On Tue, Jul 22, 2014 at 5:14 PM, Dilini Muthumala <[email protected]> wrote:
> Hi Kasun,
>
> Thanks a lot for pointing that out.
>
> So, this is the current implementation.
>
> private static PrivilegedCarbonContext carbonContext;
>
> @OnOpen
> public void onOpen (Session session, @PathParam("topic") String topic,
> @PathParam("tdomain") String tdomain) {
> carbonContext =
> PrivilegedCarbonContext.getThreadLocalCarbonContext();
> carbonContext.setTenantDomain(tdomain);
> }
>
> @OnMessage
> public void onMessage (Session session, String message,
> @PathParam("topic") String topic, @PathParam("tdomain") String tdomain) {
> String tdomain = carbonContext.getTenantDomain();
> websocketInputService.invokeListener(tdomain, topic, message);
> }
>
> Unless we authenticate clients at onOpen method,
>
> this implementation too is unsecured, right?
>
>
Yes. We shouldn't pass the tenant id as a method parameter.
> Thanks,
> Dilini
>
>
> On Wed, Jul 23, 2014 at 5:08 AM, Kasun Gajasinghe <[email protected]> wrote:
>
>>
>>
>>
>> On Tue, Jul 22, 2014 at 4:30 PM, Dilini Muthumala <[email protected]>
>> wrote:
>>
>>> Hi Sagara,
>>>
>>> Thanks a lot for the informative reply.
>>>
>>> On Tue, Jul 22, 2014 at 8:22 PM, Sagara Gunathunga <[email protected]>
>>> wrote:
>>>
>>>> As we discussed offline you need to modify onOpen() method to receive
>>>> tenant id from an initial handshake request, then within the onOpen method
>>>> you have to write logic similar to
>>>> CarbonContextCreatorValve#initCarbonContext()
>>>> method.
>>>>
>>>
>>> Alternatively, how about reading the tenant domain from the path
>>> parameter (i.e. without using PrivilegedCarbonContext), as shown below?
>>>
>>> @OnOpen
>>> public void onOpen (Session session, @PathParam("topic") String
>>> topic, @PathParam("tdomain") String tdomain) {
>>> }
>>>
>>> @OnMessage
>>> public void onMessage (Session session, String message,
>>> @PathParam("topic") String topic, @PathParam("tdomain") String tdomain)
>>> {
>>> websocketInputService.invokeListener(tdomain, topic, message);
>>> }
>>>
>>>
>> -1. This would create a security loop hole.
>>
>> If your webapp needs to work across all the tenants, then you might need
>> to make it a SaaS app. This would be pretty much similar to API publisher.
>>
>>
>>
>>> Thanks,
>>> Dilini
>>>
>>>>
>>>>
>>>> Thanks !
>>>>
>>>> On Tue, Jul 22, 2014 at 7:18 PM, Dilini Muthumala <[email protected]>
>>>> wrote:
>>>>
>>>>> FYI, this is the end point trying to get the tenant id:
>>>>>
>>>>> import javax.websocket.*;
>>>>> import org.wso2.carbon.context.PrivilegedCarbonContext;
>>>>> import
>>>>> org.wso2.carbon.event.input.adaptor.websocket.WebsocketInputService;
>>>>>
>>>>> @ServerEndpoint(value = "/{topic}")
>>>>> public class DataReceivingEndpoint {
>>>>>
>>>>> private static WebsocketInputService websocketInputService;
>>>>> private static int tenantId;
>>>>>
>>>>> public DataReceivingEndpoint() {
>>>>> websocketInputService = (WebsocketInputService)
>>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext()
>>>>> .getOSGiService(WebsocketInputService.class);
>>>>> }
>>>>>
>>>>> @OnOpen
>>>>> public void onOpen (Session session, @PathParam("topic") String
>>>>> topic) {
>>>>> }
>>>>>
>>>>> @OnMessage
>>>>> public void onMessage (Session session, String message,
>>>>> @PathParam("topic") String topic) {
>>>>> tenantId =
>>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); //
>>>>> returned -1
>>>>> websocketInputService.invokeListener(tenantId, topic, message);
>>>>> }
>>>>>
>>>>> @OnClose
>>>>> public void onClose (Session session, CloseReason reason) {
>>>>> }
>>>>>
>>>>> @OnError
>>>>> public void onError (Session session) {
>>>>> }
>>>>> }
>>>>>
>>>>>
>>>>> On Tue, Jul 22, 2014 at 5:58 PM, Dilini Muthumala <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> Had an offline discussion with Sameera, Sagara and Chamil regarding
>>>>>> this.
>>>>>>
>>>>>> The most important piece of info is missing in my initial mail, which
>>>>>> is, this web app contains a web-socket end point.
>>>>>>
>>>>>> That must be the reason why all these usual methods are not working.
>>>>>>
>>>>>> Thanks,
>>>>>> Dilini
>>>>>>
>>>>>>
>>>>>> On Tue, Jul 22, 2014 at 5:45 PM, Kasun Gajasinghe <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Dilini,
>>>>>>>
>>>>>>> What's the product you are trying this in? Can you open up
>>>>>>> CARBON_HOME/repository/conf/tomcat/catalina-server.xml, and make sure
>>>>>>> that
>>>>>>> it has the following valve defined?
>>>>>>>
>>>>>>> <Valve
>>>>>>> className="org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve"/>
>>>>>>>
>>>>>>> The reported jira that is mentioned above is an issue with logging.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Tue, Jul 22, 2014 at 4:58 AM, Asanka Dissanayake <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Jul 22, 2014 at 5:23 PM, Asanka Dissanayake <
>>>>>>>> [email protected]> wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Tue, Jul 22, 2014 at 5:03 PM, Gayashan Amarasinghe <
>>>>>>>>> [email protected]> wrote:
>>>>>>>>>
>>>>>>>>>> Hi Dilini,
>>>>>>>>>>
>>>>>>>>>> Did you deploy the web app as super tenant or a tenant? What are
>>>>>>>>>> the server versions you used?
>>>>>>>>>>
>>>>>>>>>> Method you have used is the proper way to access the tenant Id.
>>>>>>>>>>
>>>>>>>>> AFAIK you shouldn't use PrivilegedCarbonContext to read
>>>>>>>>> information. It is used to write stuffs to the carbon context.
>>>>>>>>>
>>>>>>>> For more information:
>>>>>>>>
>>>>>>>> PrivilegedCarbonContext
>>>>>>>>
>>>>>>>> PrivilegedCarbonContext is a special subclass of CarbonContext,
>>>>>>>> which allows you to perform privileged operations such as, setting the
>>>>>>>> tenant ID and domain, starting or ending tenant flows and more. This
>>>>>>>> class
>>>>>>>> can only be used by Carbon components that have the permission to get
>>>>>>>> hold
>>>>>>>> of an instance of the PrivilegedCarbonContext.
>>>>>>>>
>>>>>>>>
>>>>>>>> CarbonContext
>>>>>>>> The CarbonContext is designed for normal tenants to retrieve
>>>>>>>> information from the Carbon runtime. In the super tenant mode, for
>>>>>>>> this to
>>>>>>>> work the relevant data has to be set so that tenants can retrieve
>>>>>>>> information using the CarbonContext.
>>>>>>>>
>>>>>>>>> However as Malintha has mentioned, there are some bugs when
>>>>>>>>>> certain super-tenant related tasks are logged, which has not been
>>>>>>>>>> observed
>>>>>>>>>> for tenant-wise tasks. This bug will be fixed with 4.3 release.
>>>>>>>>>>
>>>>>>>>>> Thanks.
>>>>>>>>>>
>>>>>>>>>> /Gayashan
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Tue, Jul 22, 2014 at 3:29 PM, Dilini Muthumala <
>>>>>>>>>> [email protected]> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> Would like to know, how to $subject.
>>>>>>>>>>>
>>>>>>>>>>> I tired with,
>>>>>>>>>>>
>>>>>>>>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
>>>>>>>>>>>
>>>>>>>>>>> which returned -1, as the tenant id.
>>>>>>>>>>>
>>>>>>>>>>> Thanks,
>>>>>>>>>>> Dilini
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> *Dilini Muthumala*
>>>>>>>>>>> Software Engineer,
>>>>>>>>>>> WSO2 Inc.
>>>>>>>>>>>
>>>>>>>>>>> *E-mail :* [email protected]
>>>>>>>>>>> *Mobile: *+94713 400 029
>>>>>>>>>>>
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> Dev mailing list
>>>>>>>>>>> [email protected]
>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Gayashan Amarasinghe*
>>>>>>>>>> Software Engineer | Platform TG
>>>>>>>>>> WSO2, Inc. | http://wso2.com
>>>>>>>>>> lean. enterprise. middleware
>>>>>>>>>>
>>>>>>>>>> Mobile : +94718314517
>>>>>>>>>> Blog : gayashan-a.blogspot.com
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Dev mailing list
>>>>>>>>>> [email protected]
>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *Asanka DissanayakeSoftware Engineer*
>>>>>>>>> *WSO2 Inc. - lean . enterprise . middleware | wso2.com
>>>>>>>>> <http://wso2.com/>*
>>>>>>>>>
>>>>>>>>> *email: [email protected] <[email protected]>, blog:
>>>>>>>>> cyberwaadiya.blogspot.com
>>>>>>>>> <http://cyberwaadiya.blogspot.com>, asankastechtalks.wordpress.com
>>>>>>>>> <http://asankastechtalks.wordpress.com> mobile: +94 71 8373821*
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>>
>>>>>>>> *Asanka DissanayakeSoftware Engineer*
>>>>>>>> *WSO2 Inc. - lean . enterprise . middleware | wso2.com
>>>>>>>> <http://wso2.com/>*
>>>>>>>>
>>>>>>>> *email: [email protected] <[email protected]>, blog:
>>>>>>>> cyberwaadiya.blogspot.com
>>>>>>>> <http://cyberwaadiya.blogspot.com>, asankastechtalks.wordpress.com
>>>>>>>> <http://asankastechtalks.wordpress.com> mobile: +94 71 8373821*
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Dev mailing list
>>>>>>>> [email protected]
>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>>
>>>>>>> *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc.
>>>>>>> email: kasung AT spamfree wso2.com
>>>>>>> linked-in: http://lk.linkedin.com/in/gajasinghe
>>>>>>> blog: http://kasunbg.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Dev mailing list
>>>>>>> [email protected]
>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Dilini Muthumala*
>>>>>> Software Engineer,
>>>>>> WSO2 Inc.
>>>>>>
>>>>>> *E-mail :* [email protected]
>>>>>> *Mobile: *+94713 400 029
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Dilini Muthumala*
>>>>> Software Engineer,
>>>>> WSO2 Inc.
>>>>>
>>>>> *E-mail :* [email protected]
>>>>> *Mobile: *+94713 400 029
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> [email protected]
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Sagara Gunathunga
>>>>
>>>> Senior Technical Lead; WSO2, Inc.; http://wso2.com
>>>> V.P Apache Web Services; http://ws.apache.org/
>>>> Linkedin; http://www.linkedin.com/in/ssagara
>>>> Blog ; http://ssagara.blogspot.com
>>>>
>>>>
>>>
>>>
>>> --
>>> *Dilini Muthumala*
>>> Software Engineer,
>>> WSO2 Inc.
>>>
>>> *E-mail :* [email protected]
>>> *Mobile: *+94713 400 029
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [email protected]
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc.
>> email: kasung AT spamfree wso2.com
>> linked-in: http://lk.linkedin.com/in/gajasinghe
>> blog: http://kasunbg.org
>>
>>
>>
>
>
>
> --
> *Dilini Muthumala*
> Software Engineer,
> WSO2 Inc.
>
> *E-mail :* [email protected]
> *Mobile: *+94713 400 029
>
--
*Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc.
email: kasung AT spamfree wso2.com
linked-in: http://lk.linkedin.com/in/gajasinghe
blog: http://kasunbg.org
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
