On Wed, Jul 30, 2014 at 6:32 PM, Krishantha Samaraweera <[email protected] > wrote:
> Thanks for clarification Sagara. > > I think we can reuse the same POX test cases with minor modifications to > test Axis2 RESTful services. We've used RESTful service named > "StudentService.aar" to verify POX scenarios, so it is matter of adding > relevant policies to services.xml. We might need to maintain several .aar > files according to the scenario under test. > > However it is up to the product team to maintain and manage their tests. > So you can decided what cases to be removed or not. However please note > test coverage might get degraded when remove existing tests, so you might > need to exclude the relevant jars from emma instrumentation jar list. > This is only if those jars are no longer exists in product packs. Thanks, Krishantha. > > Thanks, > Krishantha. > > > > On Wed, Jul 30, 2014 at 2:55 PM, Sagara Gunathunga <[email protected]> > wrote: > >> >> >> >> On Wed, Jul 30, 2014 at 2:27 PM, Krishantha Samaraweera < >> [email protected]> wrote: >> >>> Hi Geeth, >>> >>> Are we going to drop POX security support from products ? What is the >>> alternative for Rest service security? >>> >> >> For Carbon 4.3.0 we have already removed all QoS features which includes >> security as well. Then the question is how do we secure a REST service ? >> >> In first place there is no abstract 'service' or 'REST service' in AS, it >> always should be a Axis2 REST service or CXF REST service then each of this >> framework should have a mechanisms to secure their services as an example >> Axis2 use servcies.xml file and CXF uses cxf-servlet.xml configuration file >> for this. Securing their services is a responsibility of each framework. >> >> In addition to Axis2 and CXF people deploy number of REST services >> developed using various F/Ws including Jersey, Resteasy, Restlet, SpringMVC >> etc on AS we don't have test cases to validate security use cases of each >> of these F/Ws. Since we are shipping Axis2 and CXF there is a valid point >> to have few secured CXF and secured Axis2(Rampart) services and verify >> their validity using test cases we will attend to that separately. >> >> In any case we can't keep these POX test cases because underline support >> is already gone. >> >> Thanks ! >> >>> >>> If we are not going to drop POX then this is a product issue which need >>> to be fixed. >>> >>> Thanks, >>> Krishantha. >>> >>> >>> On Wed, Jul 30, 2014 at 1:53 PM, Geeth Munasinghe <[email protected]> >>> wrote: >>> >>>> Hi all, >>>> >>>> Due to removing persistence logic from the kernal, current test cases >>>> for pox security is not valid anymore. The reason is when security is >>>> applied to a service, those related details was saved on meta data files. >>>> But support for meta data files are dropped now. So those test cases are >>>> failing with following stack trace. So we will be removing the pox security >>>> test cases from AS. >>>> >>>> >>>> [2014-07-30 13:27:28,398] ERROR >>>> {org.wso2.carbon.core.persistence.file.AbstractFilePersistenceManager} - >>>> put attr = CDATAtrue >>>> [2014-07-30 13:27:28,399] ERROR >>>> {org.wso2.carbon.security.config.SecurityConfigAdmin} - Service with name >>>> HelloService not found. >>>> [2014-07-30 13:27:28,400] ERROR >>>> {org.wso2.carbon.security.config.SecurityConfigAdmin} - Service with name >>>> HelloService not found. >>>> org.apache.axis2.AxisFault: Service with name HelloService not found. >>>> at >>>> org.wso2.carbon.security.config.SecurityConfigAdmin.applyPolicy(SecurityConfigAdmin.java:919) >>>> at >>>> org.wso2.carbon.security.config.SecurityConfigAdmin.applyPolicy(SecurityConfigAdmin.java:809) >>>> at >>>> org.wso2.carbon.security.config.SecurityConfigAdmin.applySecurity(SecurityConfigAdmin.java:738) >>>> at >>>> org.wso2.carbon.security.config.service.SecurityConfigAdminService.applySecurity(SecurityConfigAdminService.java:52) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>> at java.lang.reflect.Method.invoke(Method.java:606) >>>> at >>>> org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212) >>>> at >>>> org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver.invokeBusinessLogic(RPCInOnlyMessageReceiver.java:66) >>>> at >>>> org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:110) >>>> at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180) >>>> at >>>> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:169) >>>> at >>>> org.apache.axis2.transport.local.LocalTransportReceiver.processMessage(LocalTransportReceiver.java:82) >>>> at >>>> org.wso2.carbon.core.transports.local.CarbonLocalTransportSender.finalizeSendWithToAddress(CarbonLocalTransportSender.java:45) >>>> at >>>> org.apache.axis2.transport.local.LocalTransportSender.invoke(LocalTransportSender.java:77) >>>> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442) >>>> at >>>> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430) >>>> at >>>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225) >>>> at >>>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149) >>>> at >>>> org.wso2.carbon.security.mgt.stub.config.SecurityAdminServiceStub.applySecurity(SecurityAdminServiceStub.java:558) >>>> at >>>> org.wso2.carbon.security.ui.client.SecurityAdminClient.applySecurity(SecurityAdminClient.java:103) >>>> at >>>> org.apache.jsp.securityconfig.add_002dsecurity_jsp._jspService(add_002dsecurity_jsp.java:127) >>>> at >>>> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>>> at >>>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) >>>> at >>>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) >>>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>>> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155) >>>> at >>>> org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>>> at >>>> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>>> at >>>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748) >>>> at >>>> org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:604) >>>> at >>>> org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:543) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.include(RequestDispatcherAdaptor.java:37) >>>> at >>>> org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.include(ContextPathServletAdaptor.java:369) >>>> at >>>> org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:954) >>>> at >>>> org.apache.jasper.runtime.PageContextImpl.doInclude(PageContextImpl.java:688) >>>> at >>>> org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:682) >>>> at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) >>>> at java.lang.reflect.Method.invoke(Method.java:606) >>>> at org.apache.tiles.jsp.context.JspUtil.doInclude(JspUtil.java:87) >>>> at >>>> org.apache.tiles.jsp.context.JspTilesRequestContext.include(JspTilesRequestContext.java:88) >>>> at >>>> org.apache.tiles.jsp.context.JspTilesRequestContext.dispatch(JspTilesRequestContext.java:82) >>>> at >>>> org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:465) >>>> at >>>> org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:140) >>>> at >>>> org.apache.tiles.jsp.taglib.InsertAttributeTag.render(InsertAttributeTag.java:117) >>>> at >>>> org.apache.tiles.jsp.taglib.RenderTagSupport.execute(RenderTagSupport.java:171) >>>> at >>>> org.apache.tiles.jsp.taglib.RoleSecurityTagSupport.doEndTag(RoleSecurityTagSupport.java:75) >>>> at >>>> org.apache.tiles.jsp.taglib.ContainerTagSupport.doEndTag(ContainerTagSupport.java:80) >>>> at >>>> org.apache.jsp.admin.layout.template_jsp._jspx_meth_tiles_005finsertAttribute_005f7(template_jsp.java:634) >>>> at >>>> org.apache.jsp.admin.layout.template_jsp._jspService(template_jsp.java:356) >>>> at >>>> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>>> at >>>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) >>>> at >>>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) >>>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>>> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155) >>>> at >>>> org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>>> at >>>> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>>> at >>>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748) >>>> at >>>> org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:486) >>>> at >>>> org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:411) >>>> at >>>> org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:338) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.RequestDispatcherAdaptor.forward(RequestDispatcherAdaptor.java:30) >>>> at >>>> org.eclipse.equinox.http.helper.ContextPathServletAdaptor$RequestDispatcherAdaptor.forward(ContextPathServletAdaptor.java:362) >>>> at >>>> org.apache.tiles.servlet.context.ServletTilesRequestContext.forward(ServletTilesRequestContext.java:198) >>>> at >>>> org.apache.tiles.servlet.context.ServletTilesRequestContext.dispatch(ServletTilesRequestContext.java:185) >>>> at >>>> org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:419) >>>> at >>>> org.apache.tiles.impl.BasicTilesContainer.render(BasicTilesContainer.java:370) >>>> at >>>> org.wso2.carbon.ui.action.ActionHelper.render(ActionHelper.java:52) >>>> at >>>> org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:101) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>>> at >>>> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) >>>> at >>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) >>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) >>>> at >>>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) >>>> at >>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) >>>> at >>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) >>>> at >>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) >>>> at >>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) >>>> at >>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) >>>> at >>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) >>>> at >>>> org.wso2.carbon.statistics.webapp.RequestIntercepterValve.invoke(RequestIntercepterValve.java:43) >>>> at >>>> org.wso2.carbon.bam.webapp.stat.publisher.WebAppStatisticPublisherValve.invoke(WebAppStatisticPublisherValve.java:104) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >>>> at >>>> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:154) >>>> at >>>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) >>>> at >>>> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) >>>> at >>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) >>>> at >>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) >>>> at >>>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040) >>>> at >>>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) >>>> at >>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1721) >>>> at >>>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1679) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >>>> at >>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >>>> at java.lang.Thread.run(Thread.java:745) >>>> Caused by: >>>> org.wso2.carbon.core.persistence.PersistenceDataNotFoundException: >>>> ResourceFileData not found. The Transaction May not have been initialized. >>>> see #beginTransaction. HelloWorldThe xpath used was >>>> /service[@name="HelloService"] >>>> at >>>> org.wso2.carbon.core.persistence.file.AbstractFilePersistenceManager.put(AbstractFilePersistenceManager.java:224) >>>> at >>>> org.wso2.carbon.security.config.SecurityConfigAdmin.applyPolicy(SecurityConfigAdmin.java:866) >>>> ... 132 more >>>> [2014-07-30 13:27:28,411] ERROR >>>> {org.wso2.carbon.security.ui.client.SecurityAdminClient} - >>>> org.apache.axis2.AxisFault: Service with name HelloService not found. >>>> >>>> >>>> Thanks >>>> Geeth >>>> >>>> >>>> >>>> *G. K. S. Munasinghe* >>>> *Software Engineer,* >>>> *WSO2, Inc. http://wso2.com <http://wso2.com/> * >>>> *lean.enterprise.middleware.* >>>> >>>> email: [email protected] >>>> phone:(+94) 777911226 >>>> >>> >>> >>> >>> -- >>> Krishantha Samaraweera >>> Senior Technical Lead - Test Automation >>> Mobile: +94 77 7759918 >>> WSO2, Inc.; http://wso2.com/ >>> lean . enterprise . middlewear. >>> >> >> >> >> -- >> Sagara Gunathunga >> >> Senior Technical Lead; WSO2, Inc.; http://wso2.com >> V.P Apache Web Services; http://ws.apache.org/ >> Linkedin; http://www.linkedin.com/in/ssagara >> Blog ; http://ssagara.blogspot.com >> >> > > > -- > Krishantha Samaraweera > Senior Technical Lead - Test Automation > Mobile: +94 77 7759918 > WSO2, Inc.; http://wso2.com/ > lean . enterprise . middlewear. > -- Krishantha Samaraweera Senior Technical Lead - Test Automation Mobile: +94 77 7759918 WSO2, Inc.; http://wso2.com/ lean . enterprise . middlewear.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
