Hi Hasini,
The following are the set of illegal characters for a resource path. We
have defined them in Repository.java file in
package org.wso2.carbon.registry.core.jdbc. Note that we use the following
regular expression to match the illegal set of characters.
".*[~!@#;%^*+={}\\|\\\\<>\",\'].*"
Thanks,
Janaka
On Tue, Dec 20, 2011 at 9:45 PM, Hasini Gunasinghe <[email protected]> wrote:
> Hi Senaka,
>
> On Tue, Dec 20, 2011 at 10:22 AM, Senaka Fernando <[email protected]> wrote:
>
>> Hi Hasini,
>>
>> That's defined in a constant in the registry kernel, IIRC. Unlike in UM,
>> the characters restricted in G-Reg are those that are not allowed by SQL,
>> and the delimiters we have used in the code. So, the list is constant,
>> instead of something that a user can define as in UM.
>>
>> Can you please point to those constants defined the code? I hope it is in
> one place.
> So that we can decide whether we can include them in the default regular
> expression that we specify in configuration, in order to sync the invalid
> characters used in UM and Registry.
>
> Thanks,
> Hasini.
>
>
> Thanks,
>> Senaka.
>>
>>
>> On Tue, Dec 20, 2011 at 10:18 AM, Hasini Gunasinghe <[email protected]>wrote:
>>
>>>
>>>
>>> On Mon, Dec 19, 2011 at 11:58 PM, Thilina Buddhika <[email protected]>wrote:
>>>
>>>>
>>>>
>>>> On Mon, Dec 19, 2011 at 11:54 PM, Senaka Fernando <[email protected]>wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> +1. I thought we had it in some form, and it seems that I was wrong.
>>>>> All invalid characters of G-Reg, should be invalid for UM, and UM can have
>>>>> additional invalid characters if needed. Both the registry BE and FE have
>>>>> validations, and may be we can reuse some logic in UM.
>>>>>
>>>>
>>>> UM also has both FE and BE validations. The only problem is the invalid
>>>> character set is not synced up with that of the registry.
>>>>
>>>
>>> UM does FE and BE validation according to the following parameters
>>> defined in user-mgt.xml and hence they are configurable.
>>> Where are those of registry are specified?
>>> If they are also read from configuration, we can make default
>>> configurations the same.
>>>
>>> -UsernameJavaRegEx
>>> -UsernameJavaScriptRegEx
>>> -RolenameJavaRegEx
>>> -RolenameJavaScriptRegEx
>>>
>>> Thanks,
>>> Hasini.
>>>
>>>>
>>>> Thanks,
>>>> Thilina
>>>>
>>>>
>>>>>
>>>>> Thanks,
>>>>> Senaka.
>>>>>
>>>>>
>>>>> On Mon, Dec 19, 2011 at 10:06 PM, Prabath Siriwardena <
>>>>> [email protected]> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Mon, Dec 19, 2011 at 9:31 PM, Supun Malinga <[email protected]>wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Dec 19, 2011 at 9:12 PM, Thilina Buddhika <[email protected]
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> Hi Folks,
>>>>>>>>
>>>>>>>> At the moment, the two invalid character sets used in UM(for
>>>>>>>> usernames and rolenames) and Registry (for Registry resources) are not
>>>>>>>> synced. But in some of the components, username is used as part of the
>>>>>>>> registry resources. Due to this , there are so many Carbon jira's
>>>>>>>> created
>>>>>>>> for broken functionality when there are characters in the
>>>>>>>> usernames/rolesnames which are considered invalid for registry resource
>>>>>>>> names. When I reviewed Jiras created for Identity and Security
>>>>>>>> components,
>>>>>>>> I found nearly 10-15 Jiras created for similar cases. I think it is the
>>>>>>>> case for other components as well.
>>>>>>>>
>>>>>>>> So I suggest we should consider the same set of characters as
>>>>>>>> invalid for both UM and Registry.
>>>>>>>>
>>>>>>>
>>>>>>> +1
>>>>>>> How about introducing a JS function into core ui bundle that can
>>>>>>> filter and identify the invalid characters. I also faced this kind of
>>>>>>> issue
>>>>>>> where sql injection was possible when I hadn't controlled the
>>>>>>> role-names
>>>>>>> allowed into server-roles component. So I ended up in adding my own js
>>>>>>> function to filter these. If it is available from core ui utils itself
>>>>>>> it
>>>>>>> would be much easier to define a common rule-set for allowing characters
>>>>>>> for property names from the ui, etc.
>>>>>>>
>>>>>>
>>>>>> This also needs to be checked both at the UI level as well as at the
>>>>>> service level - and UI should ideally ask the validation rule from the BE
>>>>>> and then validate.. and BE should also validate independently...
>>>>>>
>>>>>> Thanks & regards,
>>>>>> -Prabath
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> thanks,
>>>>>>>
>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Thilina
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Thilina Buddhika
>>>>>>>> Associate Technical Lead
>>>>>>>> WSO2 Inc. ; http://wso2.com
>>>>>>>> lean . enterprise . middleware
>>>>>>>>
>>>>>>>> phone : +94 77 44 88 727
>>>>>>>> blog : http://blog.thilinamb.com
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Carbon-dev mailing list
>>>>>>>> [email protected]
>>>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Supun Malinga,
>>>>>>>
>>>>>>> Software Engineer,
>>>>>>> WSO2 Inc.
>>>>>>> http://wso2.com
>>>>>>> http://wso2.org
>>>>>>> email - [email protected] <[email protected]>
>>>>>>> mobile - 071 56 91 321
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Carbon-dev mailing list
>>>>>>> [email protected]
>>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Thanks & Regards,
>>>>>> Prabath
>>>>>>
>>>>>> http://blog.facilelogin.com
>>>>>> http://RampartFAQ.com
>>>>>>
>>>>>> _______________________________________________
>>>>>> Carbon-dev mailing list
>>>>>> [email protected]
>>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Senaka Fernando*
>>>>> Product Manager - WSO2 Governance Registry;
>>>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com
>>>>> *
>>>>> Member; Apache Software Foundation; http://apache.org
>>>>>
>>>>> E-mail: senaka AT wso2.com
>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>>>>> Linked-In: http://linkedin.com/in/senakafernando
>>>>>
>>>>> *Lean . Enterprise . Middleware
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Carbon-dev mailing list
>>>>> [email protected]
>>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thilina Buddhika
>>>> Associate Technical Lead
>>>> WSO2 Inc. ; http://wso2.com
>>>> lean . enterprise . middleware
>>>>
>>>> phone : +94 77 44 88 727
>>>> blog : http://blog.thilinamb.com
>>>>
>>>> _______________________________________________
>>>> Carbon-dev mailing list
>>>> [email protected]
>>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Carbon-dev mailing list
>>> [email protected]
>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>
>>>
>>
>>
>> --
>> *Senaka Fernando*
>> Product Manager - WSO2 Governance Registry;
>> Associate Technical Lead; WSO2 Inc.; http://wso2.com*
>> Member; Apache Software Foundation; http://apache.org
>>
>> E-mail: senaka AT wso2.com
>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818
>> Linked-In: http://linkedin.com/in/senakafernando
>>
>> *Lean . Enterprise . Middleware
>>
>>
>> _______________________________________________
>> Carbon-dev mailing list
>> [email protected]
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>
> _______________________________________________
> Carbon-dev mailing list
> [email protected]
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
--
Janaka Ranabahu
Software Engineer
WSO2 Inc.
Mobile +94 718370861
Email : [email protected]
Blog : janakaranabahu.blogspot.com
_______________________________________________
Carbon-dev mailing list
[email protected]
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
