In the UEP context, its ok to add any http headers to the transport configuration. However, I wonder that having password in plain text may cause some security issues. Fix looks good.
On Thu, May 24, 2012 at 5:03 PM, Thilini Ishaka <[email protected]> wrote: > > Hi All, > > When we invoke an admin service via a BPEL process, we get HTTP 401 > Unauthorized error. If you go through [1] you will understand the scenario > better. > This was an issue in appfactory product as all the services, we have there > are administrative services and we invoke them via BPEL processes. > > Normally what we do is pass http headers via a fronting ESB, but that is > not the ideal solution. > Here we are giving the solution via UEP concept. We add relevant http > headers basically the username and password via unified endpoints. > A sample configuration (.epr) is given below. > > <wsa:Metadata> > <id>SInvokeEPR</id> > <transport type="http"> > * <authorization-username>adminx</authorization-username> * > * <authorization-password>adminy</authorization-password> * > </transport> > </wsa:Metadata> > > In the setBasicAccessSecurityHeaders, we put HTTP header with name > "Authorization". Hence the username and password elements are named > <authorization-username/> , <authorization-password/> in epr configuration. > > Please find the JIRA [2] created for this task. Further information are > added to the JIRA. Please find the sample attached to the JIRA FYI. > Kindly appreciate your suggestions. > > <https://wso2.org/jira/browse/CARBON-13111>[1] > http://stackoverflow.com/questions/10607598/wso2-bps-shared-http-cookies > <http://stackoverflow.com/questions/10607598/wso2-bps-shared-http-cookies> > [2] https://wso2.org/jira/browse/CARBON-13111 > > -- > Thanks > Thilini > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Kasun Indrasiri Associate Technical Lead WSO2, Inc.; http://wso2.com lean.enterprise.middleware cell: +94 71 536 4128 Blog : http://kasunpanorama.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
