Hi Kasun/Dilini, Tenant Domain should be passed somehow from the client side in order to identify the tenant. In HTTP also we do that (http://......./t/tenant.domain). Authentication is the way that http blocks the security issues. So I think the Web Sockets also must use authentication. In the integrity perspective, you should use Web Socket Protocol over TLS. Please see the rfc 6455 page 53 [1]
Conclusion: passing the tenant domain as a parameter with proper security measures seems fine unless we have a smarter way of doing this. WDYT? [1] http://tools.ietf.org/html/rfc6455#page-53 On Wed, Jul 23, 2014 at 7:23 AM, Danushka Fernando <[email protected]> wrote: > There is an another signature of setTenantDomain method like > setTenantDomain(String tenantDomain, boolean resolveTenantID). I think if > you use this it will resolve tenantId by itself. > > Thanks & Regards > Danushka Fernando > Software Engineer > WSO2 inc. http://wso2.com/ > Mobile : +94716332729 > > > On Wed, Jul 23, 2014 at 6:17 AM, Kasun Gajasinghe <[email protected]> wrote: > >> >> >> >> On Tue, Jul 22, 2014 at 5:14 PM, Dilini Muthumala <[email protected]> >> wrote: >> >>> Hi Kasun, >>> >>> Thanks a lot for pointing that out. >>> >>> So, this is the current implementation. >>> >>> private static PrivilegedCarbonContext carbonContext; >>> >>> @OnOpen >>> public void onOpen (Session session, @PathParam("topic") String >>> topic, @PathParam("tdomain") String tdomain) { >>> carbonContext = >>> PrivilegedCarbonContext.getThreadLocalCarbonContext(); >>> carbonContext.setTenantDomain(tdomain); >>> } >>> >>> @OnMessage >>> public void onMessage (Session session, String message, >>> @PathParam("topic") String topic, @PathParam("tdomain") String tdomain) { >>> String tdomain = carbonContext.getTenantDomain(); >>> websocketInputService.invokeListener(tdomain, topic, message); >>> } >>> >>> Unless we authenticate clients at onOpen method, >>> >> >> >> >>> this implementation too is unsecured, right? >>> >>> >> Yes. We shouldn't pass the tenant id as a method parameter. >> >> >>> Thanks, >>> Dilini >>> >>> >>> On Wed, Jul 23, 2014 at 5:08 AM, Kasun Gajasinghe <[email protected]> >>> wrote: >>> >>>> >>>> >>>> >>>> On Tue, Jul 22, 2014 at 4:30 PM, Dilini Muthumala <[email protected]> >>>> wrote: >>>> >>>>> Hi Sagara, >>>>> >>>>> Thanks a lot for the informative reply. >>>>> >>>>> On Tue, Jul 22, 2014 at 8:22 PM, Sagara Gunathunga <[email protected]> >>>>> wrote: >>>>> >>>>>> As we discussed offline you need to modify onOpen() method to >>>>>> receive tenant id from an initial handshake request, then within the >>>>>> onOpen >>>>>> method you have to write logic similar to >>>>>> CarbonContextCreatorValve#initCarbonContext() >>>>>> method. >>>>>> >>>>> >>>>> Alternatively, how about reading the tenant domain from the path >>>>> parameter (i.e. without using PrivilegedCarbonContext), as shown below? >>>>> >>>>> @OnOpen >>>>> public void onOpen (Session session, @PathParam("topic") String >>>>> topic, @PathParam("tdomain") String tdomain) { >>>>> } >>>>> >>>>> @OnMessage >>>>> public void onMessage (Session session, String message, >>>>> @PathParam("topic") String topic, @PathParam("tdomain") String tdomain) >>>>> { >>>>> websocketInputService.invokeListener(tdomain, topic, message); >>>>> } >>>>> >>>>> >>>> -1. This would create a security loop hole. >>>> >>>> If your webapp needs to work across all the tenants, then you might >>>> need to make it a SaaS app. This would be pretty much similar to API >>>> publisher. >>>> >>>> >>>> >>>>> Thanks, >>>>> Dilini >>>>> >>>>>> >>>>>> >>>>>> Thanks ! >>>>>> >>>>>> On Tue, Jul 22, 2014 at 7:18 PM, Dilini Muthumala <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> FYI, this is the end point trying to get the tenant id: >>>>>>> >>>>>>> import javax.websocket.*; >>>>>>> import org.wso2.carbon.context.PrivilegedCarbonContext; >>>>>>> import >>>>>>> org.wso2.carbon.event.input.adaptor.websocket.WebsocketInputService; >>>>>>> >>>>>>> @ServerEndpoint(value = "/{topic}") >>>>>>> public class DataReceivingEndpoint { >>>>>>> >>>>>>> private static WebsocketInputService websocketInputService; >>>>>>> private static int tenantId; >>>>>>> >>>>>>> public DataReceivingEndpoint() { >>>>>>> websocketInputService = (WebsocketInputService) >>>>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext() >>>>>>> .getOSGiService(WebsocketInputService.class); >>>>>>> } >>>>>>> >>>>>>> @OnOpen >>>>>>> public void onOpen (Session session, @PathParam("topic") String >>>>>>> topic) { >>>>>>> } >>>>>>> >>>>>>> @OnMessage >>>>>>> public void onMessage (Session session, String message, >>>>>>> @PathParam("topic") String topic) { >>>>>>> tenantId = >>>>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); // >>>>>>> returned -1 >>>>>>> websocketInputService.invokeListener(tenantId, topic, >>>>>>> message); >>>>>>> } >>>>>>> >>>>>>> @OnClose >>>>>>> public void onClose (Session session, CloseReason reason) { >>>>>>> } >>>>>>> >>>>>>> @OnError >>>>>>> public void onError (Session session) { >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> >>>>>>> On Tue, Jul 22, 2014 at 5:58 PM, Dilini Muthumala <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi all, >>>>>>>> >>>>>>>> Had an offline discussion with Sameera, Sagara and Chamil regarding >>>>>>>> this. >>>>>>>> >>>>>>>> The most important piece of info is missing in my initial mail, >>>>>>>> which is, this web app contains a web-socket end point. >>>>>>>> >>>>>>>> That must be the reason why all these usual methods are not working. >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Dilini >>>>>>>> >>>>>>>> >>>>>>>> On Tue, Jul 22, 2014 at 5:45 PM, Kasun Gajasinghe <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Hi Dilini, >>>>>>>>> >>>>>>>>> What's the product you are trying this in? Can you open up >>>>>>>>> CARBON_HOME/repository/conf/tomcat/catalina-server.xml, and make sure >>>>>>>>> that >>>>>>>>> it has the following valve defined? >>>>>>>>> >>>>>>>>> <Valve >>>>>>>>> className="org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve"/> >>>>>>>>> >>>>>>>>> The reported jira that is mentioned above is an issue with >>>>>>>>> logging. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Tue, Jul 22, 2014 at 4:58 AM, Asanka Dissanayake < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Tue, Jul 22, 2014 at 5:23 PM, Asanka Dissanayake < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Tue, Jul 22, 2014 at 5:03 PM, Gayashan Amarasinghe < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Dilini, >>>>>>>>>>>> >>>>>>>>>>>> Did you deploy the web app as super tenant or a tenant? What >>>>>>>>>>>> are the server versions you used? >>>>>>>>>>>> >>>>>>>>>>>> Method you have used is the proper way to access the tenant Id. >>>>>>>>>>>> >>>>>>>>>>> AFAIK you shouldn't use PrivilegedCarbonContext to read >>>>>>>>>>> information. It is used to write stuffs to the carbon context. >>>>>>>>>>> >>>>>>>>>> For more information: >>>>>>>>>> >>>>>>>>>> PrivilegedCarbonContext >>>>>>>>>> >>>>>>>>>> PrivilegedCarbonContext is a special subclass of CarbonContext, >>>>>>>>>> which allows you to perform privileged operations such as, setting >>>>>>>>>> the >>>>>>>>>> tenant ID and domain, starting or ending tenant flows and more. This >>>>>>>>>> class >>>>>>>>>> can only be used by Carbon components that have the permission to >>>>>>>>>> get hold >>>>>>>>>> of an instance of the PrivilegedCarbonContext. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> CarbonContext >>>>>>>>>> The CarbonContext is designed for normal tenants to retrieve >>>>>>>>>> information from the Carbon runtime. In the super tenant mode, for >>>>>>>>>> this to >>>>>>>>>> work the relevant data has to be set so that tenants can retrieve >>>>>>>>>> information using the CarbonContext. >>>>>>>>>> >>>>>>>>>>> However as Malintha has mentioned, there are some bugs when >>>>>>>>>>>> certain super-tenant related tasks are logged, which has not been >>>>>>>>>>>> observed >>>>>>>>>>>> for tenant-wise tasks. This bug will be fixed with 4.3 release. >>>>>>>>>>>> >>>>>>>>>>>> Thanks. >>>>>>>>>>>> >>>>>>>>>>>> /Gayashan >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Tue, Jul 22, 2014 at 3:29 PM, Dilini Muthumala < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> Would like to know, how to $subject. >>>>>>>>>>>>> >>>>>>>>>>>>> I tired with, >>>>>>>>>>>>> >>>>>>>>>>>>> PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); >>>>>>>>>>>>> >>>>>>>>>>>>> which returned -1, as the tenant id. >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> Dilini >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> *Dilini Muthumala* >>>>>>>>>>>>> Software Engineer, >>>>>>>>>>>>> WSO2 Inc. >>>>>>>>>>>>> >>>>>>>>>>>>> *E-mail :* [email protected] >>>>>>>>>>>>> *Mobile: *+94713 400 029 >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Dev mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> *Gayashan Amarasinghe* >>>>>>>>>>>> Software Engineer | Platform TG >>>>>>>>>>>> WSO2, Inc. | http://wso2.com >>>>>>>>>>>> lean. enterprise. middleware >>>>>>>>>>>> >>>>>>>>>>>> Mobile : +94718314517 >>>>>>>>>>>> Blog : gayashan-a.blogspot.com >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Dev mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *Asanka DissanayakeSoftware Engineer* >>>>>>>>>>> *WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>>>>> <http://wso2.com/>* >>>>>>>>>>> >>>>>>>>>>> *email: [email protected] <[email protected]>, blog: >>>>>>>>>>> cyberwaadiya.blogspot.com >>>>>>>>>>> <http://cyberwaadiya.blogspot.com>, asankastechtalks.wordpress.com >>>>>>>>>>> <http://asankastechtalks.wordpress.com> mobile: +94 71 8373821* >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> *Asanka DissanayakeSoftware Engineer* >>>>>>>>>> *WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>>>>>>> <http://wso2.com/>* >>>>>>>>>> >>>>>>>>>> *email: [email protected] <[email protected]>, blog: >>>>>>>>>> cyberwaadiya.blogspot.com >>>>>>>>>> <http://cyberwaadiya.blogspot.com>, asankastechtalks.wordpress.com >>>>>>>>>> <http://asankastechtalks.wordpress.com> mobile: +94 71 8373821* >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. >>>>>>>>> email: kasung AT spamfree wso2.com >>>>>>>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>>>>>>> blog: http://kasunbg.org >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> [email protected] >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Dilini Muthumala* >>>>>>>> Software Engineer, >>>>>>>> WSO2 Inc. >>>>>>>> >>>>>>>> *E-mail :* [email protected] >>>>>>>> *Mobile: *+94713 400 029 >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Dilini Muthumala* >>>>>>> Software Engineer, >>>>>>> WSO2 Inc. >>>>>>> >>>>>>> *E-mail :* [email protected] >>>>>>> *Mobile: *+94713 400 029 >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> [email protected] >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Sagara Gunathunga >>>>>> >>>>>> Senior Technical Lead; WSO2, Inc.; http://wso2.com >>>>>> V.P Apache Web Services; http://ws.apache.org/ >>>>>> Linkedin; http://www.linkedin.com/in/ssagara >>>>>> Blog ; http://ssagara.blogspot.com >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Dilini Muthumala* >>>>> Software Engineer, >>>>> WSO2 Inc. >>>>> >>>>> *E-mail :* [email protected] >>>>> *Mobile: *+94713 400 029 >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. >>>> email: kasung AT spamfree wso2.com >>>> linked-in: http://lk.linkedin.com/in/gajasinghe >>>> blog: http://kasunbg.org >>>> >>>> >>>> >>> >>> >>> >>> -- >>> *Dilini Muthumala* >>> Software Engineer, >>> WSO2 Inc. >>> >>> *E-mail :* [email protected] >>> *Mobile: *+94713 400 029 >>> >> >> >> >> -- >> >> *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. >> email: kasung AT spamfree wso2.com >> linked-in: http://lk.linkedin.com/in/gajasinghe >> blog: http://kasunbg.org >> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- K.D. Chamil Jeewantha Associate Technical Lead WSO2, Inc.; http://wso2.com Mobile: +94716813892
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
