Hi Anuruddha, On Wed, Jan 14, 2015 at 11:28 AM, Anuruddha Premalal <[email protected]> wrote:
> Hi, > > Due to security reasons it's not possible to perform file operations > outside the web root context, so we can't store uploaded applications to > CARBON_HOME/tmp. > What are security issues we face? is it because end user upload the file directly to the CARBON_HOME/tmp? If this is done by a signed code, java security manager will validate and will not throw exceptions. Can you share the exceptions. thank you. > > Hence I'm trying the first option as the solution. OSGI fragment will have > a required bundle and it'll have the compenent.xml which needs to be > overridden. > > However there's an additional overhead of maintaining this fragment and > the fragment-dependency along with jaggery releases (cause of the version > changes). > > Regards, > Anuruddha. > > > On Tue, Jan 13, 2015 at 1:30 PM, Dimuthu Leelarathne <[email protected]> > wrote: > >> >> >> On Tue, Jan 13, 2015 at 12:49 PM, Anuruddha Premalal <[email protected]> >> wrote: >> >>> Hi, >>> >>> Once we upload an application to appfactory it get stored temporally >>> inside* >>> wso2appfctory-2.1.0/repository/deployment/server/jaggeryapps/appmgt/tmp/tmpUploadedApps >>> . * Notice that this location is inside jaggeryapps folder. >>> >>> Issue is if we upload a zip file it gets automatically deployed inside >>> the uploaded location by the jaggerydeployer and it deletes the original >>> uploaded zip. >>> >>> Initially following are the fixes that are going to try. >>> >>> * Try to override the jaggerydeployer component.xml file by writing an >>> osgi fragment. >>> - here component.xml file contains the information about the deployer. >>> So we can try overriding this xml and remove the zip file deploery. >>> >>> * Turn off hot deployment in axis2.xml >>> - but this will cause issue in apptype and runtime hot deployment? >>> >>> >> * Upload the applicatoins to carbon_home/tmp location >>> - This location is not visible to appmgt webapp home. Is there a way to >>> pass the uploaded file to osgi back-end via jaggery? >>> >> >> The fix is to copy the file into the temp location. And then reading the >> file from that location. Pass the file name is straight forward coding. >> >> thanks, >> dimuthu >> >> >>> >>> Appreciate your inputs in solving this issue [1]. >>> >>> [1] https://wso2.org/jira/browse/APPFAC-2740 >>> >>> Regards, >>> -- >>> *Anuruddha Premalal* >>> Software Eng. | WSO2 Inc. >>> Mobile : +94710461070 >>> Web site : www.regilandvalley.com >>> >>> >> >> >> -- >> Dimuthu Leelarathne >> Architect & Product Lead of App Factory >> >> WSO2, Inc. (http://wso2.com) >> email: [email protected] >> Mobile : 0773661935 >> >> Lean . Enterprise . Middleware >> > > > > -- > *Anuruddha Premalal* > Software Eng. | WSO2 Inc. > Mobile : +94710461070 > Web site : www.regilandvalley.com > > -- Manjula Rathnayaka Software Engineer WSO2, Inc. Mobile:+94 77 743 1987
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
