Re: [Dev] [DEV] Need clarification regarding "Allow Anonymous Access" option

[Yvonne Wickramasinghe]

Hi,

Think we should include these details into the corresponding Redmine
Feature https://redmine.wso2.com/issues/3539 (Ref:
https://redmine.wso2.com/projects/wso2-platform/wiki/WSO2_Platform__Product_Management_Process_Overview
).

Regards,

On Tue, Feb 17, 2015 at 4:30 PM, Lahiru Cooray  wrote:

> Hi,
>
> There are two main scenarios:
>
> *Allow anonymous access to whole app:*
> When an user check the "allow anonymous" option, he can access that
> particular app even without log in to the AppManager.. Any un-authenticated
> user can access the gateway endpoint URL of the app even without
> subscribing to the app.
>
> *Allow anonymous access to selected url patterns:*
> Under policy groups there's another section to select "allow anonymous"
>  option. This is basically to allow anonymous access only to the
> corresponding url pattern/ http verb
>
>
>
>
>
>
> On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake 
> wrote:
>
>> Hi AppM Team,
>>
>> I would like to get some clarification regarding the "Allow Anonymous
>> Access:" option which can be selected when creating a webapp. What is
>> the intended behavior of an Anonymous App?
>>
>> With Regards,
>> --
>> Yasassri Ratnayake
>> Software Engineer - QA
>> WSO2 Inc ; http://wso2.com
>> lean.enterprise.middleware
>> *Mobile : +94715933168 <%2B94715933168>*
>> *Blog : http://yasassriratnayake.blogspot.com/
>> *
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Lahiru Cooray*
> Software Engineer
> WSO2, Inc.;http://wso2.com/
> lean.enterprise.middleware
>
> Mobile: +94 715 654154
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

*Yvonne Wickramasinghe*
Senior Product Manager; WSO2, Inc.; http://wso2.com
email: yvo...@wso2.com; mobile (Sri Lanka): +94 71 516 3732
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV] Need clarification regarding "Allow Anonymous Access" option

[Yasassri Ratnayake]

Hi Dinusha,

Thanks for clearing this out, I have created JIRA [1] based on this.

[1] - https://wso2.org/jira/browse/APPM-401

With Regards,

On Tue, Feb 17, 2015 at 8:29 PM, Dinusha Senanayaka 
wrote:

> Hi Yasassri,
>
> This is an usability improvement. Yes, it doesn't make sense setting
> visibility when the app is allowed for anonymous access.
>
> Regards,
> Dinusha.
>
> On Tue, Feb 17, 2015 at 5:10 PM, Yasassri Ratnayake 
> wrote:
>
>> Hi Lahiru/Dinusha,
>>
>> Thanks for the explanation, I have reported following JIRA related to
>> Anonymous accessibility [1].
>>
>> If the anonymous option makes app accessible without authentication, Is
>> there an use case where a user needs to set the App "Visibility:" while
>> checking the "Allow Anonymous Access:" option. In the current
>> implementation user can set the app visibility while checking the "Allow
>> Anonymous Access" option. What is the rationale behind this?
>>
>> [1] - https://wso2.org/jira/browse/APPM-400
>>
>> On Tue, Feb 17, 2015 at 4:35 PM, Dinusha Senanayaka 
>> wrote:
>>
>>> Hi Yasassri,
>>>
>>> This feature is introduced to support non-secured applications. Since
>>> AppM is using SSO, even when we publish a unsecured application through
>>> AppManager, it need user authentication to access this application though
>>> GW. But there can be some use cases Application publisher need this app to
>>> have anonymous access but need to apply other QoS policies.
>>> Also this can be configured in two levels as Lahiru explained already.
>>>
>>> Regards,
>>> Dinusha.
>>>
>>> On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake 
>>> wrote:
>>>
 Hi AppM Team,

 I would like to get some clarification regarding the "Allow Anonymous
 Access:" option which can be selected when creating a webapp. What is
 the intended behavior of an Anonymous App?

 With Regards,
 --
 Yasassri Ratnayake
 Software Engineer - QA
 WSO2 Inc ; http://wso2.com
 lean.enterprise.middleware
 *Mobile : +94715933168 <%2B94715933168>*
 *Blog : http://yasassriratnayake.blogspot.com/
 *

>>>
>>>
>>>
>>> --
>>> Dinusha Dilrukshi
>>> Senior Software Engineer
>>> WSO2 Inc.: http://wso2.com/
>>> Mobile: +94725255071
>>> Blog: http://dinushasblog.blogspot.com/
>>>
>>
>>
>>
>> --
>> Yasassri Ratnayake
>> Software Engineer - QA
>> WSO2 Inc ; http://wso2.com
>> lean.enterprise.middleware
>> *Mobile : +94715933168 <%2B94715933168>*
>> *Blog : http://yasassriratnayake.blogspot.com/
>> *
>>
>
>
>
> --
> Dinusha Dilrukshi
> Senior Software Engineer
> WSO2 Inc.: http://wso2.com/
> Mobile: +94725255071
> Blog: http://dinushasblog.blogspot.com/
>



-- 
Yasassri Ratnayake
Software Engineer - QA
WSO2 Inc ; http://wso2.com
lean.enterprise.middleware
*Mobile : +94715933168*
*Blog : http://yasassriratnayake.blogspot.com/
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV] Need clarification regarding "Allow Anonymous Access" option

[Dinusha Senanayaka]

Hi Yasassri,

This is an usability improvement. Yes, it doesn't make sense setting
visibility when the app is allowed for anonymous access.

Regards,
Dinusha.

On Tue, Feb 17, 2015 at 5:10 PM, Yasassri Ratnayake 
wrote:

> Hi Lahiru/Dinusha,
>
> Thanks for the explanation, I have reported following JIRA related to
> Anonymous accessibility [1].
>
> If the anonymous option makes app accessible without authentication, Is
> there an use case where a user needs to set the App "Visibility:" while
> checking the "Allow Anonymous Access:" option. In the current
> implementation user can set the app visibility while checking the "Allow
> Anonymous Access" option. What is the rationale behind this?
>
> [1] - https://wso2.org/jira/browse/APPM-400
>
> On Tue, Feb 17, 2015 at 4:35 PM, Dinusha Senanayaka 
> wrote:
>
>> Hi Yasassri,
>>
>> This feature is introduced to support non-secured applications. Since
>> AppM is using SSO, even when we publish a unsecured application through
>> AppManager, it need user authentication to access this application though
>> GW. But there can be some use cases Application publisher need this app to
>> have anonymous access but need to apply other QoS policies.
>> Also this can be configured in two levels as Lahiru explained already.
>>
>> Regards,
>> Dinusha.
>>
>> On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake 
>> wrote:
>>
>>> Hi AppM Team,
>>>
>>> I would like to get some clarification regarding the "Allow Anonymous
>>> Access:" option which can be selected when creating a webapp. What is
>>> the intended behavior of an Anonymous App?
>>>
>>> With Regards,
>>> --
>>> Yasassri Ratnayake
>>> Software Engineer - QA
>>> WSO2 Inc ; http://wso2.com
>>> lean.enterprise.middleware
>>> *Mobile : +94715933168 <%2B94715933168>*
>>> *Blog : http://yasassriratnayake.blogspot.com/
>>> *
>>>
>>
>>
>>
>> --
>> Dinusha Dilrukshi
>> Senior Software Engineer
>> WSO2 Inc.: http://wso2.com/
>> Mobile: +94725255071
>> Blog: http://dinushasblog.blogspot.com/
>>
>
>
>
> --
> Yasassri Ratnayake
> Software Engineer - QA
> WSO2 Inc ; http://wso2.com
> lean.enterprise.middleware
> *Mobile : +94715933168 <%2B94715933168>*
> *Blog : http://yasassriratnayake.blogspot.com/
> *
>



-- 
Dinusha Dilrukshi
Senior Software Engineer
WSO2 Inc.: http://wso2.com/
Mobile: +94725255071
Blog: http://dinushasblog.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV] Need clarification regarding "Allow Anonymous Access" option

[Yasassri Ratnayake]

Hi Lahiru/Dinusha,

Thanks for the explanation, I have reported following JIRA related to
Anonymous accessibility [1].

If the anonymous option makes app accessible without authentication, Is
there an use case where a user needs to set the App "Visibility:" while
checking the "Allow Anonymous Access:" option. In the current
implementation user can set the app visibility while checking the "Allow
Anonymous Access" option. What is the rationale behind this?

[1] - https://wso2.org/jira/browse/APPM-400

On Tue, Feb 17, 2015 at 4:35 PM, Dinusha Senanayaka 
wrote:

> Hi Yasassri,
>
> This feature is introduced to support non-secured applications. Since AppM
> is using SSO, even when we publish a unsecured application through
> AppManager, it need user authentication to access this application though
> GW. But there can be some use cases Application publisher need this app to
> have anonymous access but need to apply other QoS policies.
> Also this can be configured in two levels as Lahiru explained already.
>
> Regards,
> Dinusha.
>
> On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake 
> wrote:
>
>> Hi AppM Team,
>>
>> I would like to get some clarification regarding the "Allow Anonymous
>> Access:" option which can be selected when creating a webapp. What is
>> the intended behavior of an Anonymous App?
>>
>> With Regards,
>> --
>> Yasassri Ratnayake
>> Software Engineer - QA
>> WSO2 Inc ; http://wso2.com
>> lean.enterprise.middleware
>> *Mobile : +94715933168 <%2B94715933168>*
>> *Blog : http://yasassriratnayake.blogspot.com/
>> *
>>
>
>
>
> --
> Dinusha Dilrukshi
> Senior Software Engineer
> WSO2 Inc.: http://wso2.com/
> Mobile: +94725255071
> Blog: http://dinushasblog.blogspot.com/
>



-- 
Yasassri Ratnayake
Software Engineer - QA
WSO2 Inc ; http://wso2.com
lean.enterprise.middleware
*Mobile : +94715933168*
*Blog : http://yasassriratnayake.blogspot.com/
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV] Need clarification regarding "Allow Anonymous Access" option

[Dinusha Senanayaka]

Hi Yasassri,

This feature is introduced to support non-secured applications. Since AppM
is using SSO, even when we publish a unsecured application through
AppManager, it need user authentication to access this application though
GW. But there can be some use cases Application publisher need this app to
have anonymous access but need to apply other QoS policies.
Also this can be configured in two levels as Lahiru explained already.

Regards,
Dinusha.

On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake 
wrote:

> Hi AppM Team,
>
> I would like to get some clarification regarding the "Allow Anonymous
> Access:" option which can be selected when creating a webapp. What is the
> intended behavior of an Anonymous App?
>
> With Regards,
> --
> Yasassri Ratnayake
> Software Engineer - QA
> WSO2 Inc ; http://wso2.com
> lean.enterprise.middleware
> *Mobile : +94715933168 <%2B94715933168>*
> *Blog : http://yasassriratnayake.blogspot.com/
> *
>



-- 
Dinusha Dilrukshi
Senior Software Engineer
WSO2 Inc.: http://wso2.com/
Mobile: +94725255071
Blog: http://dinushasblog.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DEV] Need clarification regarding "Allow Anonymous Access" option

[Lahiru Cooray]

Hi,

There are two main scenarios:

*Allow anonymous access to whole app:*
When an user check the "allow anonymous" option, he can access that
particular app even without log in to the AppManager.. Any un-authenticated
user can access the gateway endpoint URL of the app even without
subscribing to the app.

*Allow anonymous access to selected url patterns:*
Under policy groups there's another section to select "allow anonymous"
 option. This is basically to allow anonymous access only to the
corresponding url pattern/ http verb






On Tue, Feb 17, 2015 at 2:39 PM, Yasassri Ratnayake 
wrote:

> Hi AppM Team,
>
> I would like to get some clarification regarding the "Allow Anonymous
> Access:" option which can be selected when creating a webapp. What is the
> intended behavior of an Anonymous App?
>
> With Regards,
> --
> Yasassri Ratnayake
> Software Engineer - QA
> WSO2 Inc ; http://wso2.com
> lean.enterprise.middleware
> *Mobile : +94715933168 <%2B94715933168>*
> *Blog : http://yasassriratnayake.blogspot.com/
> *
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Lahiru Cooray*
Software Engineer
WSO2, Inc.;http://wso2.com/
lean.enterprise.middleware

Mobile: +94 715 654154
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev