Mon, Feb 17, 2014 at 1:52 PM, Pushpalanka Jayawardhana wrote:

> Hi Sameera,
>
> I am not sure why they are declared final. Just looking it the code it
> seems for 'updateUserListOfRole' method, it has been avoiding overriding
> the method such that, admin user can be removed from admin role.
>
> Use case is related with Appfactory, OT user store, where we needs to keep
> some virtual roles for user.
>

AFAIK,  Most of the methods in the "UserStoreManager"  have been declared
as  "final" inside the Abstract user store manager.  Because common set of
functions for  most of the user store implementation, have been done there
(also multiple user store functions , listeners and so on).   And Abstract
user store manager introduces new methods (such as "doUpdateUserListOfRole"
method)  to implement.   But, if you want to modify the functions of
Abstract user store manager, I guess you can implement the your user store
implementation directly from "UserStoreManager" interface.
However if there is an issue or improvement on removing admin user from
admin role. We may need to fix it.

Thanks,
Asela.


>
> Thanks,
>
> On Tue, Feb 11, 2014 at 2:42 PM, Sameera Jayasoma wrote:
>
>> Hi Pushpalanka,
>>
>> Do you know why these method declared as final? Can we give it a try to
>> implement your solution without changing the existing API?
>>
>> What is your user-case?
>>
>> Thanks,
>> Sameera.
>>
>>
>> On Tue, Feb 11, 2014 at 11:04 AM, Pushpalanka Jayawardhana <
>> la...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> We have patched the Kernel as attached(removing final) to have the
>>> freedom at implementing the OTUserStoreManager to override the two methods,
>>>
>>>  updateUserListOfRole
>>> getUserListOfRole
>>>
>>> This is not yet committed to Kernel, but used as a custom patch. Are we
>>> ok to go ahead and commit this?
>>>
>>> Thanks,
>>> --
>>>
>>> Pushpalanka Jayawardhana
>>>
>>> Software Engineer
>>>
>>> WSO2 Lanka (pvt) Ltd
>>> [image: 
>>> Facebook]
>>>  [image:
>>> Twitter]
>>>  [image:
>>> LinkedIn]
>>>  [image:
>>> Blogger]
>>>  [image:
>>> SlideShare]
>>> Mobile: +94779716248
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Sameera Jayasoma,
>> Architect,
>>
>> WSO2, Inc. (http://wso2.com)
>> email: same...@wso2.com
>> blog: http://sameera.adahas.org
>> twitter: https://twitter.com/sameerajayasoma
>> flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
>> Mobile: 0094776364456
>>
>> Lean . Enterprise . Middleware
>>
>
>
>
> --
>
> Pushpalanka Jayawardhana
>
> Software Engineer
>
> WSO2 Lanka (pvt) Ltd
> [image: 
> Facebook]
>  [image:
> Twitter]
>  [image:
> LinkedIn]
>  [image:
> Blogger]
>  [image:
> SlideShare]
> Mobile: +94779716248
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Invitation: [Code Review] - Balana @ Fri Jan 24, 2014 11am - 12pm (as...@wso2.com)

2014-01-23 Thread Asela Pathberiya

Link for crucible [1]

[1] http://wso2.org/crucible/project/WSCC001

Thanks,
Asela.


On Tue, Jan 21, 2014 at 2:27 PM, Chamath Gunawardana wrote:

> more details 
> »<https://www.google.com/calendar/event?action=VIEW&eid=czhna3A1dGZsaTI1aWMxbXBxaTRvcWhxbjggYXNlbGFAd3NvMi5jb20&tok=MTcjY2hhbWF0aGdAd3NvMi5jb20yOTNkNWRkZDQ0MzFlOTkzN2Y0OWY5NDNjNTFiODdmZTYyMmRkYjdh&ctz=Asia/Colombo&hl=en>
> [Code Review] - Balana
> *When*
> Fri Jan 24, 2014 11am – 12pm Colombo
> *Where*
> LK 5th Floor Meeting Room - Garage 
> (map<http://maps.google.lk/maps?q=LK+5th+Floor+Meeting+Room+-+Garage&hl=en>
> )
> *Calendar*
> as...@wso2.com
> *Who*
> •
> Chamath Gunawardana - organizer
> •
> Asela Pathberiya
> •
> Darshana Gunawardana
> •
> Dulanja Liyanage
> •
> Venura Kahawala
> •
> Ishara Karunarathna
> •
> Prabath Siriwardana
> •
> Johann Nallathamby
> •
> dev@wso2.org - optional
>
> Going?   *Yes
> <https://www.google.com/calendar/event?action=RESPOND&eid=czhna3A1dGZsaTI1aWMxbXBxaTRvcWhxbjggYXNlbGFAd3NvMi5jb20&rst=1&tok=MTcjY2hhbWF0aGdAd3NvMi5jb20yOTNkNWRkZDQ0MzFlOTkzN2Y0OWY5NDNjNTFiODdmZTYyMmRkYjdh&ctz=Asia/Colombo&hl=en>
> - Maybe
> <https://www.google.com/calendar/event?action=RESPOND&eid=czhna3A1dGZsaTI1aWMxbXBxaTRvcWhxbjggYXNlbGFAd3NvMi5jb20&rst=3&tok=MTcjY2hhbWF0aGdAd3NvMi5jb20yOTNkNWRkZDQ0MzFlOTkzN2Y0OWY5NDNjNTFiODdmZTYyMmRkYjdh&ctz=Asia/Colombo&hl=en>
> - No
> <https://www.google.com/calendar/event?action=RESPOND&eid=czhna3A1dGZsaTI1aWMxbXBxaTRvcWhxbjggYXNlbGFAd3NvMi5jb20&rst=2&tok=MTcjY2hhbWF0aGdAd3NvMi5jb20yOTNkNWRkZDQ0MzFlOTkzN2Y0OWY5NDNjNTFiODdmZTYyMmRkYjdh&ctz=Asia/Colombo&hl=en>*
> more options 
> »<https://www.google.com/calendar/event?action=VIEW&eid=czhna3A1dGZsaTI1aWMxbXBxaTRvcWhxbjggYXNlbGFAd3NvMi5jb20&tok=MTcjY2hhbWF0aGdAd3NvMi5jb20yOTNkNWRkZDQ0MzFlOTkzN2Y0OWY5NDNjNTFiODdmZTYyMmRkYjdh&ctz=Asia/Colombo&hl=en>
>
> Invitation from Google Calendar <https://www.google.com/calendar/>
>
> You are receiving this email at the account as...@wso2.com because you
> are subscribed for invitations on calendar as...@wso2.com.
>
> To stop receiving these notifications, please log in to
> https://www.google.com/calendar/ and change your notification settings
> for this calendar.
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Using UserAdminStub to get users names of a role

2014-01-23 Thread Asela Pathberiya

On Fri, Jan 24, 2014 at 9:57 AM, Venura Kahawala  wrote:

> Hi,
>
> IMO this is an incorrect behavior. Can you try sending zero for the
> 'limit' variable?
>
> Regards,
> Venura
>
>
> On Fri, Jan 24, 2014 at 9:39 AM, Hasitha Aravinda wrote:
>
>> Hi all,
>>
>> I used UserAdminStub's getUsersOfRole method to do the $subject. It
>> returns user list as a FlaggedName array. But problem is, this FlaggedName
>> array contains all the user including users who don't belong to that role.
>>
>> But by checking flaggedName.getSelected() method I can validate whether
>> particular user is in that role or not. But this requires additional
>> iteration.
>>
>> Is this default behavior ? I verified with both carbon 4.0.0 and 4.2.0
>> and observed the same.
>>
>
Yes.. i guess. UserAdmin stub has been written thinking about the UI
aspect..


>
>> Is it ok to use RemoteUserStoreManagerServiceStub for this. ? Again I
>> can't use this with BPS since RemoteUserStoreManagerService admin service
>> is not available by default.
>>
>
Yes..  this is the better approach, if you need to call the user store
functions from external  web application or system.  You can install this
feature [1]. Basically It just exposes the user store manager interface as
web service API.

[1]
http://soasecurity.org/2013/12/15/remote-user-management-feature-in-wso2-carbon-products/

Thanks,
Asela.


>
>> Thanks,
>> Hasitha.
>>
>> --
>> Hasitha Aravinda,
>> Software Engineer,
>> WSO2 Inc.
>> Email: hasi...@wso2.com
>> Mobile: +94 71 8 210 200
>>
>>
>
>
> --
> Senior Software Engineer
>
> Mobile: +94 71 82 300 20
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] https://wso2.org/jira/browse/ESBJAVA-2899 Reprodcuiable due to recent XCML changers in IS

2014-01-22 Thread Asela Pathberiya

On Wed, Jan 22, 2014 at 7:45 PM, Dushan Abeyruwan  wrote:

> Hi IS Team,
> ESB 4.8.1 M1 pack built today with IS 4.6.0 (released)
>
> This is reproducible, seems like now response wrap
> with urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 and no longer
>
>  if(decisionString != null){
> OMElement decisionElement =
> AXIOMUtil.stringToOM(decisionString);
>   *  simpleDecision =
> decisionElement.getFirstChildWithName(new
> QName("Result")).getFirstChildWithName(new QName("Decision")).getText();*
> obligations = decisionElement.getFirstChildWithName(new
> QName("Obligations"));
> advice = decisionElement.getFirstChildWithName(new
> QName("AdviceExpressions"));
> if(log.isDebugEnabled()){
> log.debug("Entitlement Decision is : " +
> simpleDecision);
> }
>
> it suppose to be
>
> *decisionElement.getFirstChildWithName(new
> QName("urn:oasis:names:tc:xacml:3.0:core:schema:wd-17","Result")) or may be
> we might have to test both..*
>
>  So, IS team please review this and do any necessary changers to
> Entitlement Mediator, this a BLOCKER and required your attention.
>
> New Response Type..
>  xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17">NotApplicable Value="urn:oasis:names:tc:xacml:1.0:status:ok">
>


Yes.. Thanks for pointing out. We need to fix the entitlement mediator for
4.8.0.  Because XACML 3.0 response must return with above namespace and
entitlement mediator always sends a XACML 3.0 request. Actually namespace
was fixed in 4.6.0 IS release [1], Therefore we can consider both
situations; when fixing the entitlement mediator. Then it would work with
both older and new IS versions.

[1]https://wso2.org/jira/browse/IDENTITY-1855

Thanks,
Asela.


>
> Cheers,
> Dushan Abeyruwan | Associate Tech Lead
> Integration Technologies Team
> PMC Member Apache Synpase
> WSO2 Inc. http://wso2.com/
> Blog:http://dushansview.blogspot.com/
> Mobile:(0094)713942042
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [APIM][IS]Installing XACML features in API Manager

2014-01-11 Thread Asela Pathberiya

On Sat, Jan 11, 2014 at 10:16 AM, Nadeesha Gamage  wrote:

> I am having issues when working with XACML features installed in the API
> Manager. When I create a XACML policy and publish the policy to PDP the
> policy doesnt take effect. However when the API Manager instance is
> restarted the policy takes effect.
>
> Please let me know whether it is possible to the make the policy to take
> effect immediately once the policy is promoted to the PDP.
>

Please check registry.xml. It must be updated with following handler... If
not, Please add it and see



application/xacml-policy+xml



 Thanks,
Asela.


>
> Thank you,
>
> --
> Nadeesha Gamage
> Senior Engineer Technical Sales
> +94 77 394 5706
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Refresh Token

2014-01-08 Thread Asela Pathberiya

On Thu, Jan 9, 2014 at 8:41 AM, Vanjikumaran Sivajothy wrote:

> Hi Devs,
> Does Refresh token has a expired value like Access Token?
>
>

> If I Do not utilized it, then will it be valid forever?
>


AFAIK,  there is no expired time for refresh token. But authorization
server must implement a refresh token rotation method. Once new access
token is granted using a refresh token,  Server could return a new refresh
token by invalidating older one. Also If refresh token is compromised, It
can be invalidated using above.

Thanks,
Asela.


>
> Best Regards
> --
> Sivajothy Vanjikumaran
> *Senior Software Engineer*
> *Integration Technologies Team*
> *WSO2 Inc. http://wso2.com *
> *Mobile:(+94)777219209*
> *Mobile USA:**(+1)918 813 2403*
> [image: Facebook]  [image: 
> Twitter] [image:
> LinkedIn]  
> [image:
> Blogger]  [image: 
> SlideShare]
>
> This communication may contain privileged or other
> confidential information and is intended exclusively for the addressee/s.
> If you are not the intended recipient/s, or believe that you may
> have received this communication in error, please reply to the
> sender indicating that fact and delete the copy you received and in
> addition, you should not print, copy, re-transmit, disseminate, or
> otherwise use the information contained in this communication.
> Internet communications cannot be guaranteed to be timely, secure, error
> or virus-free. The sender does not accept liability for any errors
> or omissions
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Security mgt feature dependency in identity core server feature

2013-12-19 Thread Asela Pathberiya

On Fri, Dec 20, 2013 at 12:17 PM, Sanjeewa Malalgoda wrote:

> Hi All,
> I can see we have added org.wso2.carbon.identity.core.server.feature -
> 4.2.2 to chunck 06 pom. But that feature was
> referring org.wso2.carbon.security.mgt.server - 4.2.0 version and that is
> not the latest version for org.wso2.carbon.security.mgt.server feature(we
> have few versions of this 4.2.0  4.2.1  4.2.2  4.2.3  4.2.4). There are
> some fixes added to 4.2.4 related to POX security handler engagement. So
> shall we update it with 4.2.4 version?
>

Yes..  i guess we need to do... However security-mgt feature is shipped as
different one. Actually we need to verify why security-mgt is needed for
identity core

Thanks,
Asela.


>
>
> Thanks,
> sanjeewa.
>
> --
>
> *Sanjeewa Malalgoda*
> Senior Software Engineer
> WSO2 Inc.
> Mobile : +94713068779
>
>  blog
> :http://sanjeewamalalgoda.blogspot.com/
>
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV] Thrift TSSLTransportFactory doesn't close FileInputStream

2013-12-17 Thread Asela Pathberiya

On Tue, Dec 17, 2013 at 11:58 PM, Venura Kahawala  wrote:

> Hi,
>
> org.apache.thrift.transport.TSSLTransportFactory class doesn't closes the
> FileInputStream objects created for keystore loading. This keeps the
> keystore file open in the server and might even exceed the open file limit.
>
> What needs to be done in order to overcome this issue since we haven't
> kept the source code of org.apache.thrift.transport.TSSLTransportFactory in
> our repository.
>

I guess  BAM and APIM are using thrift in SSL.  Has Anyone experienced such
issue while load testing?  If there is an issue, which is not fix in the
thrift yet, then we may need to branch it in to our repository.

Thanks,
Asela.

>
>
> Regards,
> Venura
>
> --
> Senior Software Engineer
>
> Mobile: +94 71 82 300 20
>
>

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Simple command line client to Balana PDP

2013-11-14 Thread Asela Pathberiya

Hi Scott,

Great  We could probably add this to Balana samples [1] as command line
PEP for Balana. Please provide a patch.


On Fri, Nov 15, 2013 at 4:38 AM, Scott Came  wrote:

>  I have developed a simple command-line client with the following
> interface:
>
>
>
> usage: PDPExec
>
> -?,--usage   Print usage info
>
> -m,--mode   Mode of response, XML for the full XACML
>
>   response, or SIMPLE for just 'permit', 'deny',
>
>   or 'indeterminate'
>
> -p,--policyFile XACML 3.0 policy file
>
> -r,--requestFileXACML 3.0 request file
>
>
>
> It takes as input a policy file and a request file, and returns the PDP
> response (either the entire XML structure, or just
> permit/deny/indeterminate).
>

>
> Would the project be interested in my submitting this as a patch?  I used
> Commons CLI to help with processing the command-line arguments, which
> introduced a new dependency in the POM.
>

Yes.  Commons CLI is with Apache 2.0 license. It means that it is fine to
introduce it to pom file. However, just to let you know, AFAIK, other
Balana samples have been developed  with java Console and Scanner class.

[1]
http://svn.wso2.org/repos/wso2/trunk/commons/balana/modules/balana-samples/

Thanks,
Asela.



>
>
> Thanks.
>
> --Scott
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Carbon 4.2.0 branch build failure

2013-11-12 Thread Asela Pathberiya

Hi Azeez,

I am sorry.  I have both JDKs in machine and just see that it has been
built success with from 1.6, (not 1.7). It means that it fails with 1.7.
AFAIK there are some other issues when we are building 1.7.  I guess we
have mentioned it in the doc as well [1].  If we are planing to support for
1.7 to build the source,  we must fix this in next release.

[1] http://docs.wso2.org/display/Carbon420/Installation+Prerequisites

Thanks,
Asela.


On Wed, Nov 13, 2013 at 8:35 AM, Afkham Azeez  wrote:

> java version "1.7.0_45"
>
> Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
>
> Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
>
>
> On Wed, Nov 13, 2013 at 8:11 AM, Asela Pathberiya  wrote:
>
>>
>> On Wed, Nov 13, 2013 at 6:21 AM, Afkham Azeez  wrote:
>>
>>> [ERROR] Failed to execute goal
>>> org.apache.maven.plugins:maven-compiler-plugin:2.1:compile
>>> (default-compile) on project wss4j: Compilation failure: Compilation
>>> failure:
>>>
>>> [ERROR]
>>> /Users/azeez/projects/wso2/public2/kernel/trunk/branches/4.2.0/dependencies/wss4j/1.5.11-wso2v6/src/org/apache/ws/security/kerberos/KrbTicketDecoder.java:[10,24]
>>> EncryptionKey is internal proprietary API and may be removed in a future
>>> release
>>>
>>> [ERROR]
>>>
>>> [ERROR]
>>> /Users/azeez/projects/wso2/public2/kernel/trunk/branches/4.2.0/dependencies/wss4j/1.5.11-wso2v6/src/org/apache/ws/security/kerberos/KrbTicketDecoder.java:[11,33]
>>> EncTicketPart is internal proprietary API and may be removed in a future
>>> release
>>>
>>
>> We have experienced this as "[WARNING]"  messages not errors..  I just
>> tried this with JDK 1.7 and mvn clean install.
>>
>> Thanks,
>> Asela.
>>
>>
>>
>>> [ERROR]
>>>
>>> --
>>> *Afkham Azeez*
>>> Director of Architecture; WSO2, Inc.; http://wso2.com
>>> Member; Apache Software Foundation; http://www.apache.org/
>>> * <http://www.apache.org/>*
>>> *email: **az...@wso2.com* 
>>> * cell: +94 77 3320919 <%2B94%2077%203320919> blog: *
>>> *http://blog.afkham.org* <http://blog.afkham.org>
>>> *twitter: 
>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez>
>>> * linked-in: **http://lk.linkedin.com/in/afkhamazeez
>>> <http://lk.linkedin.com/in/afkhamazeez>*
>>>
>>> *Lean . Enterprise . Middleware*
>>>
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933
>>
>
>
>
> --
> *Afkham Azeez*
> Director of Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * <http://www.apache.org/>*
> *email: **az...@wso2.com* 
> * cell: +94 77 3320919 <%2B94%2077%203320919> blog: *
> *http://blog.afkham.org* <http://blog.afkham.org>
> *twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez>
> * linked-in: **http://lk.linkedin.com/in/afkhamazeez
> <http://lk.linkedin.com/in/afkhamazeez>*
>
> *Lean . Enterprise . Middleware*
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Carbon 4.2.0 branch build failure

2013-11-12 Thread Asela Pathberiya

On Wed, Nov 13, 2013 at 6:21 AM, Afkham Azeez  wrote:

> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-compiler-plugin:2.1:compile
> (default-compile) on project wss4j: Compilation failure: Compilation
> failure:
>
> [ERROR]
> /Users/azeez/projects/wso2/public2/kernel/trunk/branches/4.2.0/dependencies/wss4j/1.5.11-wso2v6/src/org/apache/ws/security/kerberos/KrbTicketDecoder.java:[10,24]
> EncryptionKey is internal proprietary API and may be removed in a future
> release
>
> [ERROR]
>
> [ERROR]
> /Users/azeez/projects/wso2/public2/kernel/trunk/branches/4.2.0/dependencies/wss4j/1.5.11-wso2v6/src/org/apache/ws/security/kerberos/KrbTicketDecoder.java:[11,33]
> EncTicketPart is internal proprietary API and may be removed in a future
> release
>

We have experienced this as "[WARNING]"  messages not errors..  I just
tried this with JDK 1.7 and mvn clean install.

Thanks,
Asela.



> [ERROR]
>
> --
> *Afkham Azeez*
> Director of Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * *
> *email: **az...@wso2.com* 
> * cell: +94 77 3320919 <%2B94%2077%203320919> blog: *
> *http://blog.afkham.org* 
> *twitter: **http://twitter.com/afkham_azeez*
> * linked-in: **http://lk.linkedin.com/in/afkhamazeez
> *
>
> *Lean . Enterprise . Middleware*
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How do we define XACML policies against user attributes from the UI ?

2013-11-12 Thread Asela Pathberiya

On Sat, Aug 31, 2013 at 3:08 PM, Prabath Siriwardena wrote:

> In the XACML policy editor I only see 4 user attributes are listed in the
> UI and do not see any way of extending this to add other user attributes.
>
> Am I missing something..?
>

Sorry. I may have been missed to reply mail due to release rush. Previously
XACML UI lists attributes by reading the claim management component. But It
means that XACML UI has to depend on that vice versa and claim
management has no data type concept (all attributes are assumed as
String).  Therefore, we have introduced  separate UI configurations to
manage them. You can find the way of extending from here [1]

[1] http://xacmlinfo.org/2013/09/03/how-to-write-xacml-policies-part-2/

Thanks,
Asela.

>
>
> Thanks & Regards,
> Prabath
>
> Mobile : +94 71 809 6732
>
> http://blog.facilelogin.com
> http://RampartFAQ.com
>

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] OAuth validation extension point in WSO2 IS

2013-11-11 Thread Asela Pathberiya

Hi Pradeep,

This has been already discussed on Architecture thread. This is a must
thing that we want to have in IS 4.6.0. (next release).  I am not still
sure  whether some one already has been worked on this. Johann any idea?..
If not,  It is great,  If you can introduce the extension.

Thanks,
Asela.

On Mon, Nov 11, 2013 at 6:01 PM, Pradeep Fernando  wrote:

> Hi,
>
> The current token validation endpoint only performs basic level of
> validation. That is it only checks whether the given token is valid. But
> for complex authorization decision making this validation is not enough
> IMHO.
>
> @IS team:
>
> can you guys please consider adding an extension point for custom
> validation impls.
>

> thanks,
> --Pradeep
>

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Use case of an OAuth2.0 - need some clarifications

2013-10-31 Thread Asela Pathberiya

On Wed, Oct 30, 2013 at 12:28 PM, Pradeep Fernando  wrote:

> Hi Devs,
>
> I want to secure a set of APIs using OAuth 2.0. Resource server has APIs
> of type,
>
> X and Y.
>
> Client authenticates itself with the authorization server (say resource
> owner password credentials grant...) and gets an access token.
>
> The authorization server has two types of users. (roles)
>
> role A
> role B
>
> users of role A should be able to access both the resources X and Y
> where as users of role B can only access resources of type Y.
>
>
> Authorization is the concern here. How can we pass that info to the
> resource server ? Since OAuth is a authorization framework, we dont' have
> to deal with user roles at the resource server, right (correct me if i'm
> wrong..) ?
>

When access token is granted,  By default,  Authorization server  does not
do any authorization.  If you need,  you need to implement a call back
class. More details can found here [1]. In your case,  i guess, we can send
the X,Y values in scope parameter and do the RBAC validation inside call
back class before granting token. However,  please make sure that current
authorization server implementation does not issue different access tokens
based on the scope (which is already discussed in the Architecture mailing
list). Therefore if token is granted, it can be used to access all..

[1]
http://blog.thilinamb.com/2012/08/writing-oauthcallbackhandler-for-wso2.html

Thanks,
Asela.

> if so, is the 'scope' parameter in the access token, the correct approach
> ?
>

> thanks,
> --Pradeep
>
>
>
>

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Change in intitail tenant loading

2013-10-30 Thread Asela Pathberiya

On Wed, Oct 30, 2013 at 3:03 PM, Kishanthan Thangarajah  wrote:

> Hi All,
>
> With the recent changes to ActivationHandler (we removed it with CC
> re-factoring effort), we observe a change is tenant loading in some of the
> products. The tenant does not load with the login. But it starts to load
> when you try to access some mgt console pages (for example, try to view the
> service lists). This is because those AdminServices do a call to
> TenantAxisUtils to get the tenantConfigContext, on which the tenant loading
> also happens.
>
> But this behavior is casing issues in some products (We have currently
> identified only BPS). In BPS, the requirement is to load tenant when the
> user is directed to the mgt console landing page. So the common solution is
> to call the load tenant method after the successful login of tenant, like
> earlier.
>
> We found a possible place to plug in this call. In
> AuthenticationAdmin#login method, after calling  onSuccessAdminLogin, we
> can call the tenant loading part.
>

There are authenticators other than AuthenticationAdmin such as Basic Auth,
SAML2 SSO and so on.  Therefore, tenant loading part must be inside the
"onSuccessAdminLogin" which is called by all authenticators. Carbon context
creation, registry loading  and etc  are also happened inside the
"onSuccessAdminLogin"

Thanks,
Asela.


>
> But my question is, is this approach correct? or do we have any other
> suitable place to plug this call, other than AuthenticationAdmin?
>
> Thanks,
> Kishanthan.
>
> --
> *Kishanthan Thangarajah*
> Senior Software Engineer,
> Platform Technologies Team,
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - +94773426635
> Blog - *http://kishanthan.wordpress.com*
> Twitter - *http://twitter.com/kishanthan*
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Latest OAuth playground code.

2013-10-29 Thread Asela Pathberiya

On Wed, Oct 30, 2013 at 10:30 AM, Amila Maha Arachchi wrote:

> Does the doc link needs to be changed?
>

Yes..

Thanks,
Asela.


>
>
> On Wed, Oct 30, 2013 at 10:26 AM, Asela Pathberiya  wrote:
>
>>
>>
>>
>> On Wed, Oct 30, 2013 at 10:23 AM, Pradeep Fernando wrote:
>>
>>> Hi devs,
>>>
>>> where can i find the latest code ?
>>>
>>
>> It is in SVN under product samples [1]...
>>
>> [1]
>> http://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/4.5.0/modules/samples/oauth2/playground2/
>>
>> Thanks,
>> Asela.
>>
>>
>>>
>>> thanks,
>>> --Pradeep
>>>
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Amila Maharachchi*
> Senior Technical Lead
> WSO2, Inc.; http://wso2.com
>
> Blog: http://maharachchi.blogspot.com
> Mobile: +94719371446
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Latest OAuth playground code.

2013-10-29 Thread Asela Pathberiya

On Wed, Oct 30, 2013 at 10:23 AM, Pradeep Fernando  wrote:

> Hi devs,
>
> where can i find the latest code ?
>

It is in SVN under product samples [1]...

[1]
http://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/4.5.0/modules/samples/oauth2/playground2/

Thanks,
Asela.


>
> thanks,
> --Pradeep
>
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Balana policy source question

2013-10-15 Thread Asela Pathberiya

Hi Scott,

I have applied your patch in to the Balana trunk.. Please see my comments
in the jira [1]. I am really +1 for refactoring the things It would be
great, if you can create patches for them by creating jiras. We can apply
them in to the trunk.  Again, thanks for your contribution.

[1] https://wso2.org/jira/browse/COMMONS-101

Thanks,
Asela
<https://wso2.org/jira/browse/COMMONS-101>

On Fri, Oct 11, 2013 at 12:24 PM, Asela Pathberiya  wrote:

> Hi Scott,
>
> Great...!!! Thanks a lot for your contribution. we will go through it and
> apply in to the trunk
>
> Thanks,
> Asela.
>
>
>
> On Wed, Oct 9, 2013 at 11:46 PM, Scott Came  wrote:
>
>>  Thanks, Asela.
>>
>> ** **
>>
>> JIRA created (https://wso2.org/jira/browse/COMMONS-101) with patch
>> attached.
>>
>> ** **
>>
>> In the source I noted some potential refactorings that we could do to
>> reduce the amount of copied-and-pasted code, but my intention was to
>> implement this with no changes to existing code.  If the decision is to
>> refactor things, I’m happy to look at doing that as a follow-on task.
>>
> 
>>
>>
>>
>> Thanks.
>>
>> --Scott
>>
>> ** **
>>
>> *From:* Asela Pathberiya [mailto:as...@wso2.com]
>> *Sent:* Tuesday, October 08, 2013 10:22 PM
>>
>> *To:* Scott Came
>> *Cc:* dev@wso2.org
>> *Subject:* Re: [Dev] Balana policy source question
>>
>> ** **
>>
>> ** **
>>
>> Hi Scott, 
>>
>> If you create an account in wso2.com  [1]. Then you can login to jira
>> account with those credentials.
>>
>> [1] https://wso2.com/user/register
>>
>> Thanks,
>> Asela.
>>
>> ** **
>>
>> On Wed, Oct 9, 2013 at 6:01 AM, Scott Came  wrote:
>> 
>>
>> Hi Asela.  I have created an InMemoryPolicyFinderModule and an associated
>> unit test.  I can easily roll a patch for this and submit it.
>>
>>  
>>
>> I hit the link [1] you referenced, but it looks like I need a JIRA
>> account in order to create a ticket and post the patch.  I looked around on
>> the WSO2 site and could not see how to create an account.  What is the next
>> step?
>>
>>  
>>
>> Thanks.
>>
>> --Scott
>>
>>  
>>
>> *From:* Asela Pathberiya [mailto:as...@wso2.com]
>> *Sent:* Tuesday, October 01, 2013 10:08 AM
>> *To:* Scott Came
>> *Cc:* dev@wso2.org
>> *Subject:* Re: [Dev] Balana policy source question
>>
>>  
>>
>> Hi Scott,
>>
>> Really welcome your ideas.  Yes. Balana only have a sample implementation
>> for file system based policies.  As you know, WSO2 Identity Server uses
>> Balana as XACML engine and Identity Server has own implementation for
>> PolicyFinderModule. Sure... you could implement this for Balana... If
>> policies are loading from different sources (file system, databases and so
>> on...), it is easy to extend an in-memory finder module.  You can create a
>> ticket in here [1]
>>
>> under Balana component and provide a patch for trunk.   
>>
>>
>> [1] https://wso2.org/jira/browse/COMMONS
>>
>> Thanks,
>> Asela.
>>
>>  
>>
>> On Tue, Oct 1, 2013 at 4:06 AM, Scott Came  wrote:
>> 
>>
>> Unless I’m missing something, it looks like the only way to feed policies
>> into the Balana PDP is to have them in files that reside in the filesystem.
>> 
>>
>>  
>>
>> I’m wondering if any thought was given to allowing (somehow) in-memory
>> DOM Documents to be passed in.  I haven’t investigated in-depth yet, but I
>> wonder if it would be possible to write a PolicyFinderModule implementation
>> class that references an in-memory collection of policies…
>>
>>  
>>
>> If this seems like a good idea, I’d be happy to attempt it…
>>
>>  
>>
>> Thanks.
>>
>> --Scott
>>
>>  
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>>
>>
>> -- 
>>
>> Thanks & Regards,
>>
>> Asela
>>
>>  
>>
>> ATL
>>
>> Mobile : +94 777 625 933
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>>
>>
>> -- 
>>
>> Thanks & Regards,
>>
>> Asela
>>
>> ** **
>>
>> ATL
>>
>> Mobile : +94 777 625 933
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thanks & Regards,
> Asela
>
> ATL
> Mobile : +94 777 625 933
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [aPaaS]Change imported user password on first login

2013-10-11 Thread Asela Pathberiya

I think we can do this using password policy extensions that we have
introduced for 4.2.0 release.  We may need to write new extension for
this... This would be a good use case... I guess, Chamath can help you on
this

Thanks,
Asela.

On Fri, Oct 11, 2013 at 6:52 PM, Asanka Dissanayake wrote:

> Hi All,
> Is there a way to do $subject. Because the user story as below.
>
> Tenant admin imports users to the tenant with a default password.
> Users are asked to change their passwords on the first login.
>
> How can we identify the first login of the user?
>
> We are using a LDAP as the user store.
> --
>
> *Asanka Dissanayake
> Software Engineer*
> *WSO2 Inc. - lean . enterprise . middleware |  wso2.com*
> *
> email: asan...@wso2.com ,   blog:
> cyberwaadiya.blogspot.com, asankastechtalks.wordpress.com  mobile: +94 71
> 8373821*
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Balana policy source question

2013-10-10 Thread Asela Pathberiya

Hi Scott,

Great...!!! Thanks a lot for your contribution. we will go through it and
apply in to the trunk

Thanks,
Asela.


On Wed, Oct 9, 2013 at 11:46 PM, Scott Came  wrote:

>  Thanks, Asela.
>
> ** **
>
> JIRA created (https://wso2.org/jira/browse/COMMONS-101) with patch
> attached.
>
> ** **
>
> In the source I noted some potential refactorings that we could do to
> reduce the amount of copied-and-pasted code, but my intention was to
> implement this with no changes to existing code.  If the decision is to
> refactor things, I’m happy to look at doing that as a follow-on task.
>
> ** **
>
> Thanks.
>
> --Scott
>
> ** **
>
> *From:* Asela Pathberiya [mailto:as...@wso2.com]
> *Sent:* Tuesday, October 08, 2013 10:22 PM
>
> *To:* Scott Came
> *Cc:* dev@wso2.org
> *Subject:* Re: [Dev] Balana policy source question
>
> ** **
>
> ** **
>
> Hi Scott, 
>
> If you create an account in wso2.com  [1]. Then you can login to jira
> account with those credentials.
>
> [1] https://wso2.com/user/register
>
> Thanks,
> Asela.
>
> ** **
>
> On Wed, Oct 9, 2013 at 6:01 AM, Scott Came  wrote:*
> ***
>
> Hi Asela.  I have created an InMemoryPolicyFinderModule and an associated
> unit test.  I can easily roll a patch for this and submit it.
>
>  
>
> I hit the link [1] you referenced, but it looks like I need a JIRA account
> in order to create a ticket and post the patch.  I looked around on the
> WSO2 site and could not see how to create an account.  What is the next
> step?
>
>  
>
> Thanks.
>
> --Scott
>
>  
>
> *From:* Asela Pathberiya [mailto:as...@wso2.com]
> *Sent:* Tuesday, October 01, 2013 10:08 AM
> *To:* Scott Came
> *Cc:* dev@wso2.org
> *Subject:* Re: [Dev] Balana policy source question
>
>  
>
> Hi Scott,
>
> Really welcome your ideas.  Yes. Balana only have a sample implementation
> for file system based policies.  As you know, WSO2 Identity Server uses
> Balana as XACML engine and Identity Server has own implementation for
> PolicyFinderModule. Sure... you could implement this for Balana... If
> policies are loading from different sources (file system, databases and so
> on...), it is easy to extend an in-memory finder module.  You can create a
> ticket in here [1]
>
> under Balana component and provide a patch for trunk.   
>
>
> [1] https://wso2.org/jira/browse/COMMONS
>
> Thanks,
> Asela.
>
>  
>
> On Tue, Oct 1, 2013 at 4:06 AM, Scott Came  wrote:*
> ***
>
> Unless I’m missing something, it looks like the only way to feed policies
> into the Balana PDP is to have them in files that reside in the filesystem.
> 
>
>  
>
> I’m wondering if any thought was given to allowing (somehow) in-memory DOM
> Documents to be passed in.  I haven’t investigated in-depth yet, but I
> wonder if it would be possible to write a PolicyFinderModule implementation
> class that references an in-memory collection of policies…
>
>  
>
> If this seems like a good idea, I’d be happy to attempt it…
>
>  
>
> Thanks.
>
> --Scott
>
>  
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
>
> -- 
>
> Thanks & Regards,
>
> Asela
>
>  
>
> ATL
>
> Mobile : +94 777 625 933
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
>
> -- 
>
> Thanks & Regards,
>
> Asela
>
> ** **
>
> ATL
>
> Mobile : +94 777 625 933
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Wrong source URL in identity server product page

2013-10-10 Thread Asela Pathberiya

On Thu, Oct 10, 2013 at 1:56 PM, Chamara Silva  wrote:

> In IS product page [1] shows carbon 4.1.0 svn url. But latest IS product
> (4.5.0)
> released
> from
> carbon
> 4.2.0.
> There's no tag location parallel to the IS 4.5.0 release. Is there a any
> reason for that?
>

It seems to be that we have not created a tag for carbon 4.2.0 release. Is
there any reason for this?  If not, we can point to this location [1]

[1]
http://svn.wso2.org/repos/wso2/carbon/platform/branches/4.2.0/products/is/4.5.0/

Thanks,
Asela.


>
> 1. http://wso2.com/products/identity-server/
>
> Thanks,
> Chamara Silva
>
>
> --
> A. Suminda Chamara Silva
> Senior Software Engineer
> WSO2 Inc.
> Mobile: +94718302858
> blog: http://chamaras.blogspot.com
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Returning 'HTTP 401 Unauthorized' instead of a SOAPFault when accessing a secured SOAP service without security

2013-10-09 Thread Asela Pathberiya

On Wed, Oct 9, 2013 at 6:01 PM, Evanthika Amarasiri wrote:

> Hi,
>
> In previous releases (pre-Carbon 4.2.0), when you send a non-secured
> message to a secured service, it returned a soapFault. But since Carbon
> 4.2.0, we noticed that it returns only the HTTP header - *HTTP/1.1 401
> Unauthorized *& no soapFault. Is this correct? Is there a specific reason
> why we are NOT returning a soapFault anymore?
>

Yes. this is the expected behavior. If you have enabled the POX security
handler. It would look for Basic auth  headers and returns 401. It seems to
be that, with carbon 4.2.0, we have enabled the POX security handler for
application/soap+xml. I am not sure what is the reason for this..  but it
seems to be fine. As there can be SOAP requests with Basic Auth headers.
POX security handler is the possible way to secure services in Carbon
product with Basic Authentication.  Also, If you do not want to use POX
security handler, we could remove it from the service (As it is an axis2
module).  However, i agree that POX security handler is little bit
confusing.  AFAIK, it is just a hack to secured web services using Basic
authentication. It would be great to have proper solution for this.

Thanks,
Asela.

> Related JIRA - [1]
>
> [1] - https://wso2.org/jira/browse/CARBON-14509
>
> Regards,
> Evanthika
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] SAML2 SSO with API Store.

2013-10-09 Thread Asela Pathberiya

Hi All,

When we configure SAML2 SSO with IDP (WSO2 Identity Sever) for API store.
User would be  redirected to IDP login page.  But there would be cases,
where users need to see the APIs without login.  Once SSO is configured, it
would break. So, do we have any configuration or work around for this?  If
not, It is better, we can fix this for API Store. Once end user click on
"login", we can initialize the SAML2 SSO flow?

Thanks,
Asela.


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Balana policy source question

2013-10-08 Thread Asela Pathberiya

Hi Scott,

If you create an account in wso2.com  [1]. Then you can login to jira
account with those credentials.

[1] https://wso2.com/user/register

Thanks,
Asela.

On Wed, Oct 9, 2013 at 6:01 AM, Scott Came  wrote:

>  Hi Asela.  I have created an InMemoryPolicyFinderModule and an
> associated unit test.  I can easily roll a patch for this and submit it.**
> **
>
> ** **
>
> I hit the link [1] you referenced, but it looks like I need a JIRA account
> in order to create a ticket and post the patch.  I looked around on the
> WSO2 site and could not see how to create an account.  What is the next
> step?
>
> ** **
>
> Thanks.****
>
> --Scott
>
> ** **
>
> *From:* Asela Pathberiya [mailto:as...@wso2.com]
> *Sent:* Tuesday, October 01, 2013 10:08 AM
> *To:* Scott Came
> *Cc:* dev@wso2.org
> *Subject:* Re: [Dev] Balana policy source question
>
> ** **
>
> Hi Scott,
>
> Really welcome your ideas.  Yes. Balana only have a sample implementation
> for file system based policies.  As you know, WSO2 Identity Server uses
> Balana as XACML engine and Identity Server has own implementation for
> PolicyFinderModule. Sure... you could implement this for Balana... If
> policies are loading from different sources (file system, databases and so
> on...), it is easy to extend an in-memory finder module.  You can create a
> ticket in here [1]
>
> under Balana component and provide a patch for trunk.   ** **
>
>
> [1] https://wso2.org/jira/browse/COMMONS
>
> Thanks,
> Asela.
>
> ** **
>
> On Tue, Oct 1, 2013 at 4:06 AM, Scott Came  wrote:*
> ***
>
> Unless I’m missing something, it looks like the only way to feed policies
> into the Balana PDP is to have them in files that reside in the filesystem.
> 
>
>  
>
> I’m wondering if any thought was given to allowing (somehow) in-memory DOM
> Documents to be passed in.  I haven’t investigated in-depth yet, but I
> wonder if it would be possible to write a PolicyFinderModule implementation
> class that references an in-memory collection of policies…
>
>  
>
> If this seems like a good idea, I’d be happy to attempt it…
>
>  
>
> Thanks.
>
> --Scott
>
>  
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
>
> -- 
>
> Thanks & Regards,
>
> Asela
>
> ** **
>
> ATL
>
> Mobile : +94 777 625 933
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Balana response message namespaces

2013-10-01 Thread Asela Pathberiya

Hi Scott,


On Tue, Oct 1, 2013 at 9:39 PM, Scott Came  wrote:

>  Hi Asela.
>
> ** **
>
> Well…  Yes, if you read an entire Response message with a namespace-aware
> parser, and you have a default namespace declaration on the root Response
> element, then yes, the child elements will be assumed to be in that default
> namespace.
>
> ** **
>
> But it is entirely possible for someone to access a Result element out of
> its Response context, isn’t it?  As long as the API allows this (e.g., via
> ResponseCtx.getResults()) I think Balana would need to support it.
> Otherwise, you risk allowing client code to get invalid XACML fragments.**
> **
>
> ** **
>
> After a little more looking around, I see that this same issue applies to
> Status, Obligation…anything with an encode() method.
>

There is some point Yes,.. it means all element seems to have a
namespace declaration.  But most of the XACML PDP implementations that uses
Balana, would try to get the full XACML response from Balana  and send it
back to the PEP. As PEP and PDP are separated, XACML response would be
passed using web service (REST, SOAP) call.  Actually It is hard to find
places where PEP and Balana have been tightly coupled. But we could look in
to this further.


> 
>
> ** **
>
> I suppose another option is to change the encode() methods on all classes
> except ResponseCtx to be package-visible so that they can’t be called
> externally, but I don’t think that’s the right approach.  There could be
> perfectly valid reasons for wanting to get the XML content of sub-elements…
> 
>
> ** **
>
> You wouldn’t necessarily need to implement this with the core Java DOM
> API, but it would be somewhat easier, IMHO.  As for complexity…I don’t
> believe you’d find the code to be significantly more complex than what you
> have now.  It would use an API that’s been native to Java for years, so
> there would be no new (external) dependencies.  Finally, for the kind of
> XML documents we’re talking about here, I wouldn’t expect a DOM approach to
> be faster, but I also wouldn’t expect it to be significantly slower.  Also,
> it will use a little more memory, but not significantly more than the
> equivalent String.
>
> ** **
>
> I would be happy to help implement this if you’re amenable.
>

+1. Great..  I guess,  we only need to think about the performance here...
Also there would be lot places to be changed as encode() is used in every
element.


Thanks,
Asela.


> 
>
> ** **
>
> Thanks.
>
> --Scott
>
> ** **
>
> *From:* Asela Pathberiya [mailto:as...@wso2.com]
> *Sent:* Monday, September 30, 2013 10:38 PM
> *To:* Scott Came
> *Cc:* dev@wso2.org
> *Subject:* Re: [Dev] Balana response message namespaces
>
> ** **
>
> ** **
>
> Hi Scott,
>
> On Tue, Oct 1, 2013 at 3:55 AM, Scott Came  wrote:*
> ***
>
> I have noticed that the Result message (i.e., the String produced by
> org.wso2.balana.ctx.AbstractResult.encode()) does not appear to qualify
> names with namespaces, as required by the XACML 3.0 spec.
>
> ** **
>
> AFAIK,  Result element is not needed to be qualify with namespace, if
> Response element has been already qualified. If i have missed any thing,
> Please let us know
>
>   
>
> I was looking at class org.wso2.balana.ctx.xacml3.Result.encode() and was
> curious why the output XML is built up as a String, rather than using the
> native DOM capabilities, or similar capabilities in XML open source
> libraries?
>
>  ** **
>
> We do not think to add more complexity here. It is returned the String
> value then it is needed to build a DOM and convert to String... Do you
> think, using DOM is faster than string manipulation? 
>
>   
>
> I notice the same issue applies to
> org.wso2.balana.ctx.ResponseCtx.encode(), which actually has some
> commented-out code that would add the namespace declaration…
>
>  ** **
>
> Yes actually it has been commented which is wrong...  this is fixed now. *
> ***
>
>   
>
> Was there a decision made at some point not to have the response message
> conform to the spec?
>
>  ** **
>
> No.  i guess, this is a mistake.  namespace was there in earlier trunk
> revisions.  Thanks for pointing this out. 
>
>  
>
> Thanks,
> Asela.
>
>   
>
> Thanks.
>
> --Scott 
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
>
> -- 
>
> Thanks & Regards,
>
> Asela
>
> ** **
>
> ATL
>
> Mobile : +94 777 625 933
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Balana policy source question

2013-10-01 Thread Asela Pathberiya

Hi Scott,

Really welcome your ideas.  Yes. Balana only have a sample implementation
for file system based policies.  As you know, WSO2 Identity Server uses
Balana as XACML engine and Identity Server has own implementation for
PolicyFinderModule. Sure... you could implement this for Balana... If
policies are loading from different sources (file system, databases and so
on...), it is easy to extend an in-memory finder module.  You can create a
ticket in here [1]
under Balana component and provide a patch for trunk.

[1] https://wso2.org/jira/browse/COMMONS

Thanks,
Asela.

On Tue, Oct 1, 2013 at 4:06 AM, Scott Came  wrote:

>  Unless I’m missing something, it looks like the only way to feed
> policies into the Balana PDP is to have them in files that reside in the
> filesystem.
>
> ** **
>
> I’m wondering if any thought was given to allowing (somehow) in-memory DOM
> Documents to be passed in.  I haven’t investigated in-depth yet, but I
> wonder if it would be possible to write a PolicyFinderModule implementation
> class that references an in-memory collection of policies…
>
> ** **
>
> If this seems like a good idea, I’d be happy to attempt it…
>
> ** **
>
> Thanks.
>
> --Scott
>
> ** **
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Balana response message namespaces

2013-09-30 Thread Asela Pathberiya

Hi Scott,

On Tue, Oct 1, 2013 at 3:55 AM, Scott Came  wrote:

>  I have noticed that the Result message (i.e., the String produced by
> org.wso2.balana.ctx.AbstractResult.encode()) does not appear to qualify
> names with namespaces, as required by the XACML 3.0 spec.
>

AFAIK,  Result element is not needed to be qualify with namespace, if
Response element has been already qualified. If i have missed any thing,
Please let us know

> 
>
> ** **
>
> I was looking at class org.wso2.balana.ctx.xacml3.Result.encode() and was
> curious why the output XML is built up as a String, rather than using the
> native DOM capabilities, or similar capabilities in XML open source
> libraries?
>

We do not think to add more complexity here. It is returned the String
value then it is needed to build a DOM and convert to String... Do you
think, using DOM is faster than string manipulation?

> 
>
> ** **
>
> I notice the same issue applies to
> org.wso2.balana.ctx.ResponseCtx.encode(), which actually has some
> commented-out code that would add the namespace declaration…
>

Yes actually it has been commented which is wrong...  this is fixed now.

> 
>
> ** **
>
> Was there a decision made at some point not to have the response message
> conform to the spec?
>

No.  i guess, this is a mistake.  namespace was there in earlier trunk
revisions.  Thanks for pointing this out.

Thanks,
Asela.

> 
>
> ** **
>
> Thanks.
>
> --Scott 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to expose REST and consume SOAP BE using APIM

2013-09-25 Thread Asela Pathberiya

Thanks for reply

On Thu, Sep 26, 2013 at 2:09 AM, Sumedha Rubasinghe wrote:

> You should be using Synapse config editor. That would have saved most of
> these trouble.
>

I did not use it  Yes. it would work.


>
> On Thu, Sep 26, 2013 at 12:40 AM, Asela Pathberiya  wrote:
>
>> Hi all,
>>
>> I tried to do this using APIM 1.4.0 and it works.  But is there any
>> recommend way to achieve this? Because I have come across several issues
>> while i am trying to do. Please let me know whether i am in the correct
>> path.
>>
>> 1. Create a API in the API publisher
>>
>> 2. Now i want to edit the API configuration to do some changes to support
>> for this use case.
>>
>> 3. In Publisher, there is not way to edit API config. so login to
>> management console. User has no permission to edit API config
>>
>> 4.  Login as admin user and edit it.  But it was also not
>> successful...(May be som issue in the XML UI editor)
>>
>
> You need to use the Synapse config editor (not the API editor in Admin
> console) .
>
>>
>> 5. Then file system is used. it works.
>>
>> 6. Need to add new sequence for API flow, it is not allow to do using
>> publisher and management console and need to use file system.
>>
>
> Here again you need to use the Synapse config editor.
> In 1.5.0, there is an option to attach this to API through publisher UI
> (provided that added sequence extension definitions are in correct registry
> location).
>
+1


>
>> Are we recommend dev- studio for APIM ? sorry i did not try it
>>
>> 7. API is edited using publisher and all changes that i have done with
>> API config has been reverted.
>>
>
> API configuration can take full benefit of underlying Synapse semantics.
> There is no way for us to support all of that through Publisher UI. However
> we are going to add all ESB endpoint support in next release. This is a
> known issue. Marking hand edited ones & not allowing them to be edited
> through Publisher UI is an option. But it can be argued either way.
>
>
>> If  we want to expose SOAP as REST API, we may need to edit API config or
>> add additional sequences. Basically API publisher is not much useful to
>> implement this. I guess it is ok to improve to do this type of common use
>> cases using API publisher?
>>
>
> Just using SOAP endpoint & sending the envelop in the body (without any
> custom modifications) does not work?
>

Yes.. sending complete SOAP message in to API can be done... I followed
this [1] (I guess we can add this blog in to API doc, if it is not there).
When POX message is used with the same expected body,  we just need to add
format="soap11" in to end point configurations. But i actually use
form-urlencoded format, therefore need to build the SOAP body and also need
to do the conversion in the out sequence.

[1]
http://charithaka.blogspot.com/2012/07/consuming-soap-service-using-wso2-api.html

Thanks.
Asela.


>
>
>>
>> Thanks,
>> Asela.
>>
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933
>>
>
>
>
> --
> /sumedha
> m: +94 773017743
> b :  bit.ly/sumedha
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] How to expose REST and consume SOAP BE using APIM

2013-09-25 Thread Asela Pathberiya

Hi all,

I tried to do this using APIM 1.4.0 and it works.  But is there any
recommend way to achieve this? Because I have come across several issues
while i am trying to do. Please let me know whether i am in the correct
path.

1. Create a API in the API publisher

2. Now i want to edit the API configuration to do some changes to support
for this use case.

3. In Publisher, there is not way to edit API config. so login to
management console. User has no permission to edit API config

4.  Login as admin user and edit it.  But it was also not successful...(May
be som issue in the XML UI editor)

5. Then file system is used. it works.

6. Need to add new sequence for API flow, it is not allow to do using
publisher and management console and need to use file system.

Are we recommend dev- studio for APIM ? sorry i did not try it

7. API is edited using publisher and all changes that i have done with API
config has been reverted.

If  we want to expose SOAP as REST API, we may need to edit API config or
add additional sequences. Basically API publisher is not much useful to
implement this. I guess it is ok to improve to do this type of common use
cases using API publisher?

Thanks,
Asela.

Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Please re-visit user core caching implementation in 4.2.0

2013-09-15 Thread Asela Pathberiya

Issue [2]

[2] https://wso2.org/jira/browse/IDENTITY-1841

Thanks,
Asela.



On Sun, Sep 15, 2013 at 12:52 PM, Asela Pathberiya  wrote:

> Hi IS team,
>
> I guess there are some place where we can fix and improve. try to do them
> for next release (4.5.1).  I think,  we have not properly tested permission
> caching implementation in 4.2.0
>
> 1. With some recent changes in permission caching; We have introduced a
> ghost resource. still we are not distributing the whole permission tree
> across nodes and we are not using it, then why we really need it?
>
> Due to this change, when servers are setup in distribute manner. Every
> call, whole permission tree is loaded from database. (but we are safe as we
> have authorization cache in top level)
>
> 2. Also with new changes, Permission tree maps are updated several times
> from databases even in single server instance, where it is actually not
> needed. you can just debug and see.
>
> 3. We can not set invalidation cache time out for authorization cache and
> user role caches [1]. It is 15min by default.
>
> Also,  once you implemented  caching,  please make sure to test and see
> whether it is working as you expected. Someone, please own this task and
> properly test and fix the things.
>
> [1] https://wso2.org/jira/browse/IDENTITY-1138
>
> Thanks,
> Asela.
>
>
> --
> Thanks & Regards,
> Asela
>
> ATL
> Mobile : +94 777 625 933
>



-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Please re-visit user core caching implementation in 4.2.0

2013-09-15 Thread Asela Pathberiya

Hi IS team,

I guess there are some place where we can fix and improve. try to do them
for next release (4.5.1).  I think,  we have not properly tested permission
caching implementation in 4.2.0

1. With some recent changes in permission caching; We have introduced a
ghost resource. still we are not distributing the whole permission tree
across nodes and we are not using it, then why we really need it?

Due to this change, when servers are setup in distribute manner. Every
call, whole permission tree is loaded from database. (but we are safe as we
have authorization cache in top level)

2. Also with new changes, Permission tree maps are updated several times
from databases even in single server instance, where it is actually not
needed. you can just debug and see.

3. We can not set invalidation cache time out for authorization cache and
user role caches [1]. It is 15min by default.

Also,  once you implemented  caching,  please make sure to test and see
whether it is working as you expected. Someone, please own this task and
properly test and fix the things.

[1] https://wso2.org/jira/browse/IDENTITY-1138

Thanks,
Asela.


-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Error while logging in as a tenant when user stores are shared

2013-09-12 Thread Asela Pathberiya

On Thu, Sep 12, 2013 at 2:34 PM, Amila De Silva  wrote:

> Hi,
>
> When testing SSO for tenants, using IS as the IDP, I shared the same user
> store between IS and  APIM. Before configuring SSO,I created a tenant
> test.com from APIM manager and tried logging in as that tenant's admin
> from IS. It gives the exception[1] when trying so. After debugging  into
> the ActivationHandler, it appeared that the tenant added from APIM is not
> picked by the ActivationManager as an active tenant.
>

This seems to be related to stratos service activation.  WSO2 Identity
Service has not been packed as an active service for test.com tenant. Is
there any way to enable services for tenants other than a web service api?
Or can we disable activation handler, if it is not used in this deployment.

Thanks,
Asela.


>
> I have attached the configurations for both APIM and IS.
>
> [1]
> 2013-09-12 13:39:33,426]  INFO
> {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  '
> ad...@test1.com [2]' logged in at [2013-09-12 13:39:33,426+0530]
> [2013-09-12 13:42:05,750]  WARN
> {org.wso2.carbon.activation.module.ActivationHandler} -  Failed attempt to
> access WSO2 Identity Server by tenant 2
> [2013-09-12 13:42:05,753] ERROR
> {org.wso2.carbon.redirector.servlet.ui.filters.AllPagesFilter} -  Error in
> checking the existing of the tenant domain: test1.com.
> org.apache.axis2.AxisFault: The input stream for an incoming message is
> null.
> at
> org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:93)
>  at
> org.apache.axis2.transport.TransportUtils.createSOAPMessage(TransportUtils.java:68)
> at
> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:346)
>  at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:413)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224)
>  at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
> at
> org.wso2.carbon.redirector.servlet.stub.RedirectorServletServiceStub.validateTenant(RedirectorServletServiceStub.java:190)
>  at
> org.wso2.carbon.redirector.servlet.ui.clients.RedirectorServletServiceClient.validateTenant(RedirectorServletServiceClient.java:88)
> at
> org.wso2.carbon.redirector.servlet.ui.filters.AllPagesFilter.doFilter(AllPagesFilter.java:91)
>  at
> org.eclipse.equinox.http.helper.FilterServletAdaptor.service(FilterServletAdaptor.java:37)
> at
> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
>  at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
>  at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
> at
> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
>  at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>  at
> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
>  at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
>  at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
>  at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>  at
> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178)
> at
> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
>  at
> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:62)
> at
> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
>  at
> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141)
> at
> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156)
>  at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
> at
> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52)
>  at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
>  at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
> at
> org.apache.coyote.Abstra

Re: [Dev] How to disable LDAP server in WSO2 ESB 4.0.3

2013-09-10 Thread Asela Pathberiya

Hi Abhijit,

By default WSO2 ESB 4.0.3  has been shipped, to connect with LDAP based
user store.  Therefore,  LDAP server is internally started in port 10389
(You can change the port using "carbon.xml" file which can be found at
/repository/conf directory).  If you disable the internal LDAP
server using "embedded-ldap.xml" file, WSO2 ESB could not connect to LDAP
based user store and you would see errors.  Therefore you need to disable
the LDAP user store from WSO2ESB. you could do it using "user-mgt.xml" file
which can be found at /repository/conf directory.
If you just go through the "user-mgt.xml" file, you would see that
 "org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager" configuration has
been uncommented (enabled) by default. Therefore you can comment it
(disable) and uncomment (enable)
"org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager" configuration.  Then
WSO2 ESB would try to connected to JDBC based user store. By default WSO2
ESB is shipped with H2 database that contains default schema to connect.
Now, you would be able to start ESB with JDBC user store. (Without internal
LDAP).  Also you can connect WSO2ESB to any external LDAP/AD by
doing proper configurations in user-mgt.xml file.

Thanks,
Asela.

On Wed, Sep 11, 2013 at 2:23 AM, Abhijit Diwan  wrote:

> Hi WSO2 Team
>
> We are trying to pass the Information Security review of our WSO2 ESB
> implementation. Looks like they do not like LDAP server being listening on
> the 10389.
>
> Is there way to Disable LDAP server which starts by defualt when WSO2 ESB
> is started?
>
> I found "embedded-ldap.xml" file in conf directory and there is switch
> enable LDAP but when I set "enable" property to false I start getting
> errors about User mgmt.
>
> Is thee a clean way to remove the LDAP and USer management from WSO2 4.0.3?
>
> thanks
>
> Abhijit
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>

-- 
Thanks & Regards,
Asela

ATL
Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Increasing the IS Integration test coverage

2013-09-06 Thread Asela Pathberiya

On Fri, Sep 6, 2013 at 12:20 PM, Chamath Gunawardana wrote:

>
>
>
> On Fri, Sep 6, 2013 at 12:07 PM, Krishantha Samaraweera <
> krishan...@wso2.com> wrote:
>
>> Hi Chamath,
>>
>> Yes you are correct. XPaths can only be used if there is no other
>> choice. We have introduced Page object repository and mapper.properties [1]
>> file to hold all page elements separately. With this model,  If there are
>> layout changes then changes to test case code will be minimal. However we
>> are still experimenting how to cater frequent UI changes with this model.
>>
>> BTW, I can do a quick introductory session for you guys to start with BE
>> test automation. Let me know about team availability.
>>
>> This would be great Krishantha. Unfortunately we cannot have all the team
> members since the team is on a rotational leave. However today we have the
> starting members Asela and Pushpalanka also several others.  Is it possible
> today? Also another session after 16th with remaining members? IS Team pls
> respond if you are able to make it today...
>
> Here is my +1 for today.
>

+1, I guess most of them are here today and if not, we could let others
know. so we can have it today.. (around 4.00 PM).

Thanks,
Asela.


>
>
> Thanks,
>> Krishantha.
>>
>> [1]
>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/4.2.0/platform-integration/test-automation-framework/4.2.0/org.wso2.carbon.automation.api/src/main/resources/mapper.properties
>>
>>
>>
>>
>> On Fri, Sep 6, 2013 at 11:39 AM, Chamath Gunawardana 
>> wrote:
>>
>>>
>>>
>>>
>>> On Fri, Sep 6, 2013 at 11:25 AM, Krishantha Samaraweera <
>>> krishan...@wso2.com> wrote:
>>>
 Hi,

 The UI integration module has also been added to IS 4.5.0 [1], you will
 find some test cases which can be used as a reference for starting UI
 scenarios.

 Let's focus on UI integration tests only if we cannot write BE test
 cases. IMO, we can start writing UI tests once we achieve good coverage
 though BE tests. And after finalizing with user and management views which
 is going to be a new feature in next release.

 Thanks Krishantha for the updates. Agree with you on first writing the
>>> BE integration tests.
>>> Also when writing UI tests we need to define the "Id" attribute for UI
>>> elements as and when required without using Xpaths in the tests. Since if
>>> we use Xpaths the test gets depend on the layout which will break if the
>>> layout changed.
>>>
>>> Thanks,
 Krishantha.

 [1]
 https://svn.wso2.org/repos/wso2/carbon/platform/branches/4.2.0/products/is/4.5.0/modules/integration/tests-ui/




 On Fri, Sep 6, 2013 at 10:46 AM, Johann Nallathamby wrote:

> Hi,
>
> This webinar [1] also might help to get a high level idea of our
> automation framework.
>
> [1]
> http://wso2.com/library/webinars/2013/04/wso2-test-automation-framework-approach-adoption
>
> Thanks,
> Johann.
>
>
> On Fri, Sep 6, 2013 at 10:34 AM, Chamath Gunawardana <
> chama...@wso2.com> wrote:
>
>> Hi,
>>
>> As we need to increase the integration test coverage of IS for the
>> next release we need identify the priority areas/critical paths that we
>> first need to be covered. Hence your input on this will greatly help.
>> Please pitch in..
>>
>> Please find below some resources and guidelines that you can get
>> familiar with before we start writing the tests next week.
>>
>> * Krishantha and the Automation team have already written IS tests
>> that we can refer to get started in [1].
>> * Please make your self familiar with automation framework and
>> guidelines on writing tests in [2] if not already.
>> * Use of the TestNG Annotations properly as Krishantha have mentioned
>> in another mail thread since this will avoid simultaneous test runs which
>> will cause tests to be fail. Also make sure you run the TestNG version
>> 6.1.1.
>> * Make server state consistent by cleaning the data after test.
>>
>> Also please find the IS integration test allocations in [3].
>>
>> [1] -
>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/4.2.0/products/is/4.5.0/modules/integration/src/test/java/org/wso2/identity/integration/tests
>>
>> [2] -
>> http://docs.wso2.org/display/TA100/Best+Practices+for+Writing+Integration+Tests
>>
>> [3] -
>> https://docs.google.com/a/wso2.com/spreadsheet/ccc?key=0AtS5Oii8ega9dEV4Qy05VVhoZ1Vkb2YzaHJWZGZJV3c#gid=1
>>
>>
>>
>> Thanks,
>> --
>> Best Regards,
>> Chamath Gunawardana
>> Technical Lead; WSO2 Inc.
>> Mobile : +94776322240
>>
>
>

>>>
>>>
>>> --
>>> Best Regards,
>>> Chamath Gunawardana
>>> Technical Lead; WSO2 Inc.
>>> Mobile : +94776322240
>>>
>>
>>
>
>
> --
> Best Regards,
> Chamath Gunawardana
> Technical Lead; WSO2 Inc.
> Mobile : +94776322240
>



-- 
Thanks & R

Re: [Dev] Creating and Manipulating assets with the system registry vs. the user registry

2013-08-26 Thread Asela Pathberiya

On Mon, Aug 26, 2013 at 11:57 AM, Senaka Fernando  wrote:

> Hi Asela et al,
>
> Are there any changes to permissions?
>

AFAIK, no changes in permission model..  I guess, only we have done some
changes in method implementation. I do not think that would effect this as
others are working fine.

Thanks,
Asela.


> Hi Nuwan, Sameera,
>
> We do not promote using the User Registry for Governance API operations.
> Eranda, I believe the same holds even for the LC-related operations right?
>
> Thanks,
> Senaka.
>
>
> On Mon, Aug 26, 2013 at 10:52 AM, Nuwan Bandara  wrote:
>
>> Hi Senaka/GReg team
>>
>> Can somebody shed some light on this matter. Its bit unclear why the
>> system registry cannot promote/demote but attach LCs.
>>
>> I do understand doing it via the User Registry is better (correct), but
>> curious why it fails in sys registry mode.
>>
>>
>> Regards,
>> /Nuwan
>>
>>
>> On Sun, Aug 25, 2013 at 9:16 PM, Sameera Medagammaddegedara <
>> samee...@wso2.com> wrote:
>>
>>> Hello Everyone,
>>>
>>> *Problem:*
>>>
>>> We have been using the system registry in order to create assets in the
>>> Governance Registry.Recently we integrated the registry life-cycles and
>>> noticed that although we were able to attach life-cycles, we were unable to
>>> promote/demote states using the system registry.
>>>
>>> We were presented with the following exception when attempting to
>>> perform promote actions:
>>> *
>>> *
>>> *"User does not have sufficient permissions to perform the action"*
>>>
>>> The use of a User Registry instance finally allowed us to perform the
>>> promote/demote actions.
>>>
>>> *Question:*
>>> What is the difference between the System Registry and User Registry
>>> that allows the former to create assets and attach life-cycles but not
>>> perform promote/demote actions?
>>>
>>> Thank You,
>>> Sameera
>>>
>>
>>
>>
>> --
>> *Thanks & Regards,
>>
>> Nuwan Bandara
>> Technical Lead; **WSO2 Inc. *
>> *lean . enterprise . middleware |  http://wso2.com *
>> *blog : http://nuwanbando.com; email: nu...@wso2.com; phone: +94 11 763
>> 9629
>> *
>> 
>>
>
>
>
> --
> * 
> *
> *
> *
> *Senaka Fernando*
> Senior Technical Lead; WSO2 Inc.; http://wso2.com*
> Member; Apache Software Foundation; http://apache.org
>
> E-mail: senaka AT wso2.com
> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
> Linked-In: http://linkedin.com/in/senakafernando
>
> *Lean . Enterprise . Middleware
>



-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS 4.5.0 pack from 4.2.0 branch for developer testing

2013-08-15 Thread Asela Pathberiya

On Fri, Aug 16, 2013 at 12:27 AM, Prabath Siriwardena wrote:

> Please do not use this pack for QA testing..
>
> Also - entitlement/my-pdp.jsp is missing.. Asela, please fix.. gives an
> error when you click My PDP/Policy
>

Sorry...  committed this..

Thanks,
Asela


>
>
> On Thu, Aug 15, 2013 at 11:51 PM, Venura Kahawala  wrote:
>
>> Please note that there is a known issue with the multiple user store
>> adding and editing from UI. Will be fixing that ASAP.
>>
>> Regards,
>> Venura
>>
>>
>> On Thu, Aug 15, 2013 at 11:38 PM, Prabath Siriwardena 
>> wrote:
>>
>>> Revision : 181277
>>>
>>>
>>> https://svn.wso2.org/repos/wso2/people/prabath/is-4.5.0/15082013/wso2is-4.5.0.zip
>>>
>>>
>>> Thanks & Regards,
>>> Prabath
>>>
>>> Mobile : +94 71 809 6732
>>>
>>> http://blog.facilelogin.com
>>> http://RampartFAQ.com
>>>
>>
>>
>>
>> --
>> Senior Software Engineer
>>
>> Mobile: +94 71 82 300 20
>>
>>
>
>
> --
> Thanks & Regards,
> Prabath
>
> Mobile : +94 71 809 6732
>
> http://blog.facilelogin.com
> http://RampartFAQ.com
>



-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Status of ESB 4.8.0 on kernal 4.2.0

2013-08-07 Thread Asela Pathberiya

There is no any API changes in user core interface... We have just modified
the method in Abstract class and same time we have done the fix in user.mgt
that is used that method.  you have not properly svn up and build it
properly...  this why you can see these errors.

Thanks,
Asela.


On Tue, Aug 6, 2013 at 5:30 PM, Jeewantha Dharmaparakrama <
jeewan...@wso2.com> wrote:

> Hi Folks,
>
> Following are the test results of the pack we built last Friday. The tests
> were run one by one since we cannot run all the tests in one go because
> many tests get skipped.
> However we noticed an API change on "org.wso2.carbon.user.core" hence
> almost all the tests were skiped on the pack we built today. Once the
> needful change is done on the test framework we could provide an ESB pack
> for QA.
>
>
>
> passed   failed skipped
>
> Server-Stratup
> -1   0  0
> Throttle-mediator-Test
> -6   1  0
> ProxyService-Test
> -  184  47  2
> Endpoint-Test
>  -   40   0  0
> LocalEntry-Test
> -8   0  0
> nhttp-Transport-Test
> -0   0  8
> Resource-MediaType-Test   -
> 4   0  0
> Rest-API-Test
>  -1   1  0
> Servlet-transport-Test
> -1   0  0
> VFS-transport-Test
> -   24   0  0
> Aggregate-mediator-Test -
> 38   1  0
> Cache-mediator-Test   -
> 2   0  0
> Call-mediator-Test
> -3   0  0
> CallOut-mediator-Test
> -9   0  0
> Clone-mediator-Test
> -   14   0  0
> ConditionalRouting-mediator-Test-
> 5   0  0
> Drop-mediator-Test
> -1   0  0
> Message-Store-Test
> -6   0  0
> Enrich-mediator-Test
> -   36   0  0
> Fault-mediator-Test
> -   30   0  0
> Filter-mediator-Test
> -4   0  0
> Header-mediator-Test  -
> 2   0  0
> In-mediator-Test
> -2   0  0
> Log-mediator-Test
> -1   0  0
> Out-mediator-Test
> -2   0  0
> JMS-transport-Test
> -   20   1  0
> Property-mediator-Test-
> 37   1  0
> PayloadFactory-mediator-Test -
> 13  0  0
> Rewrite-mediator-Test  -
> 60  0  0
> Router-mediator-Test   -
> 8  0  0
> Rule-mediator-Test  -
>   15  0  0
> Message-Processor-Test -
> 3  1  0
> Send-mediator-Test  -
>70  0  0
> Sequence-mediator-Test  -
> 2  0  0
> Switch-mediator-Test-
>12  0  0
> Validate-mediator-Test  -
>   11  0  0
> XQuery-mediator-Test   -
> 12  0  0
> XSLT-mediator-Test   -
> 7  0  0
> FastXSLT-mediator-Test-
> 3  0  0
> Class-mediator-Test  -
>5  0  0
> Iterate-mediator-Test
> -   31  0  0
> Spring-mediator-Test -
> 5  1  0
> Smook-mediator-Test-
>2  1  0
> Script-mediator-Test
> -   16  0  0
> ESB-Sample-Test
> - 32  0  0
> TCP-transport-Test
>   -  1  0  0
> POX-security-Test
>- 8  4 12
> Rest-JSON-Test
>   - 2  0  0
> CAR-Deployment
> - 0  0  7
> ScheduleTask-Test
> - 2  0  0
> Scenario-Test
> - 1  0  0
> GZIP-Compression-Test  -
>   6  0  0
>
> BR,
> Jeewantha
> --
> Jeewantha Dharmaparakrama
> Software Engineer; WSO2, Inc.; http://wso2.com/
> Phone : (+94) 774726790
> Skype : prasad.jeewantha
> LinkedIn : http://www.linkedin.com/in/jeewanthad
> Twitter: https://twitter.com/jeewamp
> Blog: http://jeewanthad.blogspot.com/
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] User core test failure

2013-08-06 Thread Asela Pathberiya

We can resolve this issue by taking svn up in kernel/trunk/distribut
ion/kernel/carbon-home/dbscripts.  Actually user core is using the carbon
database script that is shipped;  to run the unit test...

Thanks,
Asela.


On Wed, Aug 7, 2013 at 11:53 AM, Afkham Azeez  wrote:

>
> ---
> Test set: org.wso2.carbon.user.core.jdbc.AdvancedJDBCRealmTest
>
> ---
> Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 2.679 sec
> <<< FAILURE!
> testStuff(org.wso2.carbon.user.core.jdbc.AdvancedJDBCRealmTest)  Time
> elapsed: 2.619 sec  <<< ERROR!
> org.wso2.carbon.user.core.UserStoreException: Column "UM_SHARED_ROLE" not
> found; SQL statement:
> SELECT UM_ROLE_NAME, UM_TENANT_ID, UM_SHARED_ROLE FROM UM_ROLE WHERE
> UM_ROLE_NAME LIKE ? AND UM_TENANT_ID=? AND UM_SHARED_ROLE ='0' ORDER BY
> UM_ROLE_NAME [42122-140]
>  at
> org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.doGetRoleNames(JDBCUserStoreManager.java:471)
> at
> org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2355)
>  at
> org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2252)
> at
> org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(AbstractUserStoreManager.java:2245)
>  at
> org.wso2.carbon.user.core.jdbc.AdvancedJDBCRealmTest.doUserStuff(AdvancedJDBCRealmTest.java:250)
> at
> org.wso2.carbon.user.core.jdbc.AdvancedJDBCRealmTest.testStuff(AdvancedJDBCRealmTest.java:55)
> Caused by: org.h2.jdbc.JdbcSQLException: Column "UM_SHARED_ROLE" not
> found; SQL statement:
> SELECT UM_ROLE_NAME, UM_TENANT_ID, UM_SHARED_ROLE FROM UM_ROLE WHERE
> UM_ROLE_NAME LIKE ? AND UM_TENANT_ID=? AND UM_SHARED_ROLE ='0' ORDER BY
> UM_ROLE_NAME [42122-140]
>  at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
> at org.h2.message.DbException.get(DbException.java:167)
>  at org.h2.message.DbException.get(DbException.java:144)
> at org.h2.expression.ExpressionColumn.optimize(ExpressionColumn.java:127)
>  at org.h2.command.dml.Select.prepare(Select.java:738)
> at org.h2.command.Parser.prepare(Parser.java:202)
>  at org.h2.command.Parser.prepareCommand(Parser.java:214)
> at org.h2.engine.Session.prepareLocal(Session.java:434)
>  at org.h2.engine.Session.prepareCommand(Session.java:384)
> at org.h2.jdbc.JdbcConnection.prepareCommand(JdbcConnection.java:1071)
>  at
> org.h2.jdbc.JdbcPreparedStatement.(JdbcPreparedStatement.java:71)
> at org.h2.jdbc.JdbcConnection.prepareStatement(JdbcConnection.java:234)
>  at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>  at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.tomcat.jdbc.pool.ProxyConnection.invoke(ProxyConnection.java:126)
>  at
> org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109)
> at
> org.wso2.carbon.ndatasource.rdbms.ConnectionRollbackOnReturnInterceptor.invoke(ConnectionRollbackOnReturnInterceptor.java:51)
>  at
> org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109)
> at
> org.apache.tomcat.jdbc.pool.interceptor.AbstractCreateStatementInterceptor.invoke(AbstractCreateStatementInterceptor.java:67)
>  at
> org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109)
> at
> org.apache.tomcat.jdbc.pool.interceptor.ConnectionState.invoke(ConnectionState.java:153)
>  at
> org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109)
> at org.apache.tomcat.jdbc.pool.TrapException.invoke(TrapException.java:41)
>  at
> org.apache.tomcat.jdbc.pool.JdbcInterceptor.invoke(JdbcInterceptor.java:109)
> at
> org.apache.tomcat.jdbc.pool.DisposableConnectionFacade.invoke(DisposableConnectionFacade.java:80)
>  at com.sun.proxy.$Proxy1.prepareStatement(Unknown Source)
> at
> org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.doGetRoleNames(JDBCUserStoreManager.java:434)
>  ... 33 more
>
>
> --
> *Afkham Azeez*
> Director of Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * **
> email: **az...@wso2.com* * cell: +94 77 3320919
> blog: **http://blog.afkham.org* *
> twitter: **http://twitter.com/afkham_azeez*
> *
> linked-in: **http://lk.linkedin.com/in/afkhamazeez*
> *
> *
> *Lean . Enterprise . Middleware*
>



-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Error when login to the GReg

2013-08-06 Thread Asela Pathberiya

Please check whether you have build the user.mgt properly. we can not see
such issue in packs from builder machine. Also there is no any user core
API change..  only Abstract class method has been changed.

Thanks,
Asela.


On Wed, Aug 7, 2013 at 11:25 AM, Lasith Chandrasekara wrote:

> Hi,
>
> I am getting following error when loging to the GReg (svn up - yesterday
> evening).
> This is related to the mail "[Dev] Cant create user role due to Api change
> in user-core"
>
> Regards,
> Lasith.
>
>
>
> [2013-08-07 11:24:01,667] ERROR
> {org.apache.axis2.rpc.receivers.RPCMessageReceiver} -
> org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(Ljava/lang/String;IZ)[Ljava/lan
> g/String;
> java.lang.reflect.InvocationTargetException
> at sun.reflect.GeneratedMethodAccessor78.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
> at
> org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
> at
> org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
> at
> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
> at
> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169)
> at
> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82)
> at
> org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45)
> at
> org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:398)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
> at
> org.wso2.carbon.user.mgt.stub.UserAdminStub.getRolesOfCurrentUser(UserAdminStub.java:4489)
> at
> org.wso2.carbon.governance.notifications.ui.worklist.HumanTaskClient.getRoles(HumanTaskClient.java:146)
> at
> org.apache.jsp.worklist.header_jsp._jspService(org.apache.jsp.worklist.header_jsp:75)
> at
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
> at
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:403)
> at
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:492)
> at
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:378)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
> at
> org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
> at
> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
> at
> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
> at
> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
> at
> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
> at
> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:749)
> at
> org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:605)
> at
> org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:544)
> at
> org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:37)
> at
> org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.include(ContextPathServletAdaptor.java:369)
> at
> org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:1015)
> at
> org.apache.jsp.admin.layout.header_jsp._jspService(org.apache

Re: [Dev] Identity Server 4.5.0 release plan - Fixing jiras

2013-08-06 Thread Asela Pathberiya

Hi All,

Now we have around 300 open bugs [1] in Identity server and there are only
39 L1s [1] and 94 L2s [2] .  I guess, we could get the L1s to around zero
and bugs counts to less than 200  before end of this week.

[1] https://wso2.org/jira/issues/?filter=11230

[2] https://wso2.org/jira/issues/?filter=11218

[3] https://wso2.org/jira/issues/?filter=11228

Thanks,
Asela.



On Fri, Aug 2, 2013 at 11:28 AM, Asela Pathberiya  wrote:

> Hi All,
>
> As the 1st step,  we have reviewed all L1s that have been reported.  We
> could close most of the L1s as they are already fixed.  This [1] are L1s
> that we are looking to fix next few days; probably before next week... All
> User management related L1s are tried to fix asap. User management issues
> must be fixed before kernel release. I and Darshana are working on those.
>  We will review all L2s and L3s on next week and prioritize them for the
> release.
>
> Also, we are hoping add samples for this release with respect to Identity
> server features.  Still there are not shipped with Identity distribution.
>  But you can find from here [2].  Therefore when QA is being done,  Please
> verify with these samples also.  We need to complete all these samples
> asap.. then QA team can verify the features properly.
>
> Following are the sample that we are hoping to add and most of the them
> are already done, but we need to finalize them
>
> 1. Identity management web app (web app contains self registration,
> account recovery, password recovery features)---   Chamath
> 2. OpenID web app  -- Suresh
> 3. OpenID connect and OAuth web app  Suresh
> 4. STS  client - Dualnja
> 5. XACML  client - Asela
> 6. SCIM -- Suresh (This is already done by Hasini)
> 7. User management client - Asela
> 8. Custom authenicator sample for SSO - Dulanja
>
> We will update with the progress.
>
> [1] https://wso2.org/jira/issues/?filter=11218
> [2]
> https://svn.wso2.org/repos/wso2/carbon/platform/trunk/products/is/modules/samples/
>
> Thanks,
> Asela.
>
> --
> Thanks & Regards,
> Asela
>
> Mobile : +94 777 625 933
>



-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Cant create user role due to Api change in user-core

2013-08-06 Thread Asela Pathberiya

I guess  "org.wso2.carbon.user.mgt" has not been updated properly.  Because
"AbstractUserStoreManager" is called by it and we did the changes of "
org.wso2.carbon.user.mgt" in trunk.

Thanks,
Asela.


On Tue, Aug 6, 2013 at 6:50 PM, Nuwan Wimalasekara  wrote:

> Hi IS Team,
> Due to the above issue server failed to create a user role from UI too.
> Please have a look at above issue.
>
> Thanks,
> Nuwanw
>
>
> On Tue, Aug 6, 2013 at 5:54 PM, Jeewantha Dharmaparakrama <
> jeewan...@wso2.com> wrote:
>
>> Hi,
>>
>> $subject. Due to this almost all the ESB integration tests are getting
>> skipped.
>>
>> [2013-08-06 17:40:58,935] ERROR - RPCMessageReceiver
>> org.wso2.carbon.user.core.common.AbstractUserStoreManager.getRoleNames(Ljava/lang/String;IZ)[Ljava/lang/String;
>> java.lang.reflect.InvocationTargetException
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>> at
>> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
>> at
>> org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
>> at
>> org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
>> at
>> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
>> at
>> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169)
>> at
>> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82)
>> at
>> org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45)
>> at
>> org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77)
>> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
>> at
>> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:398)
>> at
>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224)
>> at
>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
>> at
>> org.wso2.carbon.user.mgt.stub.UserAdminStub.getAllRolesNames(UserAdminStub.java:5707)
>> at
>> org.wso2.carbon.user.mgt.ui.UserAdminClient.getAllRolesNames(UserAdminClient.java:136)
>> at
>> org.apache.jsp.role.role_002dmgt_jsp._jspService(org.apache.jsp.role.role_002dmgt_jsp:230)
>> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:111)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>> at
>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:403)
>> at
>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:492)
>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:378)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
>> at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>> at
>> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
>> at
>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
>> at
>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
>> at
>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>> at
>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:749)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:605)
>> at
>> org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:544)
>> at
>> org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:37)
>> at
>> org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.include(ContextPathServletAdaptor.java:369)
>> at
>> org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:1015)
>> at
>> org.apache.jasper.runtime.P

Re: [Dev] [AS 5.2.0] null point exception issue

2013-08-06 Thread Asela Pathberiya

I guess, There are already fixed..  Could you please verify with the
Identity server pack that shared today morning?  I think,  when AS packs
are built, user core commits have not been done completely. This may have
caused for issues.

Thanks,
Asela.


On Tue, Aug 6, 2013 at 2:39 PM, Suneth Ranasinghe  wrote:

>
> Hi,
>
> We have observed an issue in user management with the latest AS pack,
> which throws an null point exception once the super admin user tries to
> change password, assign roles, view roles from the user list. This is a
> blocking issue in the context of users and roles creation testing
> scenarios. Please look in to following JIRA's regarding that.
>
> https://wso2.org/jira/browse/IDENTITY-1511
> https://wso2.org/jira/browse/IDENTITY-1512
>
>
> Regards,
>
> --
> Suneth Ranasinghe
> Senior Software Engineer - QA
> Mobile: +94717387198
> *
> *
> wso2.com
> Lean Enterprise Middleware
>



-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Anonymous users can read any admin resource.

2013-08-05 Thread Asela Pathberiya

Thanks for pointing this...  Fixed this issue with r179806

Thanks,
Asela.


On Mon, Aug 5, 2013 at 7:04 AM, Ajith Vitharana  wrote:

> Hi All,
>
> I have noticed  the $subject in the latest packs.
>
> i) Logging as admin an upload a text file.
> ii) Logout and access the resource
>
> eg :  https://localhost:9443/registry/resource/_system/governance/abc.txt
>
> Thanks
> Ajith.
> --
> Ajith Vitharana.
> WSO2 Inc. - http://wso2.org
> Email  :  aji...@wso2.com
> Mobile : +94772217350
>
>


-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Build failure at Identity

2013-08-05 Thread Asela Pathberiya

Fixed with r179805.


On Mon, Aug 5, 2013 at 1:46 PM, Shelan Perera  wrote:

> Hi,
>
> Could you please have a look.
>
> BUILD FAILURE
> [INFO]
> 
> [INFO] Total time: 5.680s
> [INFO] Finished at: Mon Aug 05 13:44:08 IST 2013
> [INFO] Final Memory: 38M/618M
> [INFO]
> 
> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-compiler-plugin:2.3.2:compile
> (default-compile) on project org.wso2.carbon.identity.entitlement:
> Compilation failure
> [ERROR]
> /home/shelan/wso2/trunk/carbon/new-platform/trunk/components/identity/org.wso2.carbon.identity.entitlement/src/main/java/org/wso2/carbon/identity/entitlement/pap/CarbonEntitlementDataFinder.java:[101,78]
> cannot find symbol
> [ERROR] symbol  : method getRoleNames(java.lang.String,int,boolean)
> [ERROR] location: class
> org.wso2.carbon.user.core.common.AbstractUserStoreManager
>
>
> --
> *Shelan Perera*
>
> Senior Software Engineer
> **
> Integration Technology Group
> *WSO2, Inc. : wso2.com*
> lean.enterprise.middleware.
>
> *Blog* :   blog.shelan.org
> *Linked-i*n  :   http://www.linkedin.com/pub/shelan-perera/a/194/465
> *Twitter* :https://twitter.com/#!/shelan
>
> *Mobile*  : +94 772 604 402
>
>


-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Compilation Failure - user.mgt

2013-08-04 Thread Asela Pathberiya

This has been fixed...  need to svn up user.core and user.mgt

Thanks,
Asela.


On Mon, Aug 5, 2013 at 11:12 AM, Vijitha Kumara  wrote:

>
> FYI (on r179784). This seems to be a result of r179783
>
>
> [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-compiler-plugin:2.3.2:compile
> (default-compile) on project org.wso2.carbon.user.mgt: Compilation failure
> [ERROR]
> /home/vijitha/Src-Repo/carbon/platform/trunk/components/user-manager/org.wso2.carbon.user.mgt/src/main/java/org/wso2/carbon/user/mgt/UserRealmProxy.java:[2052,46]
> cannot find symbol
> [ERROR] symbol  : variable SHARED_DOMAIN_NAME
> [ERROR] location: class org.wso2.carbon.user.core.UserCoreConstants
> [ERROR] -> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with the
> -e switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions,
> please read the following articles:
> [ERROR] [Help 1]
> http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
> [ERROR]
> [ERROR] After correcting the problems, you can resume the build with the
> command
> [ERROR]   mvn  -rf :org.wso2.carbon.user.mgt
>
>
>
>
>
>
>
> --
> Vijitha Kumara
> Senior Software Engineer; WSO2, Inc.;  http://wso2.com/
> email: viji...@wso2.com
>
>
> Lean . Enterprise . Middleware
>



-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Error while authorizing system anonymous role against registry resources after setting permissions correctly

2013-08-01 Thread Asela Pathberiya

+1 AFAIK,  here idea was to not to create this anonymous, system user and
roles in user store...  Because user store can be an external AD,  LDAP or
custom JDBC user store, It is not good to create users in external user
store  Therefore it is planed to keep them in separate table inside
user management database.  Therefore to uniquely identify the these roles
and users from other users from stores,  "system" prefix has been added.  I
guess, it is fine...  However, if we are running carbon with respect to an
old user management database,  I guess you need to update the "
wso2.anonymous.role" role name in to "system/wso2.anonymous.role" in
UM_ROLE _PERMISSION table.  Could you please verify this also...  then we
can add this to migration docs.  This what,  i got in to my mind... , If
there any concerns or improvements regarding this, please let know...

Thanks,
Asela


On Fri, Aug 2, 2013 at 10:56 AM, Lalaji Sureshika  wrote:

> Hi,
>
> Due to $subject ,APIStore anonymous view is broken and no APIs shown..
> To fix this,after talk to Asela, I did the change as r179591,but still
> APIStore is having the same problem.
>
> When debugging the code,found in the method
> of updatePermissionTreeFromDB() in PermissionTree class,its referring the
> role names with domains as below.
>
> String roleWithDomain = UserCoreUtil.addDomainToName(roleName, domain);
> roleWithDomain = roleWithDomain.toLowerCase();
> if (allow == UserCoreConstants.ALLOW) {
>* tree.authorizeRoleInTree(roleWithDomain,
> rs.getString(2), rs.getString(4), false);*
> } else {
>* tree.denyRoleInTree(roleWithDomain, rs.getString(2),
> rs.getString(4), false);*
> }
>
> And the wso2 anonymous role ,has referred as "*system/wso2.anonymous.role*"
> from above code block, when setting authorization per anonymous role in
> permission tree.
>
> When we implicitly try to authorize existing anonymous role name['*
> wso2.anonymous.role*'] from our code block ,it failed..
>
> As the solution if we changed the anonymous.role value defined in
> CarbonConstants class [the constant referring from our code blocks] as
> below diff,the above will fixed.
>
> -public static final String REGISTRY_ANONNYMOUS_ROLE_NAME = "*
> wso2.anonymous.role*";
> +public static final String REGISTRY_ANONNYMOUS_ROLE_NAME = "*
> system/wso2.anonymous.role*";
>
> Shall I proceed with this change?
>
> Thanks;
>
>
>
> --
> Lalaji Sureshika
> WSO2, Inc.;  http://wso2.com/
> email: lal...@wso2.com; cell: +94 71 608 6811
> blog: http://lalajisureshika.blogspot.com
>
>


-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Identity Server 4.5.0 release plan - Fixing jiras

2013-08-01 Thread Asela Pathberiya

Hi All,

As the 1st step,  we have reviewed all L1s that have been reported.  We
could close most of the L1s as they are already fixed.  This [1] are L1s
that we are looking to fix next few days; probably before next week... All
User management related L1s are tried to fix asap. User management issues
must be fixed before kernel release. I and Darshana are working on those.
 We will review all L2s and L3s on next week and prioritize them for the
release.

Also, we are hoping add samples for this release with respect to Identity
server features.  Still there are not shipped with Identity distribution.
 But you can find from here [2].  Therefore when QA is being done,  Please
verify with these samples also.  We need to complete all these samples
asap.. then QA team can verify the features properly.

Following are the sample that we are hoping to add and most of the them are
already done, but we need to finalize them

1. Identity management web app (web app contains self registration, account
recovery, password recovery features)---   Chamath
2. OpenID web app  -- Suresh
3. OpenID connect and OAuth web app  Suresh
4. STS  client - Dualnja
5. XACML  client - Asela
6. SCIM -- Suresh (This is already done by Hasini)
7. User management client - Asela
8. Custom authenicator sample for SSO - Dulanja

We will update with the progress.

[1] https://wso2.org/jira/issues/?filter=11218
[2]
https://svn.wso2.org/repos/wso2/carbon/platform/trunk/products/is/modules/samples/

Thanks,
Asela.

-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] IS 4.5.0 Release Testing

2013-08-01 Thread Asela Pathberiya

This issue, only occurred when there is a login failure..  It seems to that
carbon.ui component is trying to call logout... when there is
login failure..  This is invalid... I guess, Pradeep is looking in to
this...  However,  i guess you can carry out the testing... when this error
is seen, it means that it is a login failure.

Thanks,
Asela.

On Thu, Aug 1, 2013 at 5:19 PM, Suneth Ranasinghe  wrote:

> Hi IS team,
>
> Following issue has blocked carrying out tests on "Recover with secret
> questions" scenarios. Please do the needful to fix the issue asap.
>
> https://wso2.org/jira/browse/IDENTITY-1472
>
> Regards,
> --
> Suneth Ranasinghe
> Senior Software Engineer - QA
> Mobile: +94717387198
> *
> *
> wso2.com
> Lean Enterprise Middleware
>

-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Latest version of balana

2013-07-31 Thread Asela Pathberiya

Hi Scott,

Thanks for reporting this  We have fixed this issue Please svn up
and try to build with test..

Thanks,
Asela.


On Wed, Jul 31, 2013 at 8:19 PM, Scott Came  wrote:

>  Hi Asela.
>
> ** **
>
> I just did a checkout from svn URL [1], and it compiles ok, but I get a
> unit test failure:
>
> ** **
>
> SEVERE: Error while reading expected response from file 
>
> java.io.FileNotFoundException:
> /Users/scott/tmp/balana-trunk/balana/modules/balana-core/src/test/resources/advance/3/requests/request_0002_01.xml
> (No such file or directory)
>
> at java.io.FileInputStream.open(Native Method)
>
> at java.io.FileInputStream.(FileInputStream.java:120)
>
> at java.io.FileInputStream.(FileInputStream.java:79)
>
> at org.wso2.balana.TestUtil.createRequest(TestUtil.java:292)
>
> at
> org.wso2.balana.advance.AdvanceTestV3.testAdvanceTest0001(AdvanceTestV3.java:69)
> 
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 
>
> at java.lang.reflect.Method.invoke(Method.java:597)
>
> at junit.framework.TestCase.runTest(TestCase.java:168)
>
> at junit.framework.TestCase.runBare(TestCase.java:134)
>
> at junit.framework.TestResult$1.protect(TestResult.java:110)
>
> at junit.framework.TestResult.runProtected(TestResult.java:128)***
> *
>
> at junit.framework.TestResult.run(TestResult.java:113)
>
> at junit.framework.TestCase.run(TestCase.java:124)
>
> at junit.framework.TestSuite.runTest(TestSuite.java:243)
>
> at junit.framework.TestSuite.run(TestSuite.java:238)
>
> at junit.framework.TestSuite.runTest(TestSuite.java:243)
>
> at junit.framework.TestSuite.run(TestSuite.java:238)
>
> at
> org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:83)
> 
>
> at
> org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:53)
> 
>
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:119)
> 
>
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:101)
> 
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 
>
> at java.lang.reflect.Method.invoke(Method.java:597)
>
> at
> org.apache.maven.surefire.booter.ProviderFactory$ClassLoaderProxy.invoke(ProviderFactory.java:103)
> 
>
> at com.sun.proxy.$Proxy0.invoke(Unknown Source)
>
> at
> org.apache.maven.surefire.booter.SurefireStarter.invokeProvider(SurefireStarter.java:150)
> 
>
> at
> org.apache.maven.surefire.booter.SurefireStarter.runSuitesInProcess(SurefireStarter.java:91)
> 
>
>     at
> org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:69)**
> **
>
> ** **
>
> Looks like maybe a test request file, needed to support this test, hasn’t
> been checked in?
>
> ** **
>
> Other ideas?
>
> ** **
>
> Thanks.
>
> --Scott
>
> ** **
>
> *From:* Asela Pathberiya [mailto:as...@wso2.com]
> *Sent:* Tuesday, July 30, 2013 7:07 PM
> *To:* Scott Came
> *Cc:* dev@wso2.org
> *Subject:* Re: [Dev] Latest version of balana
>
> ** **
>
> Hi Scott,
>
> ** **
>
> Thanks for interesting in WSO2 Balana.  Correct link for Balana
> implementation is this [1].  This is maintained under WSO2 commons projects
> [2] which basically can be used as independent libraries.   Balana is used
> by WSO2 Identity server. Therefore when we are releasing a product,  Balana
> is branched in to carbon svn.  But both in carbon trunk [3] and commons
> trunk [1] Balana sources are in sync (normally svn externals are used)  **
> **
>
> ** **
>
> There is no some thing called  "asela" version... Actually it is some
> older Balana source that i have personally branched for some testing
> purpose under the svn of my name. Sorry for confusion,  i will remove it.
>  Still Balana is created as OSGI bundle. Actually, if you look through svn
> [1] more ca

Re: [Dev] Cannot Login to the product build

2013-07-30 Thread Asela Pathberiya

This issue has been created with r179308 commit... However I have fixed it
now.

Thanks,
Asela.


On Wed, Jul 31, 2013 at 10:04 AM, Shelan Perera  wrote:

> Revision is 179362.
>
> Thanks
>
>
>
> On Wed, Jul 31, 2013 at 10:03 AM, Shelan Perera  wrote:
>
>> Kernel revision : 179359
>>
>>
>> sole URL  : https://10.100.1.82:9443/carbon/
>> [2013-07-31 09:59:49,970] ERROR
>> {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} -
>>  System error while Authenticating/Authorizing User : Authentication failed
>> - System error occurred. Tenant domain name is reserved.
>> org.wso2.carbon.core.services.authentication.AuthenticationFailureException:
>> Authentication failed - System error occurred. Tenant domain name is
>> reserved.
>> at
>> org.wso2.carbon.core.services.authentication.AuthenticationAdmin.login(AuthenticationAdmin.java:80)
>>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>  at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:597)
>>  at
>> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
>> at
>> org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
>>  at
>> org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
>> at
>> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
>>  at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
>> at
>> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169)
>>  at
>> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82)
>> at
>> org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45)
>>  at
>> org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77)
>> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
>>  at
>> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:398)
>> at
>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.j
>>
>> --
>> *Shelan Perera*
>>
>> Senior Software Engineer
>> **
>> Integration Technology Group
>> *WSO2, Inc. : wso2.com*
>> lean.enterprise.middleware.
>>
>> *Blog* :   blog.shelan.org
>> *Linked-i*n  :   http://www.linkedin.com/pub/shelan-perera/a/194/465
>> *Twitter* :https://twitter.com/#!/shelan
>>
>> *Mobile*  : +94 772 604 402
>>
>>
>
>
> --
> *Shelan Perera*
>
> Senior Software Engineer
> **
> Integration Technology Group
> *WSO2, Inc. : wso2.com*
> lean.enterprise.middleware.
>
> *Blog* :   blog.shelan.org
> *Linked-i*n  :   http://www.linkedin.com/pub/shelan-perera/a/194/465
> *Twitter* :https://twitter.com/#!/shelan
>
> *Mobile*  : +94 772 604 402
>
>


-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Latest version of balana

2013-07-30 Thread Asela Pathberiya

Hi Scott,

Thanks for interesting in WSO2 Balana.  Correct link for Balana
implementation is this [1].  This is maintained under WSO2 commons projects
[2] which basically can be used as independent libraries.   Balana is used
by WSO2 Identity server. Therefore when we are releasing a product,  Balana
is branched in to carbon svn.  But both in carbon trunk [3] and commons
trunk [1] Balana sources are in sync (normally svn externals are used)

There is no some thing called  "asela" version... Actually it is some older
Balana source that i have personally branched for some testing purpose
under the svn of my name. Sorry for confusion,  i will remove it.  Still
Balana is created as OSGI bundle. Actually, if you look through svn [1]
more carefully, you can find that the actually pom files that are inside
the sub directories of module directory.

[1] https://svn.wso2.org/repos/wso2/trunk/commons/balana/
[2] https://svn.wso2.org/repos/wso2/trunk/commons/
[3]
http://svn.wso2.org/repos/wso2/carbon/platform/trunk/dependencies/commons/balana/1.0.0-wso2v6/

Thanks,
Asela.

On Wed, Jul 31, 2013 at 6:54 AM, Scott Came  wrote:

>  Hello…
>
> ** **
>
> Is the current source for balana maintained at
> http://svn.wso2.org/repos/wso2/people/asela/balana/ or
> http://svn.wso2.org/repos/wso2/carbon/platform/trunk/dependencies/commons/balana/1.0.0-wso2v6/?
>   It appears that the source under the first link hasn’t been updated in a
> year or so, while the second link (and the other wso2v’s) has more recent
> updates.  But I wanted to ask to be sure.
>
> ** **
>
> Also, in the “asela” version (first link above), the pom supports building
> balana as a standalone OSGi bundle.  However, the pom under the platform
> trunk no longer supports that.  Is there any reason, though, why the
> balana/1.0.0-wso2v6 version wouldn’t build as an OSGi bundle (assuming I
> made the appropriate changes to the pom)?
>
> ** **
>
> Thanks.
>
> --Scott
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>

-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Carbon 4.2.0] - "org.apache.tomcat.jdbc.pool.PoolExhaustedException" thrown when login to admin console with some tenants

2013-07-30 Thread Asela Pathberiya

It seems to be that issue is generated when we have configure multiple user
stores for tenants.. We have identified the possible cause for issue...
 Darshana has provided a patch Please verify this in next build

Thanks,
Asela.


On Tue, Jul 30, 2013 at 4:15 PM, Shashika Ubhayaratne wrote:

> Hi,
>
> We observed below exception while accessing admin console with some
> tenants (randomly happens). Once that issue occurred, other tenants also
> can not login until restart.
>
> Such tenant not able to login to Admin Console even after restarts.
>
> Refer Issue [1] for more detils:
> [1]: https://wso2.org/jira/browse/CARBON-14253
>
>
> ***
> TID: [0] [AS] [2013-07-30 14:43:23,491] ERROR
> {org.wso2.carbon.user.core.tenant.TenantManager} -  Error in getting the
> tenant with tenant id: 2. {org.wso2.carbon.user.core.tenant.TenantManager}
> TID: [0] [AS] [2013-07-30 14:43:23,492] ERROR
> {org.wso2.carbon.user.core.common.DefaultRealmService} -
>  org.apache.tomcat.jdbc.pool.PoolExhaustedException:
> [http-nio-9443-exec-23] Timeout: Pool empty. Unable to fetch a connection
> in 60 seconds, none available[size:50; busy:50; idle:0; lastwait:6].
> {org.wso2.carbon.user.core.common.DefaultRealmService}
> org.wso2.carbon.user.core.UserStoreException:
> org.apache.tomcat.jdbc.pool.PoolExhaustedException: [http-nio-9443-exec-23]
> Timeout: Pool empty. Unable to fetch a connection in 60 seconds, none
> available[size:50; busy:50; idle:0; lastwait:6].
>  at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:218)
> at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:49)
>  at
> org.wso2.carbon.user.core.common.DefaultRealmService.getTenantUserRealm(DefaultRealmService.java:159)
> at
> org.wso2.carbon.user.core.common.UserStoreDeploymentManager.deploy(UserStoreDeploymentManager.java:57)
>  at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.setAvailableSecondaryUserStores(JDBCTenantManager.java:556)
> at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:202)
>  at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:49)
> at
> org.wso2.carbon.user.core.common.DefaultRealmService.getTenantUserRealm(DefaultRealmService.java:159)
>  at
> org.wso2.carbon.user.core.common.UserStoreDeploymentManager.deploy(UserStoreDeploymentManager.java:57)
> at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.setAvailableSecondaryUserStores(JDBCTenantManager.java:556)
>  at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:202)
> at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:49)
>  at
> org.wso2.carbon.user.core.common.DefaultRealmService.getTenantUserRealm(DefaultRealmService.java:159)
> at
> org.wso2.carbon.user.core.common.UserStoreDeploymentManager.deploy(UserStoreDeploymentManager.java:57)
>  at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.setAvailableSecondaryUserStores(JDBCTenantManager.java:556)
> at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:202)
>  at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:49)
> at
> org.wso2.carbon.user.core.common.DefaultRealmService.getTenantUserRealm(DefaultRealmService.java:159)
>  at
> org.wso2.carbon.user.core.common.UserStoreDeploymentManager.deploy(UserStoreDeploymentManager.java:57)
> at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.setAvailableSecondaryUserStores(JDBCTenantManager.java:556)
>  at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:202)
> at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:49)
>  at
> org.wso2.carbon.user.core.common.DefaultRealmService.getTenantUserRealm(DefaultRealmService.java:159)
> at
> org.wso2.carbon.user.core.common.UserStoreDeploymentManager.deploy(UserStoreDeploymentManager.java:57)
>  at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.setAvailableSecondaryUserStores(JDBCTenantManager.java:556)
> at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:202)
>  at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.getTenant(JDBCTenantManager.java:49)
> at
> org.wso2.carbon.user.core.common.DefaultRealmService.getTenantUserRealm(DefaultRealmService.java:159)
>  at
> org.wso2.carbon.user.core.common.UserStoreDeploymentManager.deploy(UserStoreDeploymentManager.java:57)
> at
> org.wso2.carbon.user.core.tenant.JDBCTenantManager.setAvailableSecondaryUserStores(JDBCTenantManager.java:556)
>  at
> org.wso2.carbon.user.core.tenant.JDBC

Re: [Dev] Admin Login Error - org.wso2.carbon.registry.core.exceptions.ResourceNotFoundException: Resource does not exist at path /_system/governance/permission/

2013-07-29 Thread Asela Pathberiya

Fixed  as user-mgt has been removed from kernel. Permission collection
" /_system/governance/permission/" is not populated in kernel level.. which
is also not required... therefore read permissions directly from db.

Thanks,
Asela.


On Mon, Jul 29, 2013 at 3:01 PM, Shameera Rathnayaka wrote:

> Hi IS team,
>
> This is a blocker for testing, Please have a look and fix this ASAP.
>
> Thanks,
> Shameera.
>
>
> On Mon, Jul 29, 2013 at 2:39 PM, Manoj Kumara  wrote:
>
>> Hi,
>>
>> I build the latest kernel trunk. I also get the same error.
>>
>>  Thanks,
>> Manoj
>>
>> Best Regards..
>>
>>
>> Manoj Kumara
>> Software Engineer
>> WSO2, Inc.; http://wso2.com
>>
>> Twitter:  http://twitter.com/ManKuma
>> Mobile: +94713448188
>>
>>
>> On Mon, Jul 29, 2013 at 1:47 PM, Ayashkantha Ramasinghe <
>> ayashkan...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> I am getting foloowing error, $subject, while going to log-in to the
>>> fresh BAM pack. I tried by pointing the DB to mysql and disable caching of
>>> registry.xml. But, those fixes didn't work.
>>>
>>> [2013-07-29 13:38:54,405] ERROR
>>> {org.wso2.carbon.core.services.authentication.AuthenticationAdmin} -
>>> org.wso2.carbon.registry.core.exceptions.ResourceNotFoundException:
>>> Resource does not exist at path /_system/governance/permission/
>>> [2013-07-29 13:38:54,405] ERROR
>>> {org.apache.axis2.rpc.receivers.RPCMessageReceiver} -  Resource does not
>>> exist at path /_system/governance/permission/
>>> java.lang.reflect.InvocationTargetException
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>> at
>>> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:178)
>>> at
>>> org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:117)
>>> at
>>> org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
>>> at
>>> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110)
>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
>>> at
>>> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169)
>>> at
>>> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82)
>>> at
>>> org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45)
>>> at
>>> org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77)
>>> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
>>> at
>>> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:398)
>>> at
>>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:224)
>>> at
>>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
>>> at
>>> org.wso2.carbon.core.commons.stub.loggeduserinfo.LoggedUserInfoAdminStub.getUserInfo(LoggedUserInfoAdminStub.java:187)
>>> at
>>> org.wso2.carbon.ui.AbstractCarbonUIAuthenticator.setUserAuthorizationInfo(AbstractCarbonUIAuthenticator.java:460)
>>> at
>>> org.wso2.carbon.ui.AbstractCarbonUIAuthenticator.handleSecurity(AbstractCarbonUIAuthenticator.java:230)
>>> at
>>> org.wso2.carbon.ui.BasicAuthUIAuthenticator.authenticate(BasicAuthUIAuthenticator.java:77)
>>> at
>>> org.wso2.carbon.ui.CarbonUILoginUtil.handleLogin(CarbonUILoginUtil.java:342)
>>> at
>>> org.wso2.carbon.ui.CarbonSecuredHttpContext.handleSecurity(CarbonSecuredHttpContext.java:246)
>>> at
>>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:60)
>>> at
>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
>>> at
>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
>>> at
>>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>> at
>>> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
>>> at
>>> org.apache.catalina.core.StandardWrapperValve.inv

Re: [Dev] CurrentSession.getUser() returns "PRIMARY/admin".

2013-07-26 Thread Asela Pathberiya

Removed the "PRIMARY" prefix from user core...  I fixed the use of
"PRIMARY" prefix in
user core and registry core tests If there are any other places that
are used "PRIMARY" prefix in tests, Please remove it...

Thanks,
Asela.


On Fri, Jul 26, 2013 at 8:19 AM, Ajith Vitharana  wrote:

> Hi Asela,
>
> What is the progress on this ? Can we update trunk and test ?
>
> Thanks
> Ajith
>
>
> On Wed, Jul 24, 2013 at 9:54 PM, Asela Pathberiya  wrote:
>
>> I guess,  this is also due the the adding "PRIMARY" prefix in to the
>> default user store...?  we will remove it soon.  sorry we are
>> still re-factoring the user core code  Once it is done..  we will let
>> you know...
>>
>> Thanks,
>> Asela.
>>
>>
>> On Wed, Jul 24, 2013 at 9:51 PM, Ajith Vitharana  wrote:
>>
>>> Hi All,
>>>
>>> While debugging a test I found the $subject. This is lead to a lot of
>>> test failures and feature broken.
>>> What should be the correct behavior ?
>>>
>>> registryContext.getLogWriter().addLog(
>>> sourcePath, CurrentSession.getUser(),
>>> LogEntry.ADD_ASSOCIATION,
>>> associationType + ";" + targetPath);
>>>
>>> [1]
>>> https://svn.wso2.org/repos/wso2/carbon/kernel/trunk/core/org.wso2.carbon.registry.core/src/main/java/org/wso2/carbon/registry/core/session/CurrentSession.java
>>>
>>> Thanks
>>> Ajith.
>>>
>>> --
>>> Ajith Vitharana.
>>> WSO2 Inc. - http://wso2.org
>>> Email  :  aji...@wso2.com
>>> Mobile : +94772217350
>>>
>>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> Mobile : +94 777 625 933
>>
>
>
>
> --
> Ajith Vitharana.
> WSO2 Inc. - http://wso2.org
> Email  :  aji...@wso2.com
> Mobile : +94772217350
>
>


-- 
Thanks & Regards,
Asela

Mobile : +94 777 625 933
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

1 2 >

1 - 100 of 179 matches

Mail list logo