On Tue, Jun 5, 2012 at 12:10 PM, Supun Malinga <[email protected]> wrote:
> Hi, > > On Tue, Jun 5, 2012 at 11:36 AM, Senaka Fernando <[email protected]> wrote: > >> Hi Isuru, >> >> We can go ahead with using the local repo. No questions on that. Securing >> access is something we need to sort out separately AFAIU. >> >> Hi AmilaJ, >> >> How do we secure access to System Registries for tenants right now? Don't >> we do that at all? >> >> Thanks, >> Senaka. >> >> >> On Tue, Jun 5, 2012 at 10:45 AM, Isuru Suriarachchi <[email protected]>wrote: >> >>> Senaka, this is something we have to get sorted soon for our stats >>> persistence implementation. Therefore it'll be great if someone from the >>> G-Reg team can help on this. >>> >>> Thanks, >>> ~Isuru >>> >>> >>> On Mon, Jun 4, 2012 at 11:39 PM, Senaka Fernando <[email protected]>wrote: >>> >>>> Hi Supun, >>>> >>>> I'm not sure about the exact status, but the System Governance and >>>> System Config Registries and the Local Repository needs to have same level >>>> of security from tenant users being able to access that. May be AmilaJ >>>> knows about the exact security levels, or let's scan through the code >>>> tomorrow if possible. >>>> >>> > If all reg. instances should be having same sec. level I don't think my > change could break anything existing regarding security permissions, since > all reg types are access through same api. Hence will commit my > changes(mentioned earlier) since it's blocking my pending changes. > +1 Thanks, Senaka. > > We have to tract the registry access permissions for tenants as > a separate matter. Registry/security folks please note. I'll have a look > into code as well. > > thanks, > >> >>>> Thanks, >>>> Senaka. >>>> >>>> >>>> On Mon, Jun 4, 2012 at 10:29 PM, Supun Malinga <[email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> On Sat, Jun 2, 2012 at 4:01 PM, Supun Malinga <[email protected]> wrote: >>>>> >>>>>> Hi Senaka,, >>>>>> >>>>>> On Sat, Jun 2, 2012 at 3:27 PM, Senaka Fernando <[email protected]>wrote: >>>>>> >>>>>>> Hi Supun, >>>>>>> >>>>>>> Did you take a look into that link I shared? The local repository is >>>>>>> in use someway in there. I wonder how that works @ all. >>>>>>> >>>>>> yeah I had a look. But not sure if local reg. plays a part in capp >>>>>> persistence. May be Isuru can shed some light on that. >>>>>> >>>>>> >>>>>>> Anyway, for internal-use, I don't see anything wrong in making this >>>>>>> available. But, may be we need to restrict access to this, and thereby >>>>>>> disallow a tenant user from getting hold of this. >>>>>>> >>>>>> How do we do this? >>>>>> >>>>> >>>>> As I mentioned in previous replies i'm retrieving tenants' local >>>>> registry instance via, >>>>> * >>>>> SuperTenantCarbonContext.getCurrentContext(axisConfig).getRegistry(RegistryType.LOCAL_REPOSITORY) >>>>> * >>>>> * >>>>> * >>>>> Is this restricted to users? Else how do we restrict that? >>>>> Also is there other other ways to retrieve the tenants' local registry >>>>> (for users) and are they secure? >>>>> >>>>> Appreciate any help on resolving this. >>>>> >>>>> thanks, >>>>> >>>>>> >>>>>> thanks, >>>>>> >>>>>>> >>>>>>> Thanks, >>>>>>> Senaka. >>>>>>> >>>>>>> >>>>>>> On Sat, Jun 2, 2012 at 3:09 PM, Supun Malinga <[email protected]>wrote: >>>>>>> >>>>>>>> Hi all. >>>>>>>> >>>>>>>> I was able to figure out to initialize|set the local registry for >>>>>>>> tenants. See following diff, >>>>>>>> >>>>>>>> Index: >>>>>>>> src/main/java/org/wso2/carbon/core/multitenancy/TenantAxisConfigurator.java >>>>>>>> =================================================================== >>>>>>>> --- >>>>>>>> src/main/java/org/wso2/carbon/core/multitenancy/TenantAxisConfigurator.java >>>>>>>> (revision >>>>>>>> 129104) >>>>>>>> +++ >>>>>>>> src/main/java/org/wso2/carbon/core/multitenancy/TenantAxisConfigurator.java >>>>>>>> (working >>>>>>>> copy) >>>>>>>> @@ -430,6 +430,9 @@ >>>>>>>> >>>>>>>> carbonContext.setRegistry(RegistryType.SYSTEM_GOVERNANCE, >>>>>>>> >>>>>>>> CarbonCoreDataHolder.getInstance().getRegistryService() >>>>>>>> >>>>>>>> .getGovernanceSystemRegistry(tenantId)); >>>>>>>> + >>>>>>>> carbonContext.setRegistry(RegistryType.LOCAL_REPOSITORY, >>>>>>>> + >>>>>>>> CarbonCoreDataHolder.getInstance().getRegistryService(). >>>>>>>> + getLocalRepository(tenantId)); >>>>>>>> >>>>>>>> With this above code fragment works for getting local repository of >>>>>>>> tenants. Also I was able to get statistics persistence working fine. >>>>>>>> It this the correct way to handle? I think this is a valid >>>>>>>> requirement for having a local registry for tenants if that's in doubt. >>>>>>>> If this is fine I will commit the changes after running all the >>>>>>>> tests. >>>>>>>> Please advice. >>>>>>>> >>>>>>>> thanks, >>>>>>>> >>>>>>>> On Fri, Jun 1, 2012 at 8:06 PM, Senaka Fernando <[email protected]>wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Jun 1, 2012 at 8:02 PM, Senaka Fernando >>>>>>>>> <[email protected]>wrote: >>>>>>>>> >>>>>>>>>> Hi Azeez, >>>>>>>>>> >>>>>>>>>> I don't think there should be a reason as to why you can't obtain >>>>>>>>>> this. See [1] for example. >>>>>>>>>> >>>>>>>>>> However, though this was allowed through the >>>>>>>>>> SuperTenantCarbonContext there are (or might have been) some security >>>>>>>>>> checks that disallowed tenant code from getting hold of this. AmilaJ >>>>>>>>>> might >>>>>>>>>> know about the latest state of that. But, according to my >>>>>>>>>> understanding >>>>>>>>>> that's a separate issue from what Supun is asking here. Am I missing >>>>>>>>>> something? >>>>>>>>>> >>>>>>>>> >>>>>>>>> Sorry wrong URL, [1]. >>>>>>>>> >>>>>>>>> [1] >>>>>>>>> https://svn.wso2.org/repos/wso2/carbon/kernel/trunk/core/org.wso2.carbon.application.deployer/src/main/java/org/wso2/carbon/application/deployer/persistence/CarbonAppPersistenceManager.java >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Senaka. >>>>>>>>> >>>>>>>>>> >>>>>>>>>> [1] >>>>>>>>>> http://wso2.org/svn/browse/wso2/trunk/carbon/core/org.wso2.carbon.application.deployer/src/main/java/org/wso2/carbon/application/deployer/persistence/CarbonAppPersistenceManager.java?view=markup >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Senaka. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Fri, Jun 1, 2012 at 6:57 PM, Afkham Azeez <[email protected]>wrote: >>>>>>>>>> >>>>>>>>>>> Senaka, >>>>>>>>>>> I think the question is, is there some rationale behind not >>>>>>>>>>> giving the tenant a local registry instance. Did we conclude that >>>>>>>>>>> it does >>>>>>>>>>> not make sense for a tenant to have a local registry. Can you >>>>>>>>>>> remember >>>>>>>>>>> anything related to this? >>>>>>>>>>> >>>>>>>>>>> On Thu, May 31, 2012 at 1:50 PM, Senaka Fernando < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Supun, >>>>>>>>>>>> >>>>>>>>>>>> CarbonContext will not just give you what you want. Somebody >>>>>>>>>>>> needs to first populate that with what it can return back. Now you >>>>>>>>>>>> can go >>>>>>>>>>>> have a look on who populates these fields, and you should be able >>>>>>>>>>>> to find >>>>>>>>>>>> the cause for this being null. >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Senaka. >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Thu, May 31, 2012 at 12:03 PM, Supun Malinga < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi Senaka, >>>>>>>>>>>>> >>>>>>>>>>>>> Any idea on this? >>>>>>>>>>>>> I do get valid objects when I query for config reg., gov. >>>>>>>>>>>>> reg. in same method. >>>>>>>>>>>>> eg:* >>>>>>>>>>>>> *SuperTenantCarbonContext.getCurrentContext(axisConfig).getRegistry(RegistryType.USER_GOVERNANCE) >>>>>>>>>>>>> works fine. >>>>>>>>>>>>> >>>>>>>>>>>>> thanks, >>>>>>>>>>>>> >>>>>>>>>>>>> On Thu, May 31, 2012 at 8:55 AM, Supun Malinga < >>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi devs, >>>>>>>>>>>>>> >>>>>>>>>>>>>> How to do $subject using axisConfig. ? >>>>>>>>>>>>>> I tried, >>>>>>>>>>>>>> * >>>>>>>>>>>>>> SuperTenantCarbonContext.getCurrentContext(axisConfig).getRegistry(RegistryType.LOCAL_REPOSITORY) >>>>>>>>>>>>>> * >>>>>>>>>>>>>> but this always return null for tenants other than super >>>>>>>>>>>>>> tenant. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Whats the correct and accurate way to handle this.? >>>>>>>>>>>>>> >>>>>>>>>>>>>> thanks, >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Supun Malinga, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Software Engineer, >>>>>>>>>>>>>> WSO2 Inc. >>>>>>>>>>>>>> http://wso2.com >>>>>>>>>>>>>> http://wso2.org >>>>>>>>>>>>>> email - [email protected] <[email protected]> >>>>>>>>>>>>>> mobile - 071 56 91 321 >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Supun Malinga, >>>>>>>>>>>>> >>>>>>>>>>>>> Software Engineer, >>>>>>>>>>>>> WSO2 Inc. >>>>>>>>>>>>> http://wso2.com >>>>>>>>>>>>> http://wso2.org >>>>>>>>>>>>> email - [email protected] <[email protected]> >>>>>>>>>>>>> mobile - 071 56 91 321 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> *Senaka Fernando* >>>>>>>>>>>> Product Manager - WSO2 Governance Registry; >>>>>>>>>>>> Associate Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>>>>>>> >>>>>>>>>>>> E-mail: senaka AT wso2.com >>>>>>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>>>>>>> >>>>>>>>>>>> *Lean . Enterprise . Middleware >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Dev mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> *Afkham Azeez* >>>>>>>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>>>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>>>>>>> * <http://www.apache.org/>** >>>>>>>>>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>>>>>>>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>>>>>>>>> twitter: >>>>>>>>>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>>>>>>>>> * >>>>>>>>>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>>>>>>>>> >>>>>>>>>>> * >>>>>>>>>>> * >>>>>>>>>>> *Lean . Enterprise . Middleware* >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> *Senaka Fernando* >>>>>>>>>> Member - Integration Technologies Management Committee; >>>>>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>>>>> >>>>>>>>>> E-mail: senaka AT wso2.com >>>>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>>>>> >>>>>>>>>> *Lean . Enterprise . Middleware >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> *Senaka Fernando* >>>>>>>>> Member - Integration Technologies Management Committee; >>>>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>>>> >>>>>>>>> E-mail: senaka AT wso2.com >>>>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>>>> >>>>>>>>> *Lean . Enterprise . Middleware >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Supun Malinga, >>>>>>>> >>>>>>>> Software Engineer, >>>>>>>> WSO2 Inc. >>>>>>>> http://wso2.com >>>>>>>> http://wso2.org >>>>>>>> email - [email protected] <[email protected]> >>>>>>>> mobile - 071 56 91 321 >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Senaka Fernando* >>>>>>> Member - Integration Technologies Management Committee; >>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>> >>>>>>> E-mail: senaka AT wso2.com >>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>> >>>>>>> *Lean . Enterprise . Middleware >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Supun Malinga, >>>>>> >>>>>> Software Engineer, >>>>>> WSO2 Inc. >>>>>> http://wso2.com >>>>>> http://wso2.org >>>>>> email - [email protected] <[email protected]> >>>>>> mobile - 071 56 91 321 >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Supun Malinga, >>>>> >>>>> Software Engineer, >>>>> WSO2 Inc. >>>>> http://wso2.com >>>>> http://wso2.org >>>>> email - [email protected] <[email protected]> >>>>> mobile - 071 56 91 321 >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Senaka Fernando* >>>> Member - Integration Technologies Management Committee; >>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>> Member; Apache Software Foundation; http://apache.org >>>> >>>> E-mail: senaka AT wso2.com >>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>> Linked-In: http://linkedin.com/in/senakafernando >>>> >>>> *Lean . Enterprise . Middleware >>>> >>>> >>> >>> >>> -- >>> Isuru Suriarachchi >>> Senior Technical Lead >>> WSO2 Inc. http://wso2.com >>> email : [email protected] >>> blog : http://isurues.wordpress.com/ >>> >>> lean . enterprise . middleware >>> >>> >> >> >> -- >> *Senaka Fernando* >> Member - Integration Technologies Management Committee; >> Technical Lead; WSO2 Inc.; http://wso2.com* >> Member; Apache Software Foundation; http://apache.org >> >> E-mail: senaka AT wso2.com >> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >> Linked-In: http://linkedin.com/in/senakafernando >> >> *Lean . Enterprise . Middleware >> >> > > > -- > Supun Malinga, > > Software Engineer, > WSO2 Inc. > http://wso2.com > http://wso2.org > email - [email protected] <[email protected]> > mobile - 071 56 91 321 > > -- *Senaka Fernando* Member - Integration Technologies Management Committee; Technical Lead; WSO2 Inc.; http://wso2.com* Member; Apache Software Foundation; http://apache.org E-mail: senaka AT wso2.com **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 Linked-In: http://linkedin.com/in/senakafernando *Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
