On Thu, May 24, 2012 at 5:43 PM, Thilini Ishaka <[email protected]> wrote:
> > > On Thu, May 24, 2012 at 5:39 PM, Selvaratnam Uthaiyashankar < > [email protected]> wrote: > >> Eventually, we have to integrate with securevault. But, we have plain >> text password in all the places right? For example, if we have entitlement >> mediator, admin username, password is in plain text. >> >> As an improvement, we can include getting password from callback class. >> > +1 I will work on this. > Created JIRA for this, https://wso2.org/jira/browse/CARBON-13204 > > > >> >> Shankar. >> >> On Thu, May 24, 2012 at 5:34 PM, Amila Jayasekara <[email protected]>wrote: >> >>> On Thu, May 24, 2012 at 5:30 PM, Kasun Indrasiri <[email protected]> wrote: >>> > In the UEP context, its ok to add any http headers to the transport >>> > configuration. However, I wonder that having password in plain text may >>> > cause some security issues. >>> >>> +1 for not having plain text passwords. Cant we use a callback class >>> to get the password ? >>> >>> Thanks >>> AmilaJ >>> >>> > Fix looks good. >>> > >>> > On Thu, May 24, 2012 at 5:03 PM, Thilini Ishaka <[email protected]> >>> wrote: >>> >> >>> >> >>> >> Hi All, >>> >> >>> >> When we invoke an admin service via a BPEL process, we get HTTP 401 >>> >> Unauthorized error. If you go through [1] you will understand the >>> scenario >>> >> better. >>> >> This was an issue in appfactory product as all the services, we have >>> there >>> >> are administrative services and we invoke them via BPEL processes. >>> >> >>> >> Normally what we do is pass http headers via a fronting ESB, but that >>> is >>> >> not the ideal solution. >>> >> Here we are giving the solution via UEP concept. We add relevant http >>> >> headers basically the username and password via unified endpoints. >>> >> A sample configuration (.epr) is given below. >>> >> >>> >> <wsa:Metadata> >>> >> <id>SInvokeEPR</id> >>> >> <transport type="http"> >>> >> <authorization-username>adminx</authorization-username> >>> >> <authorization-password>adminy</authorization-password> >>> >> </transport> >>> >> </wsa:Metadata> >>> >> >>> >> In the setBasicAccessSecurityHeaders, we put HTTP header with name >>> >> "Authorization". Hence the username and password elements are named >>> >> <authorization-username/> , <authorization-password/> in epr >>> configuration. >>> >> >>> >> Please find the JIRA [2] created for this task. Further information >>> are >>> >> added to the JIRA. Please find the sample attached to the JIRA FYI. >>> >> Kindly appreciate your suggestions. >>> >> >>> >> >>> >> [1] >>> http://stackoverflow.com/questions/10607598/wso2-bps-shared-http-cookies >>> >> [2] https://wso2.org/jira/browse/CARBON-13111 >>> >> >>> >> -- >>> >> Thanks >>> >> Thilini >>> >> >>> >> >>> >> _______________________________________________ >>> >> Dev mailing list >>> >> [email protected] >>> >> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >>> > >>> > >>> > >>> > -- >>> > Kasun Indrasiri >>> > Associate Technical Lead >>> > WSO2, Inc.; http://wso2.com >>> > lean.enterprise.middleware >>> > >>> > cell: +94 71 536 4128 >>> > Blog : http://kasunpanorama.blogspot.com/ >>> > >>> > _______________________________________________ >>> > Dev mailing list >>> > [email protected] >>> > http://wso2.org/cgi-bin/mailman/listinfo/dev >>> > >>> >>> >>> >>> -- >>> Mobile : +94773330538 >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >> >> >> -- >> S.Uthaiyashankar >> Senior Software Architect >> Chair, Management Committee – Cloud Technologies >> WSO2 Inc. >> http://wso2.com/ - "lean . enterprise . middleware" >> >> Phone: +94 714897591 >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Thanks > Thilini > > -- Thanks Thilini
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
