Hi Isuru, We can go ahead with using the local repo. No questions on that. Securing access is something we need to sort out separately AFAIU.
Hi AmilaJ, How do we secure access to System Registries for tenants right now? Don't we do that at all? Thanks, Senaka. On Tue, Jun 5, 2012 at 10:45 AM, Isuru Suriarachchi <[email protected]> wrote: > Senaka, this is something we have to get sorted soon for our stats > persistence implementation. Therefore it'll be great if someone from the > G-Reg team can help on this. > > Thanks, > ~Isuru > > > On Mon, Jun 4, 2012 at 11:39 PM, Senaka Fernando <[email protected]> wrote: > >> Hi Supun, >> >> I'm not sure about the exact status, but the System Governance and System >> Config Registries and the Local Repository needs to have same level of >> security from tenant users being able to access that. May be AmilaJ knows >> about the exact security levels, or let's scan through the code tomorrow if >> possible. >> >> Thanks, >> Senaka. >> >> >> On Mon, Jun 4, 2012 at 10:29 PM, Supun Malinga <[email protected]> wrote: >> >>> Hi, >>> >>> On Sat, Jun 2, 2012 at 4:01 PM, Supun Malinga <[email protected]> wrote: >>> >>>> Hi Senaka,, >>>> >>>> On Sat, Jun 2, 2012 at 3:27 PM, Senaka Fernando <[email protected]>wrote: >>>> >>>>> Hi Supun, >>>>> >>>>> Did you take a look into that link I shared? The local repository is >>>>> in use someway in there. I wonder how that works @ all. >>>>> >>>> yeah I had a look. But not sure if local reg. plays a part in capp >>>> persistence. May be Isuru can shed some light on that. >>>> >>>> >>>>> Anyway, for internal-use, I don't see anything wrong in making this >>>>> available. But, may be we need to restrict access to this, and thereby >>>>> disallow a tenant user from getting hold of this. >>>>> >>>> How do we do this? >>>> >>> >>> As I mentioned in previous replies i'm retrieving tenants' local >>> registry instance via, >>> * >>> SuperTenantCarbonContext.getCurrentContext(axisConfig).getRegistry(RegistryType.LOCAL_REPOSITORY) >>> * >>> * >>> * >>> Is this restricted to users? Else how do we restrict that? >>> Also is there other other ways to retrieve the tenants' local registry >>> (for users) and are they secure? >>> >>> Appreciate any help on resolving this. >>> >>> thanks, >>> >>>> >>>> thanks, >>>> >>>>> >>>>> Thanks, >>>>> Senaka. >>>>> >>>>> >>>>> On Sat, Jun 2, 2012 at 3:09 PM, Supun Malinga <[email protected]> wrote: >>>>> >>>>>> Hi all. >>>>>> >>>>>> I was able to figure out to initialize|set the local registry for >>>>>> tenants. See following diff, >>>>>> >>>>>> Index: >>>>>> src/main/java/org/wso2/carbon/core/multitenancy/TenantAxisConfigurator.java >>>>>> =================================================================== >>>>>> --- >>>>>> src/main/java/org/wso2/carbon/core/multitenancy/TenantAxisConfigurator.java >>>>>> (revision >>>>>> 129104) >>>>>> +++ >>>>>> src/main/java/org/wso2/carbon/core/multitenancy/TenantAxisConfigurator.java >>>>>> (working >>>>>> copy) >>>>>> @@ -430,6 +430,9 @@ >>>>>> carbonContext.setRegistry(RegistryType.SYSTEM_GOVERNANCE, >>>>>> >>>>>> CarbonCoreDataHolder.getInstance().getRegistryService() >>>>>> .getGovernanceSystemRegistry(tenantId)); >>>>>> + carbonContext.setRegistry(RegistryType.LOCAL_REPOSITORY, >>>>>> + >>>>>> CarbonCoreDataHolder.getInstance().getRegistryService(). >>>>>> + getLocalRepository(tenantId)); >>>>>> >>>>>> With this above code fragment works for getting local repository of >>>>>> tenants. Also I was able to get statistics persistence working fine. >>>>>> It this the correct way to handle? I think this is a valid >>>>>> requirement for having a local registry for tenants if that's in doubt. >>>>>> If this is fine I will commit the changes after running all the >>>>>> tests. >>>>>> Please advice. >>>>>> >>>>>> thanks, >>>>>> >>>>>> On Fri, Jun 1, 2012 at 8:06 PM, Senaka Fernando <[email protected]>wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Fri, Jun 1, 2012 at 8:02 PM, Senaka Fernando <[email protected]>wrote: >>>>>>> >>>>>>>> Hi Azeez, >>>>>>>> >>>>>>>> I don't think there should be a reason as to why you can't obtain >>>>>>>> this. See [1] for example. >>>>>>>> >>>>>>>> However, though this was allowed through the >>>>>>>> SuperTenantCarbonContext there are (or might have been) some security >>>>>>>> checks that disallowed tenant code from getting hold of this. AmilaJ >>>>>>>> might >>>>>>>> know about the latest state of that. But, according to my understanding >>>>>>>> that's a separate issue from what Supun is asking here. Am I missing >>>>>>>> something? >>>>>>>> >>>>>>> >>>>>>> Sorry wrong URL, [1]. >>>>>>> >>>>>>> [1] >>>>>>> https://svn.wso2.org/repos/wso2/carbon/kernel/trunk/core/org.wso2.carbon.application.deployer/src/main/java/org/wso2/carbon/application/deployer/persistence/CarbonAppPersistenceManager.java >>>>>>> >>>>>>> Thanks, >>>>>>> Senaka. >>>>>>> >>>>>>>> >>>>>>>> [1] >>>>>>>> http://wso2.org/svn/browse/wso2/trunk/carbon/core/org.wso2.carbon.application.deployer/src/main/java/org/wso2/carbon/application/deployer/persistence/CarbonAppPersistenceManager.java?view=markup >>>>>>>> >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Senaka. >>>>>>>> >>>>>>>> >>>>>>>> On Fri, Jun 1, 2012 at 6:57 PM, Afkham Azeez <[email protected]>wrote: >>>>>>>> >>>>>>>>> Senaka, >>>>>>>>> I think the question is, is there some rationale behind not giving >>>>>>>>> the tenant a local registry instance. Did we conclude that it does >>>>>>>>> not make >>>>>>>>> sense for a tenant to have a local registry. Can you remember anything >>>>>>>>> related to this? >>>>>>>>> >>>>>>>>> On Thu, May 31, 2012 at 1:50 PM, Senaka Fernando >>>>>>>>> <[email protected]>wrote: >>>>>>>>> >>>>>>>>>> Hi Supun, >>>>>>>>>> >>>>>>>>>> CarbonContext will not just give you what you want. Somebody >>>>>>>>>> needs to first populate that with what it can return back. Now you >>>>>>>>>> can go >>>>>>>>>> have a look on who populates these fields, and you should be able to >>>>>>>>>> find >>>>>>>>>> the cause for this being null. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Senaka. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu, May 31, 2012 at 12:03 PM, Supun Malinga >>>>>>>>>> <[email protected]>wrote: >>>>>>>>>> >>>>>>>>>>> Hi Senaka, >>>>>>>>>>> >>>>>>>>>>> Any idea on this? >>>>>>>>>>> I do get valid objects when I query for config reg., gov. reg. >>>>>>>>>>> in same method. >>>>>>>>>>> eg:* >>>>>>>>>>> *SuperTenantCarbonContext.getCurrentContext(axisConfig).getRegistry(RegistryType.USER_GOVERNANCE) >>>>>>>>>>> works fine. >>>>>>>>>>> >>>>>>>>>>> thanks, >>>>>>>>>>> >>>>>>>>>>> On Thu, May 31, 2012 at 8:55 AM, Supun Malinga >>>>>>>>>>> <[email protected]>wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi devs, >>>>>>>>>>>> >>>>>>>>>>>> How to do $subject using axisConfig. ? >>>>>>>>>>>> I tried, >>>>>>>>>>>> * >>>>>>>>>>>> SuperTenantCarbonContext.getCurrentContext(axisConfig).getRegistry(RegistryType.LOCAL_REPOSITORY) >>>>>>>>>>>> * >>>>>>>>>>>> but this always return null for tenants other than super >>>>>>>>>>>> tenant. >>>>>>>>>>>> >>>>>>>>>>>> Whats the correct and accurate way to handle this.? >>>>>>>>>>>> >>>>>>>>>>>> thanks, >>>>>>>>>>>> -- >>>>>>>>>>>> Supun Malinga, >>>>>>>>>>>> >>>>>>>>>>>> Software Engineer, >>>>>>>>>>>> WSO2 Inc. >>>>>>>>>>>> http://wso2.com >>>>>>>>>>>> http://wso2.org >>>>>>>>>>>> email - [email protected] <[email protected]> >>>>>>>>>>>> mobile - 071 56 91 321 >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Supun Malinga, >>>>>>>>>>> >>>>>>>>>>> Software Engineer, >>>>>>>>>>> WSO2 Inc. >>>>>>>>>>> http://wso2.com >>>>>>>>>>> http://wso2.org >>>>>>>>>>> email - [email protected] <[email protected]> >>>>>>>>>>> mobile - 071 56 91 321 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> *Senaka Fernando* >>>>>>>>>> Product Manager - WSO2 Governance Registry; >>>>>>>>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>>>>> >>>>>>>>>> E-mail: senaka AT wso2.com >>>>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>>>>> >>>>>>>>>> *Lean . Enterprise . Middleware >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Afkham Azeez* >>>>>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>>>> * <http://www.apache.org/>** >>>>>>>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>>>>>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>>>>>>> twitter: >>>>>>>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>>>>>>> * >>>>>>>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>>>>>>> >>>>>>>>> * >>>>>>>>> * >>>>>>>>> *Lean . Enterprise . Middleware* >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Senaka Fernando* >>>>>>>> Member - Integration Technologies Management Committee; >>>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>>> >>>>>>>> E-mail: senaka AT wso2.com >>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>>> >>>>>>>> *Lean . Enterprise . Middleware >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Senaka Fernando* >>>>>>> Member - Integration Technologies Management Committee; >>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>> >>>>>>> E-mail: senaka AT wso2.com >>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>> >>>>>>> *Lean . Enterprise . Middleware >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Supun Malinga, >>>>>> >>>>>> Software Engineer, >>>>>> WSO2 Inc. >>>>>> http://wso2.com >>>>>> http://wso2.org >>>>>> email - [email protected] <[email protected]> >>>>>> mobile - 071 56 91 321 >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Senaka Fernando* >>>>> Member - Integration Technologies Management Committee; >>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>> Member; Apache Software Foundation; http://apache.org >>>>> >>>>> E-mail: senaka AT wso2.com >>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>> >>>>> *Lean . Enterprise . Middleware >>>>> >>>>> >>>> >>>> >>>> -- >>>> Supun Malinga, >>>> >>>> Software Engineer, >>>> WSO2 Inc. >>>> http://wso2.com >>>> http://wso2.org >>>> email - [email protected] <[email protected]> >>>> mobile - 071 56 91 321 >>>> >>>> >>> >>> >>> -- >>> Supun Malinga, >>> >>> Software Engineer, >>> WSO2 Inc. >>> http://wso2.com >>> http://wso2.org >>> email - [email protected] <[email protected]> >>> mobile - 071 56 91 321 >>> >>> >> >> >> -- >> *Senaka Fernando* >> Member - Integration Technologies Management Committee; >> Technical Lead; WSO2 Inc.; http://wso2.com* >> Member; Apache Software Foundation; http://apache.org >> >> E-mail: senaka AT wso2.com >> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >> Linked-In: http://linkedin.com/in/senakafernando >> >> *Lean . Enterprise . Middleware >> >> > > > -- > Isuru Suriarachchi > Senior Technical Lead > WSO2 Inc. http://wso2.com > email : [email protected] > blog : http://isurues.wordpress.com/ > > lean . enterprise . middleware > > -- *Senaka Fernando* Member - Integration Technologies Management Committee; Technical Lead; WSO2 Inc.; http://wso2.com* Member; Apache Software Foundation; http://apache.org E-mail: senaka AT wso2.com **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 Linked-In: http://linkedin.com/in/senakafernando *Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
