Hi Dinusha, Looks good! .. the XML comment saying "This 'MessageTracingEnabledAdminServices' property" should be something like "This 'MessageTracingEnabledAdminServices' section".
Cheers, Anjana. On Tue, Dec 10, 2013 at 11:54 AM, Dinusha Senanayaka <[email protected]>wrote: > To revolve issue mentioned in [1], we added a new config file to > message-tracer-hanlder feature. This config file will getting copied to > repositoty/conf/etc directory and it's content looks as follows, where we > could define set of admin services to engage the handler. > > <MessageTracer> > <!-- message.tracer.ActivityInHandler is only engaged with non-admin > services invocations by default. > This 'MessageTracingEnabledAdminServices' property can be used to > define set of admin services that need to engage with ActivityInHandler. > When there are multiple services to be defined, they should provide as > <Service> elements.--> > > <MessageTracingEnabledAdminServices> > <Service>APIKeyValidationService</Service> > </MessageTracingEnabledAdminServices> > </MessageTracer> > > Regards, > Dinusha. > > On Fri, Dec 6, 2013 at 3:15 PM, Dinusha Senanayaka <[email protected]>wrote: > >> >> Hi, >> >> We have done the $subject for WSClient successfully.. But we have two >> remaining issues. >> >> 1. We have removed APIKeyValidationService from the admin services to get >> the feature working. >> >> Solution that we discussed to have security for this is to, engage the >> same policy used in admin services by putting it to services.xml of >> keyValidationService. Had a discussion with security team (Asela/Johan) >> regarding this. According to them, there is no such policy getting applied >> for admin services. These admin service invocations are handled through >> core/server-admin module AuthorizationHandler.. So their suggestion is to >> write a new handler for only this service. (If we apply a service policy, >> it will be difficult in client calls.) >> But once discussed with Anjana, he suggested to change their component in >> a way that could specify set of admin services which could engage with the >> activityHandler. This could be done by introducing a new config file to >> their component. This is what I'm going to implement for this issue. >> >> 2. Once the gateway-keymanger call switch to Thrift, this wont work. >> Had a chat with Srinath/Anjana.. There is no header support in Thrift.. >> So this feature to work, we need to pass this activityID as method >> parameter for keyValidationService. If we are changing the method signature >> of validateKey() method, it will involve considerable change, since we need >> to re-generate the Thrift services as well. But since, there is no other >> option shall we proceed with this ? (We can't keep only this feature >> working with WSClient ?) >> >> Regards, >> Dinusha. >> >> >> >> -- >> Dinusha Dilrukshi >> Senior Software Engineer >> WSO2 Inc.: http://wso2.com/ >> Mobile: +94725255071 >> Blog: http://dinushasblog.blogspot.com/ >> > > > > -- > Dinusha Dilrukshi > Senior Software Engineer > WSO2 Inc.: http://wso2.com/ > Mobile: +94725255071 > Blog: http://dinushasblog.blogspot.com/ > -- *Anjana Fernando* Technical Lead WSO2 Inc. | http://wso2.com lean . enterprise . middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
