Yes we have to fix it from try it code. Also i can go ahead and modify sso code to add tenant domain parameter to message context to avoid looping issue mentioned above. WDYT?
Thanks. On Fri, May 4, 2012 at 2:19 PM, Paul Fremantle <[email protected]> wrote: > I think thats a bug in TryIt. In fact it might even create a way of > attacking from one tenant to another? I think the right thing to do here is > to fix TryIt so each tenant uses only their own per-tenant services. > > Paul > > > On 4 May 2012 09:42, Sanjeewa Malalgoda <[email protected]> wrote: > >> Hi, >> I found some other issue in LB emdpoint. When we try to invoke deployed >> web service using tryit UI it send request to To >> *carbon/admin/jsp/WSRequestXSSproxy_ajaxprocessor.jsp * >> Then loadbalancer misunderstand this as request to super admin tenant and >> forward request to default cluster. Also found that many requests coming >> from tenant doesn't contain tenant domain in request. How do we proceed >> with this? >> >> >> Thanks. >> >> >> >> On Thu, May 3, 2012 at 12:23 PM, Sanjeewa Malalgoda <[email protected]>wrote: >> >>> Hi All, >>> We had issue with logging in tenant aware load balancer (when SSO >>> Enabled) which was discussed above. Problem is, i found that there is a >>> looping problem between appserver and is clusters because logging >>> requests doesn't have tenant domain in their URL's and then load balancer >>> misunderstand it as a request to super admin(Tenant Id 0) and forward it to >>> default cluster. >>> >>> simplest possible solution for this is* setting tenant domain as a >>> parameter to message context form identity side*(SSO) when user logging >>> request comes and Tenant aware load balancer checks that parameter only >>> if tenant id is 0.That is good solution in performance point of view. >>> >>> Can someone from Identity side help on setting this parameter please? >>> >>> Thanks >>> >>> On Sun, Apr 1, 2012 at 4:58 PM, Afkham Azeez <[email protected]> wrote: >>> >>>> This is different. The main sequence may not change at all, but the >>>> loadbalancer.conf file will be changed to modify the tenant partitioning. >>>> We will need a separate hot deployer to handle the loadbalancer config >>>> change. >>>> >>>> >>>> On Sun, Apr 1, 2012 at 4:54 PM, Sanjeewa Malalgoda >>>> <[email protected]>wrote: >>>> >>>>> yes we can make it dynamic. Once main sequence updated it pick up >>>>> loadbalancer.xml changes and work according to that. So we can improve >>>>> that >>>>> or we can update config as per admin request. >>>>> Thanks. >>>>> >>>>> >>>>> On Sun, Apr 1, 2012 at 3:06 PM, Paul Fremantle <[email protected]> wrote: >>>>> >>>>>> Great. I think that is what one of our other customers is looking for >>>>>> right now. >>>>>> >>>>>> Paul >>>>>> >>>>>> >>>>>> On 1 April 2012 10:34, Afkham Azeez <[email protected]> wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Sun, Apr 1, 2012 at 2:57 PM, Paul Fremantle <[email protected]>wrote: >>>>>>> >>>>>>>> Let me understand: can I use this to put a specific tenant to >>>>>>>> cluster and no-one else? >>>>>>> >>>>>>> >>>>>>> Yes, you can define a cluster that contains a single tenant. So, we >>>>>>> can now support private jet mode. The number of nodes in that cluster is >>>>>>> done through the autoscaling configuration. Does that answer your >>>>>>> question? >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Also: can the config be dynamic? e.g. can I modify this definition >>>>>>>> at runtime? Or only static? >>>>>>>> >>>>>>> >>>>>>> Tenant partition definitions are static. Processes which have loaded >>>>>>> a tenant cannot unload that tenant and reload it with the state etc. on >>>>>>> a >>>>>>> different cluster. However, I believe we can support hotUpdate of the >>>>>>> loadbalancer.conf file, which will allow you to change the tenant >>>>>>> partitions, so that new requests can be handled by a different cluster. >>>>>>> The >>>>>>> way we have implemented it currently, only the LB is aware of the >>>>>>> partitioning and not the worker nodes. >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> Paul >>>>>>>> >>>>>>>> On 12 March 2012 13:31, Sanjeewa Malalgoda <[email protected]>wrote: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> Here i'm attaching the design diagram of this implementation, And >>>>>>>>> configurations will be as follows. >>>>>>>>> >>>>>>>>> *01.LoadBalancer.xml file we can define domain and corresponding >>>>>>>>> clusters and their tenant ranges as follows* >>>>>>>>> >>>>>>>>> <service> >>>>>>>>> <hosts> >>>>>>>>> <host>appserver.cloud-test.wso2.com</host> >>>>>>>>> </hosts> >>>>>>>>> <!--domain>wso2.carbon.as.domain</domain--> >>>>>>>>> <domains> >>>>>>>>> <domain> >>>>>>>>> <name>wso2.as1.domain</name> >>>>>>>>> <tenantRange>1,100</tenantRange> >>>>>>>>> </domain> >>>>>>>>> <domain> >>>>>>>>> <name>wso2.as2.domain</name> >>>>>>>>> <tenantRange>101,200</tenantRange> >>>>>>>>> </domain> >>>>>>>>> <domain> >>>>>>>>> <name>wso2.as3.domain</name> >>>>>>>>> <tenantRange>201,300</tenantRange> >>>>>>>>> </domain> >>>>>>>>> <domain> >>>>>>>>> <name>wso2.as4.domain</name> >>>>>>>>> <tenantRange>*</tenantRange> >>>>>>>>> </domain> >>>>>>>>> </domains> >>>>>>>>> </service> >>>>>>>>> >>>>>>>>> *In synapse main.xml Endpoint Defines as follows* >>>>>>>>> * >>>>>>>>> * >>>>>>>>> <endpoint name="tenantAwareLBEndpoint"> >>>>>>>>> <class name >>>>>>>>> ="org.wso2.carbon.endpoint.service.TenantAwareLoadBalanceEndpoint"> >>>>>>>>> <parameter name="algorithm"> >>>>>>>>> org.apache.synapse.endpoints.algorithms.RoundRobin</parameter> >>>>>>>>> <parameter >>>>>>>>> name="configuration">$system:loadbalancer.xml</parameter> >>>>>>>>> <parameter name="failover">true</parameter> >>>>>>>>> >>>>>>>>> </class> >>>>>>>>> </endpoint> >>>>>>>>> >>>>>>>>> Thanks. >>>>>>>>> >>>>>>>>> >>>>>>>>> On Sun, Mar 4, 2012 at 2:09 AM, Afkham Azeez <[email protected]>wrote: >>>>>>>>> >>>>>>>>>> User management in the LB is not configured properly? We never >>>>>>>>>> used this in the LB before. Even CarbonContext will not be created >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Afkham Azeez >>>>>>>>>> Sent from my phone >>>>>>>>>> On Mar 3, 2012 9:30 PM, "Sanjeewa Malalgoda" <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Hi All, >>>>>>>>>>> I was able to setup 2 app services clusters that maps to same >>>>>>>>>>> host address and setup load balancer according to static >>>>>>>>>>> configuration(host/domain/tenant range). with this implementation >>>>>>>>>>> *we can send requests to correct cluster based on tenant domain >>>>>>>>>>> in url*.For this i created new TenantAwareLoadBalancer endpoint >>>>>>>>>>> in carbon end points and configure loadbalancer to use that end >>>>>>>>>>> point(We >>>>>>>>>>> can use external endpoints after azeez latest change to synapse >>>>>>>>>>> trunk). >>>>>>>>>>> First we get domainTenantContext(Which holds map of tenatid, cluster >>>>>>>>>>> domain) object according to host address. Then we can get cluster >>>>>>>>>>> domain >>>>>>>>>>> from domainTenantContext object by passing tenant id (if there no >>>>>>>>>>> any value >>>>>>>>>>> that maps to tenantId key we will send that request to cluster with >>>>>>>>>>> constant tenant id something like 0 or 1000 by this we can avoid >>>>>>>>>>> upper >>>>>>>>>>> range mapping). Map holds values something like below. >>>>>>>>>>> >>>>>>>>>>> tenat id cluster domain >>>>>>>>>>> 1-200 as1.domain >>>>>>>>>>> 201-400 as2.domain >>>>>>>>>>> 0 as3.domain >>>>>>>>>>> >>>>>>>>>>> so if request comes to 401 tenant request will send to >>>>>>>>>>> as3.domain cluster(default cluster). And regard sticky session >>>>>>>>>>> implementation which we discussed in separate mail i will work with >>>>>>>>>>> azeez. >>>>>>>>>>> For this moment all configurations are hard coded and easily we can >>>>>>>>>>> make >>>>>>>>>>> them configurable. Ideas and comments are welcome on this. >>>>>>>>>>> >>>>>>>>>>> And i have one question inside loadbalancer product we >>>>>>>>>>> are always getting >>>>>>>>>>> getRealmService().getTenantManager().getTenantId(domainName) as -1 >>>>>>>>>>> (which >>>>>>>>>>> means no such tenant). What did we miss here ? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Thanks. >>>>>>>>>>> -- >>>>>>>>>>> *Sanjeewa Malalgoda* >>>>>>>>>>> Software Engineer >>>>>>>>>>> ** >>>>>>>>>>> *WSO2, Inc.* >>>>>>>>>>> lean.enterprise.middleware. >>>>>>>>>>> >>>>>>>>>>> mobile : +94 713068779 >>>>>>>>>>> web: http://wso2.com >>>>>>>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>>>>>>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>>>>>>>>>> >>>>>>>>>>> [image: >>>>>>>>>>> http://wso2.com/wp-content/themes/wso2ng-v2/images/logos/stratos_logo_h42.gif] >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Stratos-dev mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://wso2.org/cgi-bin/mailman/listinfo/stratos-dev >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Sanjeewa Malalgoda* >>>>>>>>> Software Engineer >>>>>>>>> ** >>>>>>>>> *WSO2, Inc.* >>>>>>>>> lean.enterprise.middleware. >>>>>>>>> >>>>>>>>> mobile : +94 713068779 >>>>>>>>> web: http://wso2.com >>>>>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>>>>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>>>>>>>> >>>>>>>>> [image: >>>>>>>>> http://wso2.com/wp-content/themes/wso2ng-v2/images/logos/stratos_logo_h42.gif] >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> [email protected] >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Paul Fremantle >>>>>>>> CTO and Co-Founder, WSO2 >>>>>>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>>>>>>> >>>>>>>> UK: +44 207 096 0336 >>>>>>>> US: +1 646 595 7614 >>>>>>>> >>>>>>>> blog: http://pzf.fremantle.org >>>>>>>> twitter.com/pzfreo >>>>>>>> [email protected] >>>>>>>> >>>>>>>> wso2.com Lean Enterprise Middleware >>>>>>>> >>>>>>>> Disclaimer: This communication may contain privileged or other >>>>>>>> confidential information and is intended exclusively for the >>>>>>>> addressee/s. >>>>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>>>> received this communication in error, please reply to the sender >>>>>>>> indicating >>>>>>>> that fact and delete the copy you received and in addition, you should >>>>>>>> not >>>>>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>>>>> contained in this communication. Internet communications cannot be >>>>>>>> guaranteed to be timely, secure, error or virus-free. The sender does >>>>>>>> not >>>>>>>> accept liability for any errors or omissions. >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Afkham Azeez* >>>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>> * <http://www.apache.org/>** >>>>>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>>>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>>>>> twitter: >>>>>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>>>>> * >>>>>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>>>>> * >>>>>>> * >>>>>>> *Lean . Enterprise . Middleware* >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Paul Fremantle >>>>>> CTO and Co-Founder, WSO2 >>>>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>>>>> >>>>>> UK: +44 207 096 0336 >>>>>> US: +1 646 595 7614 >>>>>> >>>>>> blog: http://pzf.fremantle.org >>>>>> twitter.com/pzfreo >>>>>> [email protected] >>>>>> >>>>>> wso2.com Lean Enterprise Middleware >>>>>> >>>>>> Disclaimer: This communication may contain privileged or other >>>>>> confidential information and is intended exclusively for the addressee/s. >>>>>> If you are not the intended recipient/s, or believe that you may have >>>>>> received this communication in error, please reply to the sender >>>>>> indicating >>>>>> that fact and delete the copy you received and in addition, you should >>>>>> not >>>>>> print, copy, retransmit, disseminate, or otherwise use the information >>>>>> contained in this communication. Internet communications cannot be >>>>>> guaranteed to be timely, secure, error or virus-free. The sender does not >>>>>> accept liability for any errors or omissions. >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Sanjeewa Malalgoda* >>>>> Software Engineer >>>>> ** >>>>> *WSO2, Inc.* >>>>> lean.enterprise.middleware. >>>>> >>>>> mobile : +94 713068779 >>>>> web: http://wso2.com >>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>>>> >>>>> [image: >>>>> http://wso2.com/wp-content/themes/wso2ng-v2/images/logos/stratos_logo_h42.gif] >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Afkham Azeez* >>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>> Member; Apache Software Foundation; http://www.apache.org/ >>>> * <http://www.apache.org/>** >>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>> twitter: >>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>> * >>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>> * >>>> * >>>> *Lean . Enterprise . Middleware* >>>> >>>> >>> >>> >>> -- >>> *Sanjeewa Malalgoda* >>> >>> mobile : +94 713068779 >>> <http://sanjeewamalalgoda.blogspot.com/>blog >>> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >>> >> >> >> >> -- >> *Sanjeewa Malalgoda* >> mobile : +94 713068779 >> <http://sanjeewamalalgoda.blogspot.com/>blog >> :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Paul Fremantle > CTO and Co-Founder, WSO2 > OASIS WS-RX TC Co-chair, VP, Apache Synapse > > UK: +44 207 096 0336 > US: +1 646 595 7614 > > blog: http://pzf.fremantle.org > twitter.com/pzfreo > [email protected] > > wso2.com Lean Enterprise Middleware > > Disclaimer: This communication may contain privileged or other > confidential information and is intended exclusively for the addressee/s. > If you are not the intended recipient/s, or believe that you may have > received this communication in error, please reply to the sender indicating > that fact and delete the copy you received and in addition, you should not > print, copy, retransmit, disseminate, or otherwise use the information > contained in this communication. Internet communications cannot be > guaranteed to be timely, secure, error or virus-free. The sender does not > accept liability for any errors or omissions. > > -- *Sanjeewa Malalgoda* mobile : +94 713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
