On Thu, May 24, 2012 at 5:30 PM, Kasun Indrasiri <[email protected]> wrote: > In the UEP context, its ok to add any http headers to the transport > configuration. However, I wonder that having password in plain text may > cause some security issues.
+1 for not having plain text passwords. Cant we use a callback class to get the password ? Thanks AmilaJ > Fix looks good. > > On Thu, May 24, 2012 at 5:03 PM, Thilini Ishaka <[email protected]> wrote: >> >> >> Hi All, >> >> When we invoke an admin service via a BPEL process, we get HTTP 401 >> Unauthorized error. If you go through [1] you will understand the scenario >> better. >> This was an issue in appfactory product as all the services, we have there >> are administrative services and we invoke them via BPEL processes. >> >> Normally what we do is pass http headers via a fronting ESB, but that is >> not the ideal solution. >> Here we are giving the solution via UEP concept. We add relevant http >> headers basically the username and password via unified endpoints. >> A sample configuration (.epr) is given below. >> >> <wsa:Metadata> >> <id>SInvokeEPR</id> >> <transport type="http"> >> <authorization-username>adminx</authorization-username> >> <authorization-password>adminy</authorization-password> >> </transport> >> </wsa:Metadata> >> >> In the setBasicAccessSecurityHeaders, we put HTTP header with name >> "Authorization". Hence the username and password elements are named >> <authorization-username/> , <authorization-password/> in epr configuration. >> >> Please find the JIRA [2] created for this task. Further information are >> added to the JIRA. Please find the sample attached to the JIRA FYI. >> Kindly appreciate your suggestions. >> >> >> [1] http://stackoverflow.com/questions/10607598/wso2-bps-shared-http-cookies >> [2] https://wso2.org/jira/browse/CARBON-13111 >> >> -- >> Thanks >> Thilini >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> > > > > -- > Kasun Indrasiri > Associate Technical Lead > WSO2, Inc.; http://wso2.com > lean.enterprise.middleware > > cell: +94 71 536 4128 > Blog : http://kasunpanorama.blogspot.com/ > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Mobile : +94773330538 _______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
