To revolve issue mentioned in [1], we added a new config file to
message-tracer-hanlder feature. This config file will getting copied to
repositoty/conf/etc directory and it's content looks as follows, where we
could define set of admin services to engage the handler.
<MessageTracer>
<!-- message.tracer.ActivityInHandler is only engaged with non-admin
services invocations by default.
This 'MessageTracingEnabledAdminServices' property can be used to
define set of admin services that need to engage with ActivityInHandler.
When there are multiple services to be defined, they should provide as
<Service> elements.-->
<MessageTracingEnabledAdminServices>
<Service>APIKeyValidationService</Service>
</MessageTracingEnabledAdminServices>
</MessageTracer>
Regards,
Dinusha.
On Fri, Dec 6, 2013 at 3:15 PM, Dinusha Senanayaka <[email protected]> wrote:
>
> Hi,
>
> We have done the $subject for WSClient successfully.. But we have two
> remaining issues.
>
> 1. We have removed APIKeyValidationService from the admin services to get
> the feature working.
>
> Solution that we discussed to have security for this is to, engage the
> same policy used in admin services by putting it to services.xml of
> keyValidationService. Had a discussion with security team (Asela/Johan)
> regarding this. According to them, there is no such policy getting applied
> for admin services. These admin service invocations are handled through
> core/server-admin module AuthorizationHandler.. So their suggestion is to
> write a new handler for only this service. (If we apply a service policy,
> it will be difficult in client calls.)
> But once discussed with Anjana, he suggested to change their component in
> a way that could specify set of admin services which could engage with the
> activityHandler. This could be done by introducing a new config file to
> their component. This is what I'm going to implement for this issue.
>
> 2. Once the gateway-keymanger call switch to Thrift, this wont work.
> Had a chat with Srinath/Anjana.. There is no header support in Thrift..
> So this feature to work, we need to pass this activityID as method
> parameter for keyValidationService. If we are changing the method signature
> of validateKey() method, it will involve considerable change, since we need
> to re-generate the Thrift services as well. But since, there is no other
> option shall we proceed with this ? (We can't keep only this feature
> working with WSClient ?)
>
> Regards,
> Dinusha.
>
>
>
> --
> Dinusha Dilrukshi
> Senior Software Engineer
> WSO2 Inc.: http://wso2.com/
> Mobile: +94725255071
> Blog: http://dinushasblog.blogspot.com/
>
--
Dinusha Dilrukshi
Senior Software Engineer
WSO2 Inc.: http://wso2.com/
Mobile: +94725255071
Blog: http://dinushasblog.blogspot.com/
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
