Hi amila, Another patch for message box is attached with jira CARBON-8090 [1].
SQS client test cases are added and unused codes and bundles are removed. [1]. https://wso2.org/jira/browse/CARBON-8090 thanks On Mon, Nov 22, 2010 at 6:59 PM, Manjula Rathnayake <[email protected]>wrote: > > > On Mon, Nov 22, 2010 at 6:52 PM, Amila Suriarachchi <[email protected]>wrote: > >> >> >> On Mon, Nov 22, 2010 at 5:31 PM, Manjula Rathnayake <[email protected]>wrote: >> >>> Hi Amila, >>> >>> I have corrected the code by using composite message box name for storing >>> message boxes. >>> And the patch is attached with jira CARBON-8070 [1]. >>> [1]. https://wso2.org/jira/browse/CARBON-8070 >>> >> >> I can not apply this patch. Please create a new one. >> > New patch was added at same location. > >> >> And also add more comments on what you did to jira. >> > sure, I will add a full description regarding the fixed issue there. > >> >> thanks, >> Amila. >> >>> >>> thanks >>> >>> >>> On Mon, Nov 22, 2010 at 9:37 AM, Manjula Rathnayake >>> <[email protected]>wrote: >>> >>>> Hi Amila, >>>> >>>> Thank you for going through the code and pointing out things so that I >>>> can improve myself. >>>> I re-factored the code and still few more things to do. I will attach a >>>> patch soon. >>>> >>>> On Sun, Nov 21, 2010 at 11:07 AM, Amila Suriarachchi >>>> <[email protected]>wrote: >>>> >>>>> hi Manjula, >>>>> >>>>> I went through your code. You have done the overall design correctly >>>>> but there are some problem with the logic. >>>>> >>>>> if you go through the amazon message queue document you see that the >>>>> return url for the >>>>> created queue looks like this, >>>>> >>>>> http://sqs.us-east-1.amazonaws.com/123456789012/queue2 >>>>> >>>>> this numeric number represents the AWS number and hence user name. >>>>> therefore two users can have the same queue name. >>>>> >>>>> so we need to add the username part to message queue as well. >>>>> >>>>> In order to do that we need to pass the composite message box name to >>>>> the osgi service. >>>>> eg. user1/queu1. >>>>> >>>>> at the user store we can use this to keep the messages boxes since now >>>>> message box name is unique. >>>>> >>>>> the return address of the queue should always be to MessageQueue since >>>>> users send to this address in order to >>>>> do the operations. >>>>> >>>>> I saw some private variables like (userid, messageBoxOwner) >>>>> kept in InMemoryMessageBoxService. Please remove them. You can keep >>>>> private variables only if they are part of the object attribute. >>>>> >>>> yes, I kept those private variables to keep logged in user and >>>> messagebox owner, now they have been changed. >>>> >>>>> >>>>> public boolean isAccessible(String messageBoxName, String operation) { >>>>> String loggedInUser = getLoggedInUser(); >>>>> Map<String, MessageBox> messageBoxMap = >>>>> messageBoxMapStore.get(loggedInUser); >>>>> if (isAdminLoggedIn()) { >>>>> return true; >>>>> } >>>>> // if user owns messageBoxName, enable direct access to it. >>>>> if (messageBoxMap != null && messageBoxMap.get(messageBoxName) >>>>> != null) { >>>>> messageBoxOwner = loggedInUser; >>>>> return true; >>>>> } else { >>>>> if (accessControllerMapStore.get(messageBoxName) == null) { >>>>> return false; >>>>> } else { >>>>> Set<String> permissionLabels = >>>>> accessControllerMapStore.get(messageBoxName).keySet(); >>>>> for (String permissionLabel : permissionLabels) { >>>>> AccessController accessController = >>>>> accessControllerMapStore.get(messageBoxName).get(permissionLabel); >>>>> if (accessController.isAccessible(loggedInUser, >>>>> operation)) { >>>>> messageBoxOwner = >>>>> accessController.getMessageBoxOwner(); >>>>> return true; >>>>> } >>>>> } >>>>> return false; >>>>> } >>>>> } >>>>> } >>>>> >>>>> this logic is wrong with the current implementation. Actually this is >>>>> why you need to have user name in the message box name. >>>>> >>>>> lets take the senario where a uesr2 wants to send a message to queue >>>>> queue1 created by user2. And user2 also have a queue called >>>>> queue1. >>>>> >>>> yes, this logic fails here with above scenario :( I understand that >>>> composite message box name needed here. I have taken the composite message >>>> box name and changed the code. >>>> >>>>> >>>>> it authorize user just checking the availability of his queue and >>>>> finally receive the message from that as well. >>>>> >>>>> Keep all the access control details in the Message Box as well. >>>>> >>>> I changed this as well. >>>> >>>>> >>>>> And also put more comments as well. >>>>> >>>> I will put more comments properly. >>>> >>>>> >>>>> >>>>> thanks, >>>>> Amila. >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> [email protected] >>>>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>>> thanks >>>> -- >>>> Manjula Rathnayaka >>>> Software Engineer >>>> WSO2, Inc. >>>> Mobile:+94 77 743 1987 >>>> >>> >>> >>> >>> -- >>> Manjula Rathnayaka >>> Software Engineer >>> WSO2, Inc. >>> Mobile:+94 77 743 1987 >>> >> >> > > thanks > -- > Manjula Rathnayaka > Software Engineer > WSO2, Inc. > Mobile:+94 77 743 1987 > -- Manjula Rathnayaka Software Engineer WSO2, Inc. Mobile:+94 77 743 1987
_______________________________________________ Carbon-dev mailing list [email protected] https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
