+1 for Nandana as the release manager. Thanks, Ruchith
On Mon, Jul 7, 2008 at 6:03 PM, Davanum Srinivas <[EMAIL PROTECTED]> wrote: > Nandana, > > +1 from me for you to be the Release Manager for 1.4.1 > > IMHO, we should use 1.4 branch. The *ONLY* change should be the > security change. Nothing more. > > thanks, > dims > > On Mon, Jul 7, 2008 at 6:50 AM, Nandana Mihindukulasooriya > <[EMAIL PROTECTED]> wrote: >> I would like to volunteer to be the release manager for Axis2 1.4.1. >> >> I think we can fix the critical issues in the 1.4 branch (or a 1.4.1 branch >> ) and do the 1.4.1 release. I don't think doing 1.4.1 from the trunk is the >> appropriate way as trunk is now java 1.5 and has lot of major changes after >> Axis2 1.4 . However we can fix any issues that are not already fixed in the >> trunk at the same time when we fix those in the branch. >> >> Hope this is oky with Axis2 release guidelines. >> >> thanks, >> nandana >> >> On Tue, Jul 1, 2008 at 6:39 PM, Davanum Srinivas <[EMAIL PROTECTED]> wrote: >>> >>> IMHO, The logic is the same as for blockers. If there is a work >>> around, it's not a blocker. So i am +0 on a 1.4.1 since there is a >>> work around that can be documented. >>> >>> That said, If someone is willing to drive a 1.4.1 as the release >>> manager, please do go ahead. >>> >>> thanks, >>> dims >>> >>> On Tue, Jul 1, 2008 at 2:48 AM, Sanka Samaranayake <[EMAIL PROTECTED]> >>> wrote: >>> > Hi, >>> > >>> > For the users who is already using 1.4 version, the workaround would be >>> > to >>> > define policies in services.xml without using <wsa:PolicyAttachment>. >>> > Then >>> > the problem is that those policies will appear in <wsdl:PortType> which >>> > is >>> > not correct but security will apply for both format of service URLs. >>> > >>> > Hence +1 for fixing that issue and do 1.4.1 release. >>> > >>> > Thanks, >>> > Sanka >>> > >>> > >>> > On Mon, Jun 30, 2008 at 8:59 PM, Nandana Mihindukulasooriya >>> > <[EMAIL PROTECTED]> wrote: >>> >> >>> >> Hi, >>> >> There are few issues with Axis2 1.4 / Rampart 1.4 with the new >>> >> policy >>> >> configuration. The new policy configuration which allows us to apply >>> >> policies to binding hierarchy is a great feature when in comes to ws >>> >> security policy configuration. It allows security policies to be >>> >> attached to >>> >> the correct attachment points. But there are few issues that need to be >>> >> fixed in Axis2 1.4. I will list them below. >>> >> 1.) If we configure security using new configuration, service can >>> >> be >>> >> accessed without security. >>> >> In Axis2 1.4, a service is exposed in two EPRs (consider SOAP >>> >> 1.1 >>> >> binding). >>> >> eg. >>> >> >>> >> >>> >> http://localhost:8080/axis2/services/SecureService.SecureServiceHttpSoap11Endpoint >>> >> http://localhost:8080/axis2/services/SecureService >>> >> But if we you set the policies using the new configuration, >>> >> if >>> >> you do a web service call to the older EPR, you can access the service >>> >> without any security even though it is secured using the binding >>> >> hierarchy. >>> >> This happens because if we call the old EPR, it is not dispatched to a >>> >> binding. But this leaves the service vulnerable. I think we should >>> >> dispatch >>> >> to one of the bindings may be using soap envelope version if we have >>> >> only >>> >> one binding with that soap version. We should have a way to dispatch >>> >> messages which comes to old EPR to one of the bindings else we should >>> >> have >>> >> an option to disable that EPR. >>> >> >>> >> 2.) In the out flow, policies are not set correctly in the binding >>> >> message. >>> >> This is fixed in the trunk but this bug is there in Axis2 >>> >> 1.4. >>> >> >>> >> So the option we have is to configure security using the old >>> >> configuration. But then the problem is policies are attached to the >>> >> port >>> >> type which is the correct way to do if we have policies using >>> >> <service>,<operation><message> tags. But this makes Axis2 not >>> >> interoperable >>> >> as security policies should be attached to binding hierarchy according >>> >> WS >>> >> Security policy specification. Ideally we should always use the new >>> >> configuration to apply security. And code generation also doesn't work >>> >> correctly when the policies attached to the port type (polices are not >>> >> correctly attached to the stub). >>> >> >>> >> So I think it would be great if can consider a Axis2 1.4.1 with >>> >> these >>> >> things fixed. >>> >> >>> >> thanks, >>> >> nandana >>> > >>> > >>> > -- >>> > Sanka Samaranayake >>> > WSO2 Inc. >>> > >>> > http://sankas.blogspot.com/ >>> > http://www.wso2.org/ >>> >>> >>> >>> -- >>> Davanum Srinivas :: http://davanum.wordpress.com >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >> > > > > -- > Davanum Srinivas :: http://davanum.wordpress.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- http://blog.ruchith.org http://wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
