On Fri, Oct 16, 2015 at 11:27 AM, Johann Nallathamby <joh...@wso2.com> wrote:
> Hi Kishanthan/Kernel Team, > > We have added the test case as well to the same PR. > Thanks Johann. @MB Team, could you guys verify that all your scenarios are now passing?. We will start the next RC build once this is confirmed ASAP. > > Also can we get CARBON-15505 merged? The PR for master is a very old PR > which we have missed to review and merge. This mainly contains some > reordering of fields in the UI to make it more consistent and reorder > properties in user-mgt.xml to be consistent with UI. Hope we don't need any > tests for this. > I think its better not to add any more changes at this stage. We will merge this for next patch release. > > Any update on the 3 issues raised above ? > For [1], we need more information to reproduce (LB & IS config, example requests, HTTP access logs on both LB and IS side with this issue). Will send a separate mail on that, but I believe its not a blocker for the IS release right? [2] and [3], we haven't seen this error previously and according the trace, it looks like the "distributedCache" instance is becoming null in CacheImpl class. If the exact steps can be found or given on how to reproduce this, then we can work on finding the root cause for this. > Thanks, > Johann. > > On Thu, Oct 15, 2015 at 3:30 PM, Johann Nallathamby <joh...@wso2.com> > wrote: > >> Hi Kishanthan/Kernel Team, >> >> We are in the process writing the test case for the issue. Should be able >> to send it before end of day. >> >> [1] has been reported in another thread. This issue in particular looks >> critical to me, because AFAIK there are many users using proxyContextPath. >> Not sure about WebContextRoot though. Apart from that WSO2 QA has reported >> [2,3] in IS 5.1.0 SNAPSHOT pack. May be its harmless, but looks like it is >> coming from kernel and would like to get your thoughts on this if this is >> critical and needs to be fixed. >> >> [1] https://wso2.org/jira/browse/CARBON-15475 >> [2] https://wso2.org/jira/browse/IDENTITY-3815 >> [3] https://wso2.org/jira/browse/IDENTITY-3817 >> >> And also it will be great if we can change the default value of >> XSSPreventionConfig.Enabled to 'false' because this was added in order to >> prevent XSS centrally, however the approach is not 100% bug free. Whoever >> has this enabled needs to test all their functionality well. Therefore what >> I suggest is to make it 'false' by default and whatever product that needs >> it can enable it at product level. WDYT ? Can we do this ? >> >> Regards, >> Johann. >> >> >> On Wed, Oct 14, 2015 at 6:30 PM, Kishanthan Thangarajah < >> kishant...@wso2.com> wrote: >> >>> Can we also have test case for this fix please? >>> >>> On Wed, Oct 14, 2015 at 6:13 PM, Isura Karunaratne <is...@wso2.com> >>> wrote: >>> >>>> Hi, >>>> >>>> This issue is fixed in [1]. >>>> >>>> >>>> Thanks >>>> isura >>>> >>>> >>>> [1] https://wso2.org/jira/browse/CARBON-15517 >>>> >>>> >>>> On Wed, Oct 14, 2015 at 11:25 AM, Johann Nallathamby <joh...@wso2.com> >>>> wrote: >>>> >>>>> Hi Isura, >>>>> >>>>> Can you look into this issue urgently. I remember you fixing an issue >>>>> related to this. >>>>> >>>>> Thanks. >>>>> >>>>> On Wed, Oct 14, 2015 at 7:16 AM, Indika Sampath <indi...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> I debug code of our and found issue. It seems implementation of some >>>>>> API changed in user-core. Let me explain the flow. >>>>>> >>>>>> Our queue/topic creation has two call. >>>>>> >>>>>> 1. We create internal role when adding queue and assign >>>>>> "changePermission", "publish", "consume" permissions to it. Which means >>>>>> that, user who created particular queue can update permission, publish or >>>>>> consume. >>>>>> >>>>>> - Below code line used to get internal role name: >>>>>> >>>>>> UserCoreUtil.addInternalDomainName(QUEUE_ROLE_PREFIX + >>>>>> queueName.replace(".","-").replace("/", "-")) >>>>>> >>>>>> result = {java.lang.String@10289}"*Internal/Q_userQueue*" >>>>>> value = {char[21]@10290} >>>>>> hash = 0 >>>>>> hash32 = 0 >>>>>> >>>>>> - assign permission as below: >>>>>> >>>>>> userStoreManager.addRole(roleName, user, null); >>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>>>> PERMISSION_CHANGE_PERMISSION); >>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>>>> TreeNode.Permission.CONSUME.toString().toLowerCase()); >>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>>>> TreeNode.Permission.PUBLISH.toString().toLowerCase()); >>>>>> >>>>>> 2. User can select some other role listed in in queue add page. He >>>>>> can select these role when adding queue or later by updating queue. So in >>>>>> update permission we checked whether any of user's role has above assign >>>>>> change permission. >>>>>> >>>>>> - get role list of user: >>>>>> >>>>>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser) >>>>>> >>>>>> result = {java.lang.String[3]@9689} >>>>>> [0] = {java.lang.String@9690}"*Internal/Q_userQueue*" >>>>>> [1] = {java.lang.String@9691}"Internal/everyone" >>>>>> [2] = {java.lang.String@9692}"role1" >>>>>> >>>>>> - check whether any of role has change permission >>>>>> >>>>>> for (String userRole : userRoles) { >>>>>> if >>>>>> (userRealm.getAuthorizationManager().isRoleAuthorized(userRole, queueID, >>>>>> PERMISSION_CHANGE_PERMISSION)) { >>>>>> isUserHasChangePermission = true; >>>>>> } >>>>>> } >>>>>> >>>>>> Issue is above check false for all roles. But we assigned change >>>>>> permission to *Internal/Q_userQueue* role when creating queue. >>>>>> >>>>>> 3. Next I evaluate below code line to check whether which role has >>>>>> change permission to queueID. Result is as below: >>>>>> >>>>>> userRealm.getAuthorizationManager().getAllowedRolesForResource(queueID, >>>>>> PERMISSION_CHANGE_PERMISSION) >>>>>> >>>>>> result = {java.lang.String[1]@9694} >>>>>> [0] = {java.lang.String@9686}"*INTERNAL/Q_userQueue*" >>>>>> >>>>>> Result has different role name. We created role name called >>>>>> *Internal/Q_userQueue* and assign permissions but it has created >>>>>> with different name *INTERNAL/Q_userQueue* and assign permission. >>>>>> >>>>>> Please have look into this because it is blocking issue to our >>>>>> implementation. >>>>>> >>>>>> Cheers! >>>>>> >>>>>> >>>>>> On Tue, Oct 13, 2015 at 5:22 PM, Kishanthan Thangarajah < >>>>>> kishant...@wso2.com> wrote: >>>>>> >>>>>>> Was this issue found in 4.4.2 RC1 too? >>>>>>> >>>>>>> On Tue, Oct 13, 2015 at 4:58 PM, Sasikala Kottegoda < >>>>>>> sasik...@wso2.com> wrote: >>>>>>> >>>>>>>> Hi Manuri, >>>>>>>> >>>>>>>> We tested MB 3.0.0 with this release and our scenario of queue >>>>>>>> creation fails after giving a permission denied error. The scenario is >>>>>>>> as >>>>>>>> follows: >>>>>>>> >>>>>>>> 1. Create a user "user1" with a role assigned with permission to >>>>>>>> create queues. >>>>>>>> 2. Login from "user1" and try to create a queue, we get a >>>>>>>> permission denied error. >>>>>>>> >>>>>>>> When creating a queue the following happens from our code. >>>>>>>> >>>>>>>> 1. We create an internal role for the queue and assign it to the >>>>>>>> current user with permissions assigned. >>>>>>>> >>>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>>>>>> >>>>>>>> PERMISSION_CHANGE_PERMISSION); >>>>>>>> >>>>>>>> 2. Next, we create the queue and update permissions for the queue. In >>>>>>>> this step, we check if the current user has permissions to change the >>>>>>>> queue. >>>>>>>> >>>>>>>> String[] userRoles = >>>>>>>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser); >>>>>>>> for (String userRole : userRoles) { >>>>>>>> if (userRealm.getAuthorizationManager().isRoleAuthorized( >>>>>>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION)) { >>>>>>>> isUserHasChangePermission = true; >>>>>>>> } >>>>>>>> } >>>>>>>> >>>>>>>> At this stage, >>>>>>>> *'*(userRealm.getAuthorizationManager().isRoleAuthorized( >>>>>>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION))' false >>>>>>>> implying that any of roles assigned to the user do not have >>>>>>>> permissions to change the queue, thus not allowing the user to create >>>>>>>> the queue. >>>>>>>> >>>>>>>> >>>>>>>> Thank you >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Oct 12, 2015 at 9:24 PM, Manuri Amaya Perera < >>>>>>>> manu...@wso2.com> wrote: >>>>>>>> >>>>>>>>> Hi Devs, >>>>>>>>> >>>>>>>>> WSO2 Carbon Kernel 4.4.2 RC2 Release Vote. >>>>>>>>> >>>>>>>>> This release fixes the following issues: >>>>>>>>> https://wso2.org/jira/issues/?filter=12396 >>>>>>>>> >>>>>>>>> Please download and test your products with kernel 4.4.2 RC2 and >>>>>>>>> vote. Vote will be open for 72 hours or longer as needed. >>>>>>>>> >>>>>>>>> *​Source and binary distribution files:* >>>>>>>>> https://svn.wso2.org/repos/wso2/people/aruna/v4.4.2-rc2 >>>>>>>>> >>>>>>>>> *Maven staging repository:* >>>>>>>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-019/ >>>>>>>>> >>>>>>>>> *The tag to be voted upon:* >>>>>>>>> https://github.com/wso2/carbon-kernel/tree/v4.4.2-rc2 >>>>>>>>> >>>>>>>>> >>>>>>>>> [ ] Broken - do not release (explain why) >>>>>>>>> [ ] Stable - go ahead and release >>>>>>>>> >>>>>>>>> >>>>>>>>> Thank you >>>>>>>>> Carbon Team >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> *Manuri Amaya Perera* >>>>>>>>> >>>>>>>>> *Software Engineer* >>>>>>>>> >>>>>>>>> *WSO2 Inc.* >>>>>>>>> >>>>>>>>> *Blog: http://manuriamayaperera.blogspot.com >>>>>>>>> <http://manuriamayaperera.blogspot.com>* >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> Dev@wso2.org >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Sasikala Kottegoda >>>>>>>> *Software Engineer* >>>>>>>> WSO2 Inc., http://wso2.com/ >>>>>>>> lean. enterprise. middleware >>>>>>>> Mobile: +94 774835928/712792401 >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> Dev@wso2.org >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Kishanthan Thangarajah* >>>>>>> Associate Technical Lead, >>>>>>> Platform Technologies Team, >>>>>>> WSO2, Inc. >>>>>>> lean.enterprise.middleware >>>>>>> >>>>>>> Mobile - +94773426635 >>>>>>> Blog - *http://kishanthan.wordpress.com >>>>>>> <http://kishanthan.wordpress.com>* >>>>>>> Twitter - *http://twitter.com/kishanthan >>>>>>> <http://twitter.com/kishanthan>* >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Dev mailing list >>>>>>> Dev@wso2.org >>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Indika Sampath >>>>>> Senior Software Engineer >>>>>> WSO2 Inc. >>>>>> http://wso2.com >>>>>> >>>>>> Phone: +94 716 424 744 >>>>>> Blog: http://indikasampath.blogspot.com/ >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> >>>>> *Johann Dilantha Nallathamby* >>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>> Governance Technologies Team >>>>> WSO2, Inc. >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile - *+94777776950* >>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>> >>>> >>>> >>>> >>>> -- >>>> Isura Dilhara Karunaratne >>>> Senior Software Engineer >>>> >>>> Mob +94 772 254 810 >>>> >>>> >>> >>> >>> -- >>> *Kishanthan Thangarajah* >>> Associate Technical Lead, >>> Platform Technologies Team, >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - +94773426635 >>> Blog - *http://kishanthan.wordpress.com >>> <http://kishanthan.wordpress.com>* >>> Twitter - *http://twitter.com/kishanthan >>> <http://twitter.com/kishanthan>* >>> >> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > -- *Kishanthan Thangarajah* Associate Technical Lead, Platform Technologies Team, WSO2, Inc. lean.enterprise.middleware Mobile - +94773426635 Blog - *http://kishanthan.wordpress.com <http://kishanthan.wordpress.com>* Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
