Hi all,
A small correction the relevant config should look like as below described
<twitter.config>
<parameter name="oauth.consumerSecret"
value="*enc:*EvTEzc3jj9Z1Kx58ylNfkpnuXYuCeGgKhkVkziYNMs"/>
Cheers
Dushan
On Sat, Jul 20, 2013 at 8:39 PM, Dushan Abeyruwan <[email protected]> wrote:
> Hi
> IMO seems like
> EntitlementMediato<https://svn.wso2.org/repos/wso2/carbon/platform/trunk/components/identity/org.wso2.carbon.identity.entitlement.mediator/src/main/java/org/wso2/carbon/identity/entitlement/mediator/EntitlementMediator.java>r
> approach
> quite suitable and handy and I would think what it does for the time being
> is _ _okay _ _ since Entitlement component is NOT resides within synapse
> (need expert suggestion form IS since they are the one who implemented the
> current approach) , according to the discussion had (with Kasun at el)
> thought how we could probably include the same approach for
> the components resides in synapse.
> There we have identified the approach which registry getting
> intercepted could be useful [2].We thought of introducing a security
> related component [3] a kind of extension point where the
> SecurityInteceptors will be initialized during init()
> and readily available in *synapseConfiguration* during serialization or
> during run-time and with that we could probably utilize the attributes
> which required for encrypt with special character or sequence as shown [1]
> anyway I am still doing a feasibility study of the
> described approach, may be there we might have jump few hurdles to get this
> done without harming synapse API ..
>
> really appreciate thoughts from IS for this approach, do you guys feel
> any _ _ better more reliable approach than this _ _ ?
>
> e.g
> [1]
> <twitter.config>
> <parameter name="*enc:*oauth.consumerSecret"
>
> value="EvTEzc3jj9Z1Kx58ylNfkpnuXYuCeGgKhkVkziYNMs"/> (if used enc: then
> during serialization those values encrypited same can be integrated for
> UI's even this might not be any issue when use DevS approach as well)
>
>
>
>
> [2]
> <registry provider="org.wso2.carbon.mediation.registry.WSO2Registry">
> <parameter name="cachableDuration">15000</parameter>
> </registry>
>
> [3]
> <registry provider="org.wso2.carbon.security.*SecurityInterceptor*">
> *SecurityInterceptor
> (class name or package not finalized yet)*
> <parameter name="cachableDuration">15000</parameter>
> </registry>
>
>
>
> On Sat, Jul 20, 2013 at 7:17 PM, Sanjiva Weerawarana <[email protected]>wrote:
>
>> Dushan connector creds are going to be user specific. So that means they
>> have to be able to configure them in a user-accessible way .. and then the
>> data needs to be stored in a secure vault of some kind.
>>
>> For UI driven configs that's easy - we get the password in the UI, store
>> in the vault and refer to it in the mediator config.
>>
>> For hand edited synapse.xml stuff you'd need to let the user do the same.
>> Do we have a per-user vault type concept?
>>
>> Sanjiva.
>>
>>
>> On Fri, Jul 19, 2013 at 11:18 AM, Dushan Abeyruwan <[email protected]>wrote:
>>
>>> Hi
>>> Regarding $subject, what would be the best way to accomplish ?
>>> According to the EntitlementMediator implementation it
>>> seems we are using a different approach as shown below [1], any reason
>>> which prevent us moving to synapse secure vault and also seems there are
>>> zero documentation related to Synapse secure vault configuration.
>>>
>>>
>>> [1]
>>>
>>> https://svn.wso2.org/repos/wso2/carbon/platform/trunk/components/identity/org.wso2.carbon.identity.entitlement.mediator/src/main/java/org/wso2/carbon/identity/entitlement/mediator/EntitlementMediator.java
>>>
>>>
>>> public void setRemoteServicePassword(String remoteServicePassword) {
>>> if (remoteServicePassword.startsWith("enc:")) {
>>> try {
>>> * this.remoteServicePassword = new
>>> String(CryptoUtil.getDefaultCryptoUtil()*
>>> *
>>> .base64DecodeAndDecrypt(remoteServicePassword.substring(4)));*
>>> } catch (CryptoException e) {
>>> log.error(e);
>>> }
>>> } else {
>>> this.remoteServicePassword = remoteServicePassword;
>>> }
>>> }
>>>
>>> Cheers,
>>> Dushan Abeyruwan
>>> Associate Tech Lead
>>> *Integration Technologies Team*
>>> *WSO2 Inc. http://wso2.com/*
>>> *Mobile:(+94)714408632*
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> [email protected]
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> Sanjiva Weerawarana, Ph.D.
>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/
>> email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1
>> 650 265 8311
>> blog: http://sanjiva.weerawarana.org/
>>
>> Lean . Enterprise . Middleware
>>
>> _______________________________________________
>> Architecture mailing list
>> [email protected]
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Dushan Abeyruwan
> Associate Tech Lead
> *Integration Technologies Team*
> *WSO2 Inc. http://wso2.com/*
> *Mobile:(+94)714408632*
>
--
Dushan Abeyruwan
Associate Tech Lead
*Integration Technologies Team*
*WSO2 Inc. http://wso2.com/*
*Mobile:(+94)714408632*
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
