Eventually, we have to integrate with securevault. But, we have plain text password in all the places right? For example, if we have entitlement mediator, admin username, password is in plain text.
As an improvement, we can include getting password from callback class. Shankar. On Thu, May 24, 2012 at 5:34 PM, Amila Jayasekara <[email protected]> wrote: > On Thu, May 24, 2012 at 5:30 PM, Kasun Indrasiri <[email protected]> wrote: > > In the UEP context, its ok to add any http headers to the transport > > configuration. However, I wonder that having password in plain text may > > cause some security issues. > > +1 for not having plain text passwords. Cant we use a callback class > to get the password ? > > Thanks > AmilaJ > > > Fix looks good. > > > > On Thu, May 24, 2012 at 5:03 PM, Thilini Ishaka <[email protected]> > wrote: > >> > >> > >> Hi All, > >> > >> When we invoke an admin service via a BPEL process, we get HTTP 401 > >> Unauthorized error. If you go through [1] you will understand the > scenario > >> better. > >> This was an issue in appfactory product as all the services, we have > there > >> are administrative services and we invoke them via BPEL processes. > >> > >> Normally what we do is pass http headers via a fronting ESB, but that is > >> not the ideal solution. > >> Here we are giving the solution via UEP concept. We add relevant http > >> headers basically the username and password via unified endpoints. > >> A sample configuration (.epr) is given below. > >> > >> <wsa:Metadata> > >> <id>SInvokeEPR</id> > >> <transport type="http"> > >> <authorization-username>adminx</authorization-username> > >> <authorization-password>adminy</authorization-password> > >> </transport> > >> </wsa:Metadata> > >> > >> In the setBasicAccessSecurityHeaders, we put HTTP header with name > >> "Authorization". Hence the username and password elements are named > >> <authorization-username/> , <authorization-password/> in epr > configuration. > >> > >> Please find the JIRA [2] created for this task. Further information are > >> added to the JIRA. Please find the sample attached to the JIRA FYI. > >> Kindly appreciate your suggestions. > >> > >> > >> [1] > http://stackoverflow.com/questions/10607598/wso2-bps-shared-http-cookies > >> [2] https://wso2.org/jira/browse/CARBON-13111 > >> > >> -- > >> Thanks > >> Thilini > >> > >> > >> _______________________________________________ > >> Dev mailing list > >> [email protected] > >> http://wso2.org/cgi-bin/mailman/listinfo/dev > >> > > > > > > > > -- > > Kasun Indrasiri > > Associate Technical Lead > > WSO2, Inc.; http://wso2.com > > lean.enterprise.middleware > > > > cell: +94 71 536 4128 > > Blog : http://kasunpanorama.blogspot.com/ > > > > _______________________________________________ > > Dev mailing list > > [email protected] > > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > > > -- > Mobile : +94773330538 > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- S.Uthaiyashankar Senior Software Architect Chair, Management Committee – Cloud Technologies WSO2 Inc. http://wso2.com/ - "lean . enterprise . middleware" Phone: +94 714897591
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
