On Thu, May 24, 2012 at 5:39 PM, Selvaratnam Uthaiyashankar <[email protected]> wrote: > Eventually, we have to integrate with securevault. But, we have plain text > password in all the places right? For example, if we have entitlement > mediator, admin username, password is in plain text. > > As an improvement, we can include getting password from callback class.
Yes, Shankar. We do. I guess we need to make those also to read from a callback class or hide them using secure vault. Thanks AmilaJ > > Shankar. > > On Thu, May 24, 2012 at 5:34 PM, Amila Jayasekara <[email protected]> wrote: >> >> On Thu, May 24, 2012 at 5:30 PM, Kasun Indrasiri <[email protected]> wrote: >> > In the UEP context, its ok to add any http headers to the transport >> > configuration. However, I wonder that having password in plain text may >> > cause some security issues. >> >> +1 for not having plain text passwords. Cant we use a callback class >> to get the password ? >> >> Thanks >> AmilaJ >> >> > Fix looks good. >> > >> > On Thu, May 24, 2012 at 5:03 PM, Thilini Ishaka <[email protected]> >> > wrote: >> >> >> >> >> >> Hi All, >> >> >> >> When we invoke an admin service via a BPEL process, we get HTTP 401 >> >> Unauthorized error. If you go through [1] you will understand the >> >> scenario >> >> better. >> >> This was an issue in appfactory product as all the services, we have >> >> there >> >> are administrative services and we invoke them via BPEL processes. >> >> >> >> Normally what we do is pass http headers via a fronting ESB, but that >> >> is >> >> not the ideal solution. >> >> Here we are giving the solution via UEP concept. We add relevant http >> >> headers basically the username and password via unified endpoints. >> >> A sample configuration (.epr) is given below. >> >> >> >> <wsa:Metadata> >> >> <id>SInvokeEPR</id> >> >> <transport type="http"> >> >> <authorization-username>adminx</authorization-username> >> >> <authorization-password>adminy</authorization-password> >> >> </transport> >> >> </wsa:Metadata> >> >> >> >> In the setBasicAccessSecurityHeaders, we put HTTP header with name >> >> "Authorization". Hence the username and password elements are named >> >> <authorization-username/> , <authorization-password/> in epr >> >> configuration. >> >> >> >> Please find the JIRA [2] created for this task. Further information are >> >> added to the JIRA. Please find the sample attached to the JIRA FYI. >> >> Kindly appreciate your suggestions. >> >> >> >> >> >> >> >> [1] http://stackoverflow.com/questions/10607598/wso2-bps-shared-http-cookies >> >> [2] https://wso2.org/jira/browse/CARBON-13111 >> >> >> >> -- >> >> Thanks >> >> Thilini >> >> >> >> >> >> _______________________________________________ >> >> Dev mailing list >> >> [email protected] >> >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> >> > >> > >> > >> > -- >> > Kasun Indrasiri >> > Associate Technical Lead >> > WSO2, Inc.; http://wso2.com >> > lean.enterprise.middleware >> > >> > cell: +94 71 536 4128 >> > Blog : http://kasunpanorama.blogspot.com/ >> > >> > _______________________________________________ >> > Dev mailing list >> > [email protected] >> > http://wso2.org/cgi-bin/mailman/listinfo/dev >> > >> >> >> >> -- >> Mobile : +94773330538 >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > > -- > S.Uthaiyashankar > Senior Software Architect > Chair, Management Committee – Cloud Technologies > WSO2 Inc. > http://wso2.com/ - "lean . enterprise . middleware" > > Phone: +94 714897591 -- Mobile : +94773330538 _______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
