Hi, We have done the $subject for WSClient successfully.. But we have two remaining issues.
1. We have removed APIKeyValidationService from the admin services to get the feature working. Solution that we discussed to have security for this is to, engage the same policy used in admin services by putting it to services.xml of keyValidationService. Had a discussion with security team (Asela/Johan) regarding this. According to them, there is no such policy getting applied for admin services. These admin service invocations are handled through core/server-admin module AuthorizationHandler.. So their suggestion is to write a new handler for only this service. (If we apply a service policy, it will be difficult in client calls.) But once discussed with Anjana, he suggested to change their component in a way that could specify set of admin services which could engage with the activityHandler. This could be done by introducing a new config file to their component. This is what I'm going to implement for this issue. 2. Once the gateway-keymanger call switch to Thrift, this wont work. Had a chat with Srinath/Anjana.. There is no header support in Thrift.. So this feature to work, we need to pass this activityID as method parameter for keyValidationService. If we are changing the method signature of validateKey() method, it will involve considerable change, since we need to re-generate the Thrift services as well. But since, there is no other option shall we proceed with this ? (We can't keep only this feature working with WSClient ?) Regards, Dinusha. -- Dinusha Dilrukshi Senior Software Engineer WSO2 Inc.: http://wso2.com/ Mobile: +94725255071 Blog: http://dinushasblog.blogspot.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
