On Wed, Jul 30, 2014 at 2:27 PM, Krishantha Samaraweera <[email protected] > wrote:
> Hi Geeth, > > Are we going to drop POX security support from products ? What is the > alternative for Rest service security? > For Carbon 4.3.0 we have already removed all QoS features which includes security as well. Then the question is how do we secure a REST service ? In first place there is no abstract 'service' or 'REST service' in AS, it always should be a Axis2 REST service or CXF REST service then each of this framework should have a mechanisms to secure their services as an example Axis2 use servcies.xml file and CXF uses cxf-servlet.xml configuration file for this. Securing their services is a responsibility of each framework. In addition to Axis2 and CXF people deploy number of REST services developed using various F/Ws including Jersey, Resteasy, Restlet, SpringMVC etc on AS we don't have test cases to validate security use cases of each of these F/Ws. Since we are shipping Axis2 and CXF there is a valid point to have few secured CXF and secured Axis2(Rampart) services and verify their validity using test cases we will attend to that separately. In any case we can't keep these POX test cases because underline support is already gone. Thanks ! > > If we are not going to drop POX then this is a product issue which need to > be fixed. > > Thanks, > Krishantha. > > > On Wed, Jul 30, 2014 at 1:53 PM, Geeth Munasinghe <[email protected]> wrote: > >> Hi all, >> >> Due to removing persistence logic from the kernal, current test cases for >> pox security is not valid anymore. The reason is when security is applied >> to a service, those related details was saved on meta data files. But >> support for meta data files are dropped now. So those test cases are >> failing with following stack trace. So we will be removing the pox security >> test cases from AS. >> >> >> [2014-07-30 13:27:28,398] ERROR >> {org.wso2.carbon.core.persistence.file.AbstractFilePersistenceManager} - >> put attr = CDATAtrue >> [2014-07-30 13:27:28,399] ERROR >> {org.wso2.carbon.security.config.SecurityConfigAdmin} - Service with name >> HelloService not found. >> [2014-07-30 13:27:28,400] ERROR >> {org.wso2.carbon.security.config.SecurityConfigAdmin} - Service with name >> HelloService not found. >> org.apache.axis2.AxisFault: Service with name HelloService not found. >> at >> org.wso2.carbon.security.config.SecurityConfigAdmin.applyPolicy(SecurityConfigAdmin.java:919) >> at >> org.wso2.carbon.security.config.SecurityConfigAdmin.applyPolicy(SecurityConfigAdmin.java:809) >> at >> org.wso2.carbon.security.config.SecurityConfigAdmin.applySecurity(SecurityConfigAdmin.java:738) >> at >> org.wso2.carbon.security.config.service.SecurityConfigAdminService.applySecurity(SecurityConfigAdminService.java:52) >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:606) >> at >> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212) >> at >> org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver.invokeBusinessLogic(RPCInOnlyMessageReceiver.java:66) >> at >> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110) >> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) >> at >> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169) >> at >> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82) >> at >> org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45) >> at >> org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77) >> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) >> at >> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430) >> at >> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225) >> at >> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) >> at >> org.wso2.carbon.security.mgt.stub.config.SecurityAdminServiceStub.applySecurity(SecurityAdminServiceStub.java:558) >> at >> org.wso2.carbon.security.ui.client.SecurityAdminClient.applySecurity(SecurityAdminClient.java:103) >> at >> org.apache.jsp.securityconfig.add_002dsecurity_jsp._jspService(add_002dsecurity_jsp.java:127) >> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> at >> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) >> at >> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) >> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155) >> at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> at >> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) >> at >> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) >> at >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) >> at >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> at >> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748) >> at >> org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:604) >> at >> org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:543) >> at >> org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:37) >> at >> org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.include(ContextPathServletAdaptor.java:369) >> at >> org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:954) >> at >> org.apache.jasper.runtime.PageContextImpl.doInclude(PageContextImpl.java:688) >> at >> org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:682) >> at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source) >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >> at java.lang.reflect.Method.invoke(Method.java:606) >> at org.apache.tiles.jsp.context.JspUtil.doInclude(JspUtil.java:87) >> at >> org.apache.tiles.jsp.context.JspTilesRequestContext.include(JspTilesRequestContext.java:88) >> at >> org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch(JspTilesRequestContext.java:82) >> at >> org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:465) >> at >> org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:140) >> at >> org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:117) >> at >> org.apache.tiles.jsp.taglib.RenderTagSupport.execute(RenderTagSupport.java:171) >> at >> org.apache.tiles.jsp.taglib.RoleSecurityTagSupport.doEndTag(RoleSecurityTagSupport.java:75) >> at >> org.apache.tiles.jsp.taglib.ContainerTagSupport.doEndTag(ContainerTagSupport.java:80) >> at >> org.apache.jsp.admin.layout.template_jsp._jspx_meth_tiles_005finsertAttribute_005f7(template_jsp.java:634) >> at >> org.apache.jsp.admin.layout.template_jsp._jspService(template_jsp.java:356) >> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> at >> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) >> at >> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) >> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155) >> at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> at >> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) >> at >> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) >> at >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) >> at >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> at >> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748) >> at >> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:486) >> at >> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:411) >> at >> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:338) >> at >> org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.forward(RequestDispatcherAdaptor.java:30) >> at >> org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.forward(ContextPathServletAdaptor.java:362) >> at >> org.apache.tiles.servlet.context.ServletTilesRequestContext.forward(ServletTilesRequestContext.java:198) >> at >> org.apache.tiles.servlet.context.ServletTilesRequestContext.dispatch(ServletTilesRequestContext.java:185) >> at >> org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:419) >> at >> org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:370) >> at org.wso2.carbon.ui.action.ActionHelper.render(ActionHelper.java:52) >> at >> org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:101) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> at >> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) >> at >> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) >> at >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) >> at >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >> at >> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) >> at >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >> at >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >> at >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >> at >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >> at >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) >> at >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >> at >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) >> at >> org.wso2.carbon.statistics.webapp.RequestIntercepterValve.invoke(RequestIntercepterValve.java:43) >> at >> org.wso2.carbon.bam.webapp.stat.publisher.WebAppStatisticPublisherValve.invoke(WebAppStatisticPublisherValve.java:104) >> at >> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >> at >> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) >> at >> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >> at >> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:154) >> at >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >> at >> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) >> at >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >> at >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) >> at >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040) >> at >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1721) >> at >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1679) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> at java.lang.Thread.run(Thread.java:745) >> Caused by: >> org.wso2.carbon.core.persistence.PersistenceDataNotFoundException: >> ResourceFileData not found. The Transaction May not have been initialized. >> see #beginTransaction. HelloWorldThe xpath used was >> /service[@name="HelloService"] >> at >> org.wso2.carbon.core.persistence.file.AbstractFilePersistenceManager.put(AbstractFilePersistenceManager.java:224) >> at >> org.wso2.carbon.security.config.SecurityConfigAdmin.applyPolicy(SecurityConfigAdmin.java:866) >> ... 132 more >> [2014-07-30 13:27:28,411] ERROR >> {org.wso2.carbon.security.ui.client.SecurityAdminClient} - >> org.apache.axis2.AxisFault: Service with name HelloService not found. >> >> >> Thanks >> Geeth >> >> >> >> *G. K. S. Munasinghe* >> *Software Engineer,* >> *WSO2, Inc. http://wso2.com <http://wso2.com/> * >> *lean.enterprise.middleware.* >> >> email: [email protected] >> phone:(+94) 777911226 >> > > > > -- > Krishantha Samaraweera > Senior Technical Lead - Test Automation > Mobile: +94 77 7759918 > WSO2, Inc.; http://wso2.com/ > lean . enterprise . middlewear. > -- Sagara Gunathunga Senior Technical Lead; WSO2, Inc.; http://wso2.com V.P Apache Web Services; http://ws.apache.org/ Linkedin; http://www.linkedin.com/in/ssagara Blog ; http://ssagara.blogspot.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
