Hi Kasun! I might have found a proper way to deal with security by overriding CarbonWebAppLoader#backgroundProcess and wrapping all in a tenant flow with the super tenant. i added a comment in the jira and added my patch.
regards, Thomas Am Donnerstag, 14. August 2014 schrieb Kasun Gajasinghe : > > > On Wednesday, August 13, 2014, Thomas Wieger <[email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>> wrote: > >> Hi Kasun, >> >> i have created Ticket WSAS-1771 for this in JIRA ( >> https://wso2.org/jira/browse/WSAS-1771) and provided a patch file for >> the two changed classes. Additionally i have provided a stacktrace, which >> you get without patching the CarbonTomcatSessionManager#checkAccess method. >> Looks like checkAccess deals with some tenant isolation stuff. Due to the >> fact, that the reloading thread has been created from Tomcat and not under >> the control of carbon, this might be the cause of the problem... >> >> Would love to hear soon from you, whether you can reenable the context >> reloading in AS. >> >> > We can re-enable it. AS 6.0.0 is coming up. But we got to fix the issue > with security. > > Thanks. > > >> regards, >> >> Thomas >> >> On Sat, Aug 9, 2014 at 5:01 AM, Kasun Gajasinghe <[email protected]> wrote: >> >>> Hi Thomas, >>> >>> Thanks for bringing this to our attention. We certainly need to look >>> into this. Can you explain why you had to turn off the checkAccess method? >>> Any stack traces? >>> >>> Also, it would be preferred if you can open a public jira [1] as well to >>> track this. >>> >>> [1] https://wso2.org/jira/browse/WSAS >>> >>> KasunG >>> >>> On Sat, Aug 9, 2014 at 1:48 AM, Thomas Wieger < >>> [email protected]> wrote: >>> >>>> i always loved the productivity i got from tomcat using exploded wars. >>>> using eclipse and directly compiling into the exploded WEB-INF/classes got >>>> Tomcat pick up my changes in seconds. Using wso2 with its embedded tomcat i >>>> noticed, that you turned off this great feature. any chance, that you could >>>> repair this? >>>> >>>> i tinkered around with your code base and got the context reloading >>>> working by a small change in TomcatGenericWebappsDeployer >>>> https://svn.wso2.org/repos/wso2/carbon/platform/tags/turing-chunk05/components/webapp-mgt/org.wso2.carbon.webapp.mgt/4.2.2/src/main/java/org/wso2/carbon/webapp/mgt/TomcatGenericWebappsDeployer.java. >>>> I just commented out the statement "context.setReloadable(false)". I also >>>> had to turn off the checkAccess method in CarbonTomcatSessionManager >>>> <https://svn.wso2.org/repos/wso2/carbon/platform/tags/turing-chunk05/components/webapp-mgt/org.wso2.carbon.webapp.mgt/4.2.2/src/main/java/org/wso2/carbon/webapp/mgt/CarbonTomcatSessionManager.java> >>>> >>>> https://svn.wso2.org/repos/wso2/carbon/platform/tags/turing-chunk05/components/webapp-mgt/org.wso2.carbon.webapp.mgt/4.2.2/src/main/java/org/wso2/carbon/webapp/mgt/CarbonTomcatSessionManager.java >>>> I assume, the latter is quite a little bit brute force and there should >>>> be a better way. >>>> >>>> Anyway, with these two changes i got back the Tomcat productivity with >>>> WSO2 AS 5.2.1. >>>> >>>> Would like to get your feedback on >>>> a) my approach >>>> b) any possibly better alternatives, you could suggest, which i might >>>> have missed >>>> c) what chance to get back the tomcat development speed with exploded >>>> wars in a future release of wso2 as >>>> >>>> best regards, >>>> >>>> thomas wieger >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> >>> *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. >>> email: kasung AT spamfree wso2.com >>> linked-in: http://lk.linkedin.com/in/gajasinghe >>> blog: http://kasunbg.org >>> >>> >>> >> >> > > -- > > *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. > email: kasung AT spamfree wso2.com > linked-in: http://lk.linkedin.com/in/gajasinghe > blog: http://kasunbg.org > > > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
