Hi,
On Thu, Oct 20, 2016 at 1:19 AM, Harsha Thirimanna <[email protected]> wrote: > If there any REST API that already secured within itself the feature, then > we have to remove it and use this. As ex : DCR. in DCR we expect user in > request payload for now and that APIs are not secured. After apply this we > can remove the user from request payload and rely on this. And same as we > may have to check other REST APIs whether those are rely on any other > secure mechanism. > > @Isura, Can you please confirm in identity management REST API like > inforecovery ? > Yes. We need to secure recovery APIs and self-registration APIs ( *api/identity/recovery* and *api/identity/user*). Thanks Isura > > @Ayesha, > Ishara already test the DCR and you can fix that removing user in payload, > apply this and test. > > *Harsha Thirimanna* > Associate Tech Lead | WSO2 > > Email: [email protected] > Mob: +94715186770 > Blog: http://harshathirimanna.blogspot.com/ > Twitter: http://twitter.com/harshathirimann > Linked-In: linked-in: http://www.linkedin.com/pub/ > harsha-thirimanna/10/ab8/122 > <http://wso2.com/signature> > > On Thu, Oct 20, 2016 at 12:34 PM, Ishara Karunarathna <[email protected]> > wrote: > >> Hi Ayesha, >> >> This feature provide a authentication layer in front of any unsecured >> REST APIs. So do we need to test this with all the REST APIs ? >> >> -Ishara >> >> >> On Thu, Oct 20, 2016 at 12:05 PM, Ayesha Dissanayaka <[email protected]> >> wrote: >> >>> Hi all, >>> >>> I have started testing the"Generic Authentication Mechanism to all the >>> REST APIs" feature [1] in IS-5.3.0. >>> Please mention details on REST APIs in IS services which needs to be >>> secured, so that I can test those APIs with this feature. >>> >>> [1] https://wso2.org/jira/browse/IDENTITY-4742 >>> >>> Thanks! >>> -Ayesha >>> >>> -- >>> *Ayesha Dissanayaka* >>> Software Engineer, >>> WSO2, Inc : http://wso2.com >>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>> 20, Palmgrove Avenue, Colombo 3 >>> E-Mail: [email protected] <[email protected]> >>> >> >> >> >> -- >> Ishara Karunarathna >> Associate Technical Lead >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> >> >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
