On Wed, Sep 7, 2011 at 12:17 PM, Thilina Buddhika <[email protected]> wrote:
> > > On Wed, Sep 7, 2011 at 11:51 AM, Senaka Fernando <[email protected]> wrote: > >> That's a choice we need to make; but this still is an Authenticator (which >> is an extension of the standard java.net.Authenticator - a part of JAAS). >> Realizing that we had a special authenticator configuration file, I thought >> it'd be more appropriate to place it there (compared to carbon.xml). >> >> Our authenticators help external entities (users, systems) log into our >> server, and this authenticator helps our server log into external entities >> (systems - servers, proxies), which is the difference. >> > > Exactly. That is why I said it is not correct to place them in the same > file. The location you picked is correct (carbon.xml). But the configuration > element should be renamed. > But, won't calling this something other than authenticator be wrong. This is an authenticator (at least Java defines it as such) - so why rename? If we do that, we'd be saying Foo is where you define the java.net.Authenticator. So why not Foo == Authenticator (which makes it obvious)? IMHO, I think we defining our own world is not the best option, when it comes to some standard practice. Thanks, Senaka. > Thanks, > Thilina > > >> >> Thanks, >> Senaka. >> >> >> On Wed, Sep 7, 2011 at 10:59 AM, Thilina Buddhika <[email protected]>wrote: >> >>> But authenticators.xml is for Carbon Authenticators. And this is for a >>> different purpose. So having them in a single file does not make sense to >>> me. >> >> >>> Thanks, >>> Thilina >>> >>> On Wed, Sep 7, 2011 at 10:42 AM, Senaka Fernando <[email protected]>wrote: >>> >>>> Hi all, >>>> >>>> On Wed, Sep 7, 2011 at 12:46 AM, Thilina Buddhika <[email protected]>wrote: >>>> >>>>> >>>>> >>>>> On Wed, Sep 7, 2011 at 12:43 AM, Thilina Buddhika >>>>> <[email protected]>wrote: >>>>> >>>>>> Hi Senaka, >>>>>> >>>>>> I have to agree with Prabath. We already have a configuration similar >>>>>> to the following in the authenticators.xml file inside conf/advanced. >>>>>> >>>>>> <Authenticators xmlns=" >>>>>> http://wso2.org/projects/carbon/authenticators.xml";> >>>>>> >>>>>> <!-- Authenticator Configurations for TokenUIAuthenticator --> >>>>>> <Authenticator name="TokenUIAuthenticator" disabled="true"> >>>>>> <Priority>5</Priority> >>>>>> </Authenticator> >>>>>> >>>>>> ..... >>>>>> >>>>>> </Authenticators> >>>>>> >>>>>> So having defined the same element Authenticator in the carbon.xml for >>>>>> a different reason may confuse the user. >>>>>> >>>>>> AFAIK, this is used when some Carbon code is acting as a client to >>>>>> access a remote resource. In the configurations you have shared, you are >>>>>> passing a set of configurations to the authenticators, not the >>>>>> information >>>>>> about authenticator itself. So how about using something like >>>>>> ClientAuthenticationConfiguration instead of Authenticator ? >>>>>> >>>>> >>>>> s/ClientAuthenticationConfiguration/AuthenticationConfiguration >>>>> >>>> >>>> Actually, this is used to construct an extension of >>>> java.net.Authenticator, [1] for carbon. But, these are actually >>>> credentials, >>>> so may be we can use the name you suggest. But, I have a better plan, how >>>> about adding the following to authenticators.xml? >>>> >>>> <!-- Authenticator Configurations for java.net.Authenticator --> >>>> <Authenticator name="JavaNetworkAuthenticator"> >>>> <Credential> >>>> <!-- >>>> the pattern that would match a subset of URLs for >>>> which this credential >>>> >>>> would be used >>>> --> >>>> <Pattern>.*</Pattern> >>>> <!-- >>>> the type of the network connection. Allowed values >>>> are: >>>> >>>> 1. server >>>> 2. proxy >>>> --> >>>> <Type>server</Type> >>>> <!-- the username used to log in to server/proxy --> >>>> <Username>name</Username> >>>> <!-- the password used to log in to server/proxy --> >>>> <Password>password</Password> >>>> </Credential> >>>> <Credential> >>>> <!-- >>>> the pattern that would match a subset of URLs for >>>> which this credential >>>> >>>> would be used >>>> --> >>>> <Pattern>.*</Pattern> >>>> <!-- >>>> the type of the network connection. Allowed values >>>> are: >>>> >>>> 1. server >>>> 2. proxy >>>> --> >>>> <Type>proxy</Type> >>>> <!-- the username used to log in to server/proxy --> >>>> <Username>name</Username> >>>> <!-- the password used to log in to server/proxy --> >>>> <Password>password</Password> >>>> </Credential> >>>> </Authenticator> >>>> >>>> [1] >>>> http://download.oracle.com/javase/1.5.0/docs/api/java/net/Authenticator.html >>>> >>>> Thanks, >>>> Senaka. >>>> >>>>> >>>>> Thanks, >>>>> Thilina >>>>> >>>>> >>>>>> >>>>>> Thanks, >>>>>> Thilina >>>>>> >>>>>> On Tue, Sep 6, 2011 at 11:58 AM, Senaka Fernando <[email protected]>wrote: >>>>>> >>>>>>> Hi Prabath, >>>>>>> >>>>>>> On Tue, Sep 6, 2011 at 7:56 AM, Prabath Siriwardena < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Senaka, >>>>>>>> >>>>>>>> On Tue, Sep 6, 2011 at 1:47 AM, Senaka Fernando <[email protected]> >>>>>>>> wrote: >>>>>>>> > I've given this the name because this is standard Java >>>>>>>> terminology. What we >>>>>>>> > are implementing is an extension of java.net.Authenticator. Giving >>>>>>>> this some >>>>>>>> > other name would confuse somebody. Also having said that, >>>>>>>> Authenticator in >>>>>>>> > the java world is something that provides credentials for >>>>>>>> authentication. >>>>>>>> > But the CarbonAuthenticator IIRC is not doing quite that, making >>>>>>>> the latter >>>>>>>> > inconsistent. But, since we have been having it for a while, I'm >>>>>>>> not sure >>>>>>>> > what's the correct choice here. Anyway, giving this some other >>>>>>>> name does not >>>>>>>> > sound the correct thing to do. >>>>>>>> >>>>>>>> Even carbon authenticators take different type of credentials... and >>>>>>>> this seems more like a proxy proxy configuration.. >>>>>>>> >>>>>>>> This is the configuration [1] already used for axis2. >>>>>>>> >>>>>>>> <parameter name="PROXY" >>>>>>>> proxy_host="proxy_host_name" >>>>>>>> proxy_port="proxy_host_port" >>>>>>>> locked="true>userName:domain:passWord</parameter> >>>>>>>> >>>>>>>> > >>>>>>>> > According to my understanding, with regard to proxy configuration >>>>>>>> in Axis2, >>>>>>>> > that's only if the server is fronted by a proxy while lies between >>>>>>>> client >>>>>>>> > and server (ex:- Apache2 mod_proxy). This fix is to allow the >>>>>>>> server to >>>>>>>> > access resources that lie behind multiple proxies (ex:- to access >>>>>>>> WSDL >>>>>>>> > behind URL 1 you need proxy settings 1, and to access WSDL behind >>>>>>>> URL 2 you >>>>>>>> > need proxy settings 2). So, what you have in Axis2 is >>>>>>>> client-oriented (i.e. >>>>>>>> > for fixing WSDL URLs appropriately and all), and what we have >>>>>>>> introduced in >>>>>>>> > here is server-oriented. >>>>>>>> >>>>>>>> IIUC in your scenario Carbon server is trying to access a resource >>>>>>>> behind a proxy and you need to authenticate to the proxy.. Shouldn't >>>>>>>> this the same at the axis2 client end.. but this doesn't have >>>>>>>> multiple >>>>>>>> proxy support as you mentioned. In either case shouldn't this >>>>>>>> something to be in axis2.xml..? [not in carbon.xml] >>>>>>>> >>>>>>> >>>>>>> This is not a transport-level thing that applies only to webservices. >>>>>>> Axis2 is a webservices engine and this goes beyond that. For example, >>>>>>> new >>>>>>> URL("foo") call inside Java code, or accessing some resource through a >>>>>>> web >>>>>>> application is covered by this implementation. Also, this is not only >>>>>>> for a >>>>>>> proxy, but you can use it to access resources stored on a webserver that >>>>>>> requires Basic, Digest, NTLM or SPNEGO authentication. If we introduce >>>>>>> this >>>>>>> into Axis2, it would be doing something additional (i.e. beyond its >>>>>>> scope). >>>>>>> What Axis2 has right now is sufficient for its use-cases, and this is >>>>>>> something beyond that. >>>>>>> >>>>>>> Thanks, >>>>>>> Senaka. >>>>>>> >>>>>>> >>>>>>>> Thanks & regards, >>>>>>>> -Prabath >>>>>>>> >>>>>>>> [1]: http://wso2.org/library/161 >>>>>>>> _______________________________________________ >>>>>>>> Carbon-dev mailing list >>>>>>>> [email protected] >>>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Senaka Fernando* >>>>>>> Product Manager - WSO2 Governance Registry; >>>>>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>> >>>>>>> E-mail: senaka AT wso2.com >>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>> >>>>>>> *Lean . Enterprise . Middleware >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Carbon-dev mailing list >>>>>>> [email protected] >>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thilina Buddhika >>>>>> >>>>>> Associate Technical Lead >>>>>> WSO2 Inc. ; http://wso2.com >>>>>> lean . enterprise . middleware >>>>>> >>>>>> phone : +94 77 44 88 727 >>>>>> blog : http://blog.thilinamb.com >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Thilina Buddhika >>>>> Associate Technical Lead >>>>> WSO2 Inc. ; http://wso2.com >>>>> lean . enterprise . middleware >>>>> >>>>> phone : +94 77 44 88 727 >>>>> blog : http://blog.thilinamb.com >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> [email protected] >>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Senaka Fernando* >>>> Product Manager - WSO2 Governance Registry; >>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com* >>>> Member; Apache Software Foundation; http://apache.org >>>> >>>> E-mail: senaka AT wso2.com >>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>> Linked-In: http://linkedin.com/in/senakafernando >>>> >>>> *Lean . Enterprise . Middleware >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Thilina Buddhika >>> Associate Technical Lead >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 77 44 88 727 >>> blog : http://blog.thilinamb.com >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> *Senaka Fernando* >> Product Manager - WSO2 Governance Registry; >> Associate Technical Lead; WSO2 Inc.; http://wso2.com* >> Member; Apache Software Foundation; http://apache.org >> >> E-mail: senaka AT wso2.com >> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >> Linked-In: http://linkedin.com/in/senakafernando >> >> *Lean . Enterprise . Middleware >> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Thilina Buddhika > Associate Technical Lead > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 77 44 88 727 > blog : http://blog.thilinamb.com > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Senaka Fernando* Product Manager - WSO2 Governance Registry; Associate Technical Lead; WSO2 Inc.; http://wso2.com* Member; Apache Software Foundation; http://apache.org E-mail: senaka AT wso2.com **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 Linked-In: http://linkedin.com/in/senakafernando *Lean . Enterprise . Middleware
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
