I think thats a bug in TryIt. In fact it might even create a way of attacking from one tenant to another? I think the right thing to do here is to fix TryIt so each tenant uses only their own per-tenant services.
Paul On 4 May 2012 09:42, Sanjeewa Malalgoda <sanje...@wso2.com> wrote: > Hi, > I found some other issue in LB emdpoint. When we try to invoke deployed > web service using tryit UI it send request to To > *carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp * > Then loadbalancer misunderstand this as request to super admin tenant and > forward request to default cluster. Also found that many requests coming > from tenant doesn't contain tenant domain in request. How do we proceed > with this? > > > Thanks. > > > > On Thu, May 3, 2012 at 12:23 PM, Sanjeewa Malalgoda <sanje...@wso2.com>wrote: > >> Hi All, >> We had issue with logging in tenant aware load balancer (when SSO >> Enabled) which was discussed above. Problem is, i found that there is a >> looping problem between appserver and is clusters because logging >> requests doesn't have tenant domain in their URL's and then load balancer >> misunderstand it as a request to super admin(Tenant Id 0) and forward it to >> default cluster. >> >> simplest possible solution for this is* setting tenant domain as a >> parameter to message context form identity side*(SSO) when user logging >> request comes and Tenant aware load balancer checks that parameter only >> if tenant id is 0.That is good solution in performance point of view. >> >> Can someone from Identity side help on setting this parameter please? >> >> Thanks >> >> On Sun, Apr 1, 2012 at 4:58 PM, Afkham Azeez <az...@wso2.com> wrote: >> >>> This is different. The main sequence may not change at all, but the >>> loadbalancer.conf file will be changed to modify the tenant partitioning. >>> We will need a separate hot deployer to handle the loadbalancer config >>> change. >>> >>> >>> On Sun, Apr 1, 2012 at 4:54 PM, Sanjeewa Malalgoda <sanje...@wso2.com>wrote: >>> >>>> yes we can make it dynamic. Once main sequence updated it pick up >>>> loadbalancer.xml changes and work according to that. So we can improve that >>>> or we can update config as per admin request. >>>> Thanks. >>>> >>>> >>>> On Sun, Apr 1, 2012 at 3:06 PM, Paul Fremantle <p...@wso2.com> wrote: >>>> >>>>> Great. I think that is what one of our other customers is looking for >>>>> right now. >>>>> >>>>> Paul >>>>> >>>>> >>>>> On 1 April 2012 10:34, Afkham Azeez <az...@wso2.com> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Sun, Apr 1, 2012 at 2:57 PM, Paul Fremantle <p...@wso2.com> wrote: >>>>>> >>>>>>> Let me understand: can I use this to put a specific tenant to >>>>>>> cluster and no-one else? >>>>>> >>>>>> >>>>>> Yes, you can define a cluster that contains a single tenant. So, we >>>>>> can now support private jet mode. The number of nodes in that cluster is >>>>>> done through the autoscaling configuration. Does that answer your >>>>>> question? >>>>>> >>>>>> >>>>>>> >>>>>>> Also: can the config be dynamic? e.g. can I modify this definition >>>>>>> at runtime? Or only static? >>>>>>> >>>>>> >>>>>> Tenant partition definitions are static. Processes which have loaded >>>>>> a tenant cannot unload that tenant and reload it with the state etc. on a >>>>>> different cluster. However, I believe we can support hotUpdate of the >>>>>> loadbalancer.conf file, which will allow you to change the tenant >>>>>> partitions, so that new requests can be handled by a different cluster. >>>>>> The >>>>>> way we have implemented it currently, only the LB is aware of the >>>>>> partitioning and not the worker nodes. >>>>>> >>>>>> >>>>>>> >>>>>>> Paul >>>>>>> >>>>>>> On 12 March 2012 13:31, Sanjeewa Malalgoda <sanje...@wso2.com>wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> Here i'm attaching the design diagram of this implementation, And >>>>>>>> configurations will be as follows. >>>>>>>> >>>>>>>> *01.LoadBalancer.xml file we can define domain and corresponding >>>>>>>> clusters and their tenant ranges as follows* >>>>>>>> >>>>>>>> <service> >>>>>>>> <hosts> >>>>>>>> <host>appserver.cloud-test.wso2.com</host> >>>>>>>> </hosts> >>>>>>>> <!--domain>wso2.carbon.as.domain</domain--> >>>>>>>> <domains> >>>>>>>> <domain> >>>>>>>> <name>wso2.as1.domain</name> >>>>>>>> <tenantRange>1,100</tenantRange> >>>>>>>> </domain> >>>>>>>> <domain> >>>>>>>> <name>wso2.as2.domain</name> >>>>>>>> <tenantRange>101,200</tenantRange> >>>>>>>> </domain> >>>>>>>> <domain> >>>>>>>> <name>wso2.as3.domain</name> >>>>>>>> <tenantRange>201,300</tenantRange> >>>>>>>> </domain> >>>>>>>> <domain> >>>>>>>> <name>wso2.as4.domain</name> >>>>>>>> <tenantRange>*</tenantRange> >>>>>>>> </domain> >>>>>>>> </domains> >>>>>>>> </service> >>>>>>>> >>>>>>>> *In synapse main.xml Endpoint Defines as follows* >>>>>>>> * >>>>>>>> * >>>>>>>> <endpoint name="tenantAwareLBEndpoint"> >>>>>>>> <class name >>>>>>>> ="org.wso2.carbon.endpoint.service.TenantAwareLoadBalanceEndpoint"> >>>>>>>> <parameter name="algorithm"> >>>>>>>> org.apache.synapse.endpoints.algorithms.RoundRobin</parameter> >>>>>>>> <parameter >>>>>>>> name="configuration">$system:loadbalancer.xml</parameter> >>>>>>>> <parameter name="failover">true</parameter> >>>>>>>> >>>>>>>> </class> >>>>>>>> </endpoint> >>>>>>>> >>>>>>>> Thanks. >>>>>>>> >>>>>>>> >>>>>>>> On Sun, Mar 4, 2012 at 2:09 AM, Afkham Azeez <az...@wso2.com>wrote: >>>>>>>> >>>>>>>>> User management in the LB is not configured properly? We never >>>>>>>>> used this in the LB before. Even CarbonContext will not be created >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Afkham Azeez >>>>>>>>> Sent from my phone >>>>>>>>> On Mar 3, 2012 9:30 PM, "Sanjeewa Malalgoda" <sanje...@wso2.com> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi All, >>>>>>>>>> I was able to setup 2 app services clusters that maps to same >>>>>>>>>> host address and setup load balancer according to static >>>>>>>>>> configuration(host/domain/tenant range). with this implementation >>>>>>>>>> *we can send requests to correct cluster based on tenant domain >>>>>>>>>> in url*.For this i created new TenantAwareLoadBalancer endpoint >>>>>>>>>> in carbon end points and configure loadbalancer to use that end >>>>>>>>>> point(We >>>>>>>>>> can use external endpoints after azeez latest change to synapse >>>>>>>>>> trunk). >>>>>>>>>> First we get domainTenantContext(Which holds map of tenatid, cluster >>>>>>>>>> domain) object according to host address. Then we can get cluster >>>>>>>>>> domain >>>>>>>>>> from domainTenantContext object by passing tenant id (if there no >>>>>>>>>> any value >>>>>>>>>> that maps to tenantId key we will send that request to cluster with >>>>>>>>>> constant tenant id something like 0 or 1000 by this we can avoid >>>>>>>>>> upper >>>>>>>>>> range mapping). Map holds values something like below. >>>>>>>>>> >>>>>>>>>> tenat id cluster domain >>>>>>>>>> 1-200 as1.domain >>>>>>>>>> 201-400 as2.domain >>>>>>>>>> 0 as3.domain >>>>>>>>>> >>>>>>>>>> so if request comes to 401 tenant request will send to as3.domain >>>>>>>>>> cluster(default cluster). And regard sticky session implementation >>>>>>>>>> which we >>>>>>>>>> discussed in separate mail i will work with azeez. For this moment >>>>>>>>>> all >>>>>>>>>> configurations are hard coded and easily we can make them >>>>>>>>>> configurable. >>>>>>>>>> Ideas and comments are welcome on this. >>>>>>>>>> >>>>>>>>>> And i have one question inside loadbalancer product we are always >>>>>>>>>> getting getRealmService().getTenantManager().getTenantId(domainName) >>>>>>>>>> as -1 >>>>>>>>>> (which means no such tenant). What did we miss here ? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thanks. >>>>>>>>>> -- >>>>>>>>>> *Sanjeewa Malalgoda* >>>>>>>>>> Software Engineer >>>>>>>>>> ** >>>>>>>>>> *WSO2, Inc.* >>>>>>>>>> lean.enterprise.middleware. >>>>>>>>>> >>>>>>>>>> mobile : +94 713068779 >>>>>>>>>> web: http://wso2.com >>>>>>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>>>>>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>>>>>>>>> >>>>>>>>>> [image: >>>>>>>>>> http://wso2.com/wp-content/themes/wso2ng-v2/images/logos/stratos_logo_h42.gif] >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Stratos-dev mailing list >>>>>>>>>> stratos-...@wso2.org >>>>>>>>>> https://wso2.org/cgi-bin/mailman/listinfo/stratos-dev >>>>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Sanjeewa Malalgoda* >>>>>>>> Software Engineer >>>>>>>> ** >>>>>>>> *WSO2, Inc.* >>>>>>>> lean.enterprise.middleware. >>>>>>>> >>>>>>>> mobile : +94 713068779 >>>>>>>> web: http://wso2.com >>>>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>>>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>>>>>>> >>>>>>>> [image: >>>>>>>> http://wso2.com/wp-content/themes/wso2ng-v2/images/logos/stratos_logo_h42.gif] >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> Dev@wso2.org >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Paul Fremantle >>>>>>> CTO and Co-Founder, WSO2 >>>>>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>>>>>> >>>>>>> UK: +44 207 096 0336 >>>>>>> US: +1 646 595 7614 >>>>>>> >>>>>>> blog: http://pzf.fremantle.org >>>>>>> twitter.com/pzfreo >>>>>>> p...@wso2.com >>>>>>> >>>>>>> wso2.com Lean Enterprise Middleware >>>>>>> >>>>>>> Disclaimer: This communication may contain privileged or other >>>>>>> confidential information and is intended exclusively for the >>>>>>> addressee/s. >>>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>>> received this communication in error, please reply to the sender >>>>>>> indicating >>>>>>> that fact and delete the copy you received and in addition, you should >>>>>>> not >>>>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>>>> contained in this communication. Internet communications cannot be >>>>>>> guaranteed to be timely, secure, error or virus-free. The sender does >>>>>>> not >>>>>>> accept liability for any errors or omissions. >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Afkham Azeez* >>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>> * <http://www.apache.org/>** >>>>>> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 >>>>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>>>> twitter: >>>>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>>>> * >>>>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>>>> * >>>>>> * >>>>>> *Lean . Enterprise . Middleware* >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Paul Fremantle >>>>> CTO and Co-Founder, WSO2 >>>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>>>> >>>>> UK: +44 207 096 0336 >>>>> US: +1 646 595 7614 >>>>> >>>>> blog: http://pzf.fremantle.org >>>>> twitter.com/pzfreo >>>>> p...@wso2.com >>>>> >>>>> wso2.com Lean Enterprise Middleware >>>>> >>>>> Disclaimer: This communication may contain privileged or other >>>>> confidential information and is intended exclusively for the addressee/s. >>>>> If you are not the intended recipient/s, or believe that you may have >>>>> received this communication in error, please reply to the sender >>>>> indicating >>>>> that fact and delete the copy you received and in addition, you should not >>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>> contained in this communication. Internet communications cannot be >>>>> guaranteed to be timely, secure, error or virus-free. The sender does not >>>>> accept liability for any errors or omissions. >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Sanjeewa Malalgoda* >>>> Software Engineer >>>> ** >>>> *WSO2, Inc.* >>>> lean.enterprise.middleware. >>>> >>>> mobile : +94 713068779 >>>> web: http://wso2.com >>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>>> >>>> [image: >>>> http://wso2.com/wp-content/themes/wso2ng-v2/images/logos/stratos_logo_h42.gif] >>>> >>>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Director of Architecture; WSO2, Inc.; http://wso2.com >>> Member; Apache Software Foundation; http://www.apache.org/ >>> * <http://www.apache.org/>** >>> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 >>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>> * >>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>> * >>> * >>> *Lean . Enterprise . Middleware* >>> >>> >> >> >> -- >> *Sanjeewa Malalgoda* >> >> mobile : +94 713068779 >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >> > > > > -- > *Sanjeewa Malalgoda* > mobile : +94 713068779 > <http://sanjeewamalalgoda.blogspot.com/>blog > :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Paul Fremantle CTO and Co-Founder, WSO2 OASIS WS-RX TC Co-chair, VP, Apache Synapse UK: +44 207 096 0336 US: +1 646 595 7614 blog: http://pzf.fremantle.org twitter.com/pzfreo p...@wso2.com wso2.com Lean Enterprise Middleware Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, retransmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
