Hi Hasini, That's defined in a constant in the registry kernel, IIRC. Unlike in UM, the characters restricted in G-Reg are those that are not allowed by SQL, and the delimiters we have used in the code. So, the list is constant, instead of something that a user can define as in UM.
Thanks, Senaka. On Tue, Dec 20, 2011 at 10:18 AM, Hasini Gunasinghe <has...@wso2.com> wrote: > > > On Mon, Dec 19, 2011 at 11:58 PM, Thilina Buddhika <thili...@wso2.com>wrote: > >> >> >> On Mon, Dec 19, 2011 at 11:54 PM, Senaka Fernando <sen...@wso2.com>wrote: >> >>> Hi all, >>> >>> +1. I thought we had it in some form, and it seems that I was wrong. All >>> invalid characters of G-Reg, should be invalid for UM, and UM can have >>> additional invalid characters if needed. Both the registry BE and FE have >>> validations, and may be we can reuse some logic in UM. >>> >> >> UM also has both FE and BE validations. The only problem is the invalid >> character set is not synced up with that of the registry. >> > > UM does FE and BE validation according to the following parameters defined > in user-mgt.xml and hence they are configurable. > Where are those of registry are specified? > If they are also read from configuration, we can make default > configurations the same. > > -UsernameJavaRegEx > -UsernameJavaScriptRegEx > -RolenameJavaRegEx > -RolenameJavaScriptRegEx > > Thanks, > Hasini. > >> >> Thanks, >> Thilina >> >> >>> >>> Thanks, >>> Senaka. >>> >>> >>> On Mon, Dec 19, 2011 at 10:06 PM, Prabath Siriwardena >>> <prab...@wso2.com>wrote: >>> >>>> >>>> >>>> On Mon, Dec 19, 2011 at 9:31 PM, Supun Malinga <sup...@wso2.com> wrote: >>>> >>>>> >>>>> >>>>> On Mon, Dec 19, 2011 at 9:12 PM, Thilina Buddhika >>>>> <thili...@wso2.com>wrote: >>>>> >>>>>> Hi Folks, >>>>>> >>>>>> At the moment, the two invalid character sets used in UM(for >>>>>> usernames and rolenames) and Registry (for Registry resources) are not >>>>>> synced. But in some of the components, username is used as part of the >>>>>> registry resources. Due to this , there are so many Carbon jira's created >>>>>> for broken functionality when there are characters in the >>>>>> usernames/rolesnames which are considered invalid for registry resource >>>>>> names. When I reviewed Jiras created for Identity and Security >>>>>> components, >>>>>> I found nearly 10-15 Jiras created for similar cases. I think it is the >>>>>> case for other components as well. >>>>>> >>>>>> So I suggest we should consider the same set of characters as invalid >>>>>> for both UM and Registry. >>>>>> >>>>> >>>>> +1 >>>>> How about introducing a JS function into core ui bundle that can >>>>> filter and identify the invalid characters. I also faced this kind of >>>>> issue >>>>> where sql injection was possible when I hadn't controlled the role-names >>>>> allowed into server-roles component. So I ended up in adding my own js >>>>> function to filter these. If it is available from core ui utils itself it >>>>> would be much easier to define a common rule-set for allowing characters >>>>> for property names from the ui, etc. >>>>> >>>> >>>> This also needs to be checked both at the UI level as well as at the >>>> service level - and UI should ideally ask the validation rule from the BE >>>> and then validate.. and BE should also validate independently... >>>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> >>>>> >>>>> thanks, >>>>> >>>>> >>>>>> Thanks, >>>>>> Thilina >>>>>> >>>>>> >>>>>> -- >>>>>> Thilina Buddhika >>>>>> Associate Technical Lead >>>>>> WSO2 Inc. ; http://wso2.com >>>>>> lean . enterprise . middleware >>>>>> >>>>>> phone : +94 77 44 88 727 >>>>>> blog : http://blog.thilinamb.com >>>>>> >>>>>> _______________________________________________ >>>>>> Carbon-dev mailing list >>>>>> Carbon-dev@wso2.org >>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Supun Malinga, >>>>> >>>>> Software Engineer, >>>>> WSO2 Inc. >>>>> http://wso2.com >>>>> http://wso2.org >>>>> email - sup...@wso2.com <sup...@wso2.com> >>>>> mobile - 071 56 91 321 >>>>> >>>>> >>>>> _______________________________________________ >>>>> Carbon-dev mailing list >>>>> Carbon-dev@wso2.org >>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> http://blog.facilelogin.com >>>> http://RampartFAQ.com >>>> >>>> _______________________________________________ >>>> Carbon-dev mailing list >>>> Carbon-dev@wso2.org >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> >>>> >>> >>> >>> -- >>> *Senaka Fernando* >>> Product Manager - WSO2 Governance Registry; >>> Associate Technical Lead; WSO2 Inc.; http://wso2.com >>> * >>> Member; Apache Software Foundation; http://apache.org >>> >>> E-mail: senaka AT wso2.com >>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>> Linked-In: http://linkedin.com/in/senakafernando >>> >>> *Lean . Enterprise . Middleware >>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> Carbon-dev@wso2.org >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Thilina Buddhika >> Associate Technical Lead >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 77 44 88 727 >> blog : http://blog.thilinamb.com >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- *Senaka Fernando* Product Manager - WSO2 Governance Registry; Associate Technical Lead; WSO2 Inc.; http://wso2.com* Member; Apache Software Foundation; http://apache.org E-mail: senaka AT wso2.com **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 Linked-In: http://linkedin.com/in/senakafernando *Lean . Enterprise . Middleware
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
