Re: [Dev] [DEV] Need clarification regarding Allow Anonymous Access option
Hi, Think we should include these details into the corresponding Redmine Feature https://redmine.wso2.com/issues/3539 (Ref: https://redmine.wso2.com/projects/wso2-platform/wiki/WSO2_Platform__Product_Management_Process_Overview ). Regards, On Tue, Feb 17, 2015 at 4:30 PM, Lahiru Cooray lahi...@wso2.com wrote: Hi, There are two main scenarios: *Allow anonymous access to whole app:* When an user check the allow anonymous option, he can access that particular app even without log in to the AppManager.. Any un-authenticated user can access the gateway endpoint URL of the app even without subscribing to the app. *Allow anonymous access to selected url patterns:* Under policy groups there's another section to select allow anonymous option. This is basically to allow anonymous access only to the corresponding url pattern/ http verb On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake yasas...@wso2.com wrote: Hi AppM Team, I would like to get some clarification regarding the Allow Anonymous Access: option which can be selected when creating a webapp. What is the intended behavior of an Anonymous App? With Regards, -- Yasassri Ratnayake Software Engineer - QA WSO2 Inc ; http://wso2.com lean.enterprise.middleware *Mobile : +94715933168 %2B94715933168* *Blog : http://yasassriratnayake.blogspot.com/ http://yasassriratnayake.blogspot.com/* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- *Lahiru Cooray* Software Engineer WSO2, Inc.;http://wso2.com/ lean.enterprise.middleware Mobile: +94 715 654154 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- *Yvonne Wickramasinghe* Senior Product Manager; WSO2, Inc.; http://wso2.com email: yvo...@wso2.com; mobile (Sri Lanka): +94 71 516 3732 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV] Need clarification regarding Allow Anonymous Access option
Hi Dinusha, Thanks for clearing this out, I have created JIRA [1] based on this. [1] - https://wso2.org/jira/browse/APPM-401 With Regards, On Tue, Feb 17, 2015 at 8:29 PM, Dinusha Senanayaka dinu...@wso2.com wrote: Hi Yasassri, This is an usability improvement. Yes, it doesn't make sense setting visibility when the app is allowed for anonymous access. Regards, Dinusha. On Tue, Feb 17, 2015 at 5:10 PM, Yasassri Ratnayake yasas...@wso2.com wrote: Hi Lahiru/Dinusha, Thanks for the explanation, I have reported following JIRA related to Anonymous accessibility [1]. If the anonymous option makes app accessible without authentication, Is there an use case where a user needs to set the App Visibility: while checking the Allow Anonymous Access: option. In the current implementation user can set the app visibility while checking the Allow Anonymous Access option. What is the rationale behind this? [1] - https://wso2.org/jira/browse/APPM-400 On Tue, Feb 17, 2015 at 4:35 PM, Dinusha Senanayaka dinu...@wso2.com wrote: Hi Yasassri, This feature is introduced to support non-secured applications. Since AppM is using SSO, even when we publish a unsecured application through AppManager, it need user authentication to access this application though GW. But there can be some use cases Application publisher need this app to have anonymous access but need to apply other QoS policies. Also this can be configured in two levels as Lahiru explained already. Regards, Dinusha. On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake yasas...@wso2.com wrote: Hi AppM Team, I would like to get some clarification regarding the Allow Anonymous Access: option which can be selected when creating a webapp. What is the intended behavior of an Anonymous App? With Regards, -- Yasassri Ratnayake Software Engineer - QA WSO2 Inc ; http://wso2.com lean.enterprise.middleware *Mobile : +94715933168 %2B94715933168* *Blog : http://yasassriratnayake.blogspot.com/ http://yasassriratnayake.blogspot.com/* -- Dinusha Dilrukshi Senior Software Engineer WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/ -- Yasassri Ratnayake Software Engineer - QA WSO2 Inc ; http://wso2.com lean.enterprise.middleware *Mobile : +94715933168 %2B94715933168* *Blog : http://yasassriratnayake.blogspot.com/ http://yasassriratnayake.blogspot.com/* -- Dinusha Dilrukshi Senior Software Engineer WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/ -- Yasassri Ratnayake Software Engineer - QA WSO2 Inc ; http://wso2.com lean.enterprise.middleware *Mobile : +94715933168* *Blog : http://yasassriratnayake.blogspot.com/ http://yasassriratnayake.blogspot.com/* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV] Need clarification regarding Allow Anonymous Access option
Hi Yasassri, This is an usability improvement. Yes, it doesn't make sense setting visibility when the app is allowed for anonymous access. Regards, Dinusha. On Tue, Feb 17, 2015 at 5:10 PM, Yasassri Ratnayake yasas...@wso2.com wrote: Hi Lahiru/Dinusha, Thanks for the explanation, I have reported following JIRA related to Anonymous accessibility [1]. If the anonymous option makes app accessible without authentication, Is there an use case where a user needs to set the App Visibility: while checking the Allow Anonymous Access: option. In the current implementation user can set the app visibility while checking the Allow Anonymous Access option. What is the rationale behind this? [1] - https://wso2.org/jira/browse/APPM-400 On Tue, Feb 17, 2015 at 4:35 PM, Dinusha Senanayaka dinu...@wso2.com wrote: Hi Yasassri, This feature is introduced to support non-secured applications. Since AppM is using SSO, even when we publish a unsecured application through AppManager, it need user authentication to access this application though GW. But there can be some use cases Application publisher need this app to have anonymous access but need to apply other QoS policies. Also this can be configured in two levels as Lahiru explained already. Regards, Dinusha. On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake yasas...@wso2.com wrote: Hi AppM Team, I would like to get some clarification regarding the Allow Anonymous Access: option which can be selected when creating a webapp. What is the intended behavior of an Anonymous App? With Regards, -- Yasassri Ratnayake Software Engineer - QA WSO2 Inc ; http://wso2.com lean.enterprise.middleware *Mobile : +94715933168 %2B94715933168* *Blog : http://yasassriratnayake.blogspot.com/ http://yasassriratnayake.blogspot.com/* -- Dinusha Dilrukshi Senior Software Engineer WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/ -- Yasassri Ratnayake Software Engineer - QA WSO2 Inc ; http://wso2.com lean.enterprise.middleware *Mobile : +94715933168 %2B94715933168* *Blog : http://yasassriratnayake.blogspot.com/ http://yasassriratnayake.blogspot.com/* -- Dinusha Dilrukshi Senior Software Engineer WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV] Need clarification regarding Allow Anonymous Access option
Hi Lahiru/Dinusha, Thanks for the explanation, I have reported following JIRA related to Anonymous accessibility [1]. If the anonymous option makes app accessible without authentication, Is there an use case where a user needs to set the App Visibility: while checking the Allow Anonymous Access: option. In the current implementation user can set the app visibility while checking the Allow Anonymous Access option. What is the rationale behind this? [1] - https://wso2.org/jira/browse/APPM-400 On Tue, Feb 17, 2015 at 4:35 PM, Dinusha Senanayaka dinu...@wso2.com wrote: Hi Yasassri, This feature is introduced to support non-secured applications. Since AppM is using SSO, even when we publish a unsecured application through AppManager, it need user authentication to access this application though GW. But there can be some use cases Application publisher need this app to have anonymous access but need to apply other QoS policies. Also this can be configured in two levels as Lahiru explained already. Regards, Dinusha. On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake yasas...@wso2.com wrote: Hi AppM Team, I would like to get some clarification regarding the Allow Anonymous Access: option which can be selected when creating a webapp. What is the intended behavior of an Anonymous App? With Regards, -- Yasassri Ratnayake Software Engineer - QA WSO2 Inc ; http://wso2.com lean.enterprise.middleware *Mobile : +94715933168 %2B94715933168* *Blog : http://yasassriratnayake.blogspot.com/ http://yasassriratnayake.blogspot.com/* -- Dinusha Dilrukshi Senior Software Engineer WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/ -- Yasassri Ratnayake Software Engineer - QA WSO2 Inc ; http://wso2.com lean.enterprise.middleware *Mobile : +94715933168* *Blog : http://yasassriratnayake.blogspot.com/ http://yasassriratnayake.blogspot.com/* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV] Need clarification regarding Allow Anonymous Access option
Hi Yasassri, This feature is introduced to support non-secured applications. Since AppM is using SSO, even when we publish a unsecured application through AppManager, it need user authentication to access this application though GW. But there can be some use cases Application publisher need this app to have anonymous access but need to apply other QoS policies. Also this can be configured in two levels as Lahiru explained already. Regards, Dinusha. On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake yasas...@wso2.com wrote: Hi AppM Team, I would like to get some clarification regarding the Allow Anonymous Access: option which can be selected when creating a webapp. What is the intended behavior of an Anonymous App? With Regards, -- Yasassri Ratnayake Software Engineer - QA WSO2 Inc ; http://wso2.com lean.enterprise.middleware *Mobile : +94715933168 %2B94715933168* *Blog : http://yasassriratnayake.blogspot.com/ http://yasassriratnayake.blogspot.com/* -- Dinusha Dilrukshi Senior Software Engineer WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/ ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
Re: [Dev] [DEV] Need clarification regarding Allow Anonymous Access option
Hi, There are two main scenarios: *Allow anonymous access to whole app:* When an user check the allow anonymous option, he can access that particular app even without log in to the AppManager.. Any un-authenticated user can access the gateway endpoint URL of the app even without subscribing to the app. *Allow anonymous access to selected url patterns:* Under policy groups there's another section to select allow anonymous option. This is basically to allow anonymous access only to the corresponding url pattern/ http verb On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake yasas...@wso2.com wrote: Hi AppM Team, I would like to get some clarification regarding the Allow Anonymous Access: option which can be selected when creating a webapp. What is the intended behavior of an Anonymous App? With Regards, -- Yasassri Ratnayake Software Engineer - QA WSO2 Inc ; http://wso2.com lean.enterprise.middleware *Mobile : +94715933168 %2B94715933168* *Blog : http://yasassriratnayake.blogspot.com/ http://yasassriratnayake.blogspot.com/* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- *Lahiru Cooray* Software Engineer WSO2, Inc.;http://wso2.com/ lean.enterprise.middleware Mobile: +94 715 654154 ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
[Dev] [DEV] Need clarification regarding Allow Anonymous Access option
Hi AppM Team, I would like to get some clarification regarding the Allow Anonymous Access: option which can be selected when creating a webapp. What is the intended behavior of an Anonymous App? With Regards, -- Yasassri Ratnayake Software Engineer - QA WSO2 Inc ; http://wso2.com lean.enterprise.middleware *Mobile : +94715933168* *Blog : http://yasassriratnayake.blogspot.com/ http://yasassriratnayake.blogspot.com/* ___ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev