Please find the attached patch with the fix. Thanks, Hasini.
On Wed, Sep 5, 2012 at 12:43 PM, Hasini Gunasinghe <[email protected]> wrote: > +1. Will fix this. > > Thanks, > Hasini. > > On Wed, Sep 5, 2012 at 12:33 PM, Prabath Siriwardena <[email protected]>wrote: > >> >> >> On Wed, Sep 5, 2012 at 12:30 PM, Afkham Azeez <[email protected]> wrote: >> >>> >>> >>> On Wed, Sep 5, 2012 at 12:22 PM, Prabath Siriwardena >>> <[email protected]>wrote: >>> >>>> >>>> >>>> On Wed, Sep 5, 2012 at 12:22 PM, Hasini Gunasinghe <[email protected]>wrote: >>>> >>>>> >>>>> >>>>> On Wed, Sep 5, 2012 at 12:04 PM, Afkham Azeez <[email protected]> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Wed, Sep 5, 2012 at 2:13 AM, Senaka Fernando <[email protected]>wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> Right now I can log in as admin/admin and also [email protected]/admin. >>>>>>> Is this proper behavior? >>>>>>> >>>>>> >>>>>> :) You have discovered an easter egg in Carbon :) If a user tries to >>>>>> login as [email protected] we should throw an authentication >>>>>> failure. >>>>>> >>>>> >>>> >>>>> >>>>> Even with correct admin credentials? >>>>> >>>> >>>> Yes.. what is the risk here..? >>>> >>> >>> It can cause downstream logic to fail. Besides "carbon.super" & tenant >>> ID of -1234 are internal details which we don't expose. We may decide to >>> change super tenant name to "super.duper.dude" in the future because we >>> came up with that as an internal implementation detail. But if some clients >>> start relying on "carbon.super" & -1234, then externals parties will get >>> affected. So, we should not allow or encourage others to use these when >>> they call into Carbon. So, we put a stop to it then and there by throwing >>> an authentication exception. >>> >> >> +1 >> >> Thanks & regards, >> -Prabath >> >> >>> >>> >>>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> >>>>> I too have tried this before and I do not see why we should throw an >>>>> authentication failure.. May be I have missed some aspect.. Would >>>>> appreciate more insight on what is the risk here... >>>>> >>>>> Thanks, >>>>> Hasini. >>>>> >>>>>> Can we get this fixed soon? Should be a simple fix. >>>>>> >>>>>> >>>>>>> >>>>>>> If it is proper, some UIs are not rendering properly when I log in >>>>>>> as "[email protected]". For example, half of "admin/index.jsp" is >>>>>>> gone. >>>>>>> >>>>>>> Thanks, >>>>>>> Senaka. >>>>>>> >>>>>>> -- >>>>>>> *Senaka Fernando* >>>>>>> Member - Integration Technologies Management Committee; >>>>>>> Technical Lead; WSO2 Inc.; http://wso2.com* >>>>>>> Member; Apache Software Foundation; http://apache.org >>>>>>> >>>>>>> E-mail: senaka AT wso2.com >>>>>>> **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 >>>>>>> Linked-In: http://linkedin.com/in/senakafernando >>>>>>> >>>>>>> *Lean . Enterprise . Middleware >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> [email protected] >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Afkham Azeez* >>>>>> Director of Architecture; WSO2, Inc.; http://wso2.com >>>>>> Member; Apache Software Foundation; http://www.apache.org/ >>>>>> * <http://www.apache.org/>** >>>>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>>>> twitter: >>>>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>>>> * >>>>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>>>> >>>>>> * >>>>>> * >>>>>> *Lean . Enterprise . Middleware* >>>>>> >>>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Mobile : +94 71 809 6732 >>>> >>>> http://blog.facilelogin.com >>>> http://RampartFAQ.com >>>> >>>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Director of Architecture; WSO2, Inc.; http://wso2.com >>> Member; Apache Software Foundation; http://www.apache.org/ >>> * <http://www.apache.org/>** >>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>> * >>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>> * >>> * >>> *Lean . Enterprise . Middleware* >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> >> >
authentication.patch
Description: Binary data
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
