Hi Kishanthan, Please find the requested information for [1] as a jira attchement. Please consider that I observed this issue only when both proxy context path and web context root is enabled as I mentioned in the JIRA.
[1] https://wso2.org/jira/browse/CARBON-15475 Thanks Hasanthi Dissanayake Software Engineer | WSO2 E: [email protected] <[email protected]> M :0718407133| http://wso2.com <http://wso2.com/> On Fri, Oct 16, 2015 at 2:38 PM, Kishanthan Thangarajah <[email protected] > wrote: > > > On Fri, Oct 16, 2015 at 11:27 AM, Johann Nallathamby <[email protected]> > wrote: > >> Hi Kishanthan/Kernel Team, >> >> We have added the test case as well to the same PR. >> > > Thanks Johann. > > @MB Team, could you guys verify that all your scenarios are now passing?. > We will start the next RC build once this is confirmed ASAP. > >> >> Also can we get CARBON-15505 merged? The PR for master is a very old PR >> which we have missed to review and merge. This mainly contains some >> reordering of fields in the UI to make it more consistent and reorder >> properties in user-mgt.xml to be consistent with UI. Hope we don't need any >> tests for this. >> > > I think its better not to add any more changes at this stage. We will > merge this for next patch release. > >> >> Any update on the 3 issues raised above ? >> > > For [1], we need more information to reproduce (LB & IS config, example > requests, HTTP access logs on both LB and IS side with this issue). Will > send a separate mail on that, but I believe its not a blocker for the IS > release right? > [2] and [3], we haven't seen this error previously and according the > trace, it looks like the "distributedCache" instance is becoming null in > CacheImpl class. If the exact steps can be found or given on how to > reproduce this, then we can work on finding the root cause for this. > > >> Thanks, >> Johann. >> >> On Thu, Oct 15, 2015 at 3:30 PM, Johann Nallathamby <[email protected]> >> wrote: >> >>> Hi Kishanthan/Kernel Team, >>> >>> We are in the process writing the test case for the issue. Should be >>> able to send it before end of day. >>> >>> [1] has been reported in another thread. This issue in particular looks >>> critical to me, because AFAIK there are many users using proxyContextPath. >>> Not sure about WebContextRoot though. Apart from that WSO2 QA has reported >>> [2,3] in IS 5.1.0 SNAPSHOT pack. May be its harmless, but looks like it is >>> coming from kernel and would like to get your thoughts on this if this is >>> critical and needs to be fixed. >>> >>> [1] https://wso2.org/jira/browse/CARBON-15475 >>> [2] https://wso2.org/jira/browse/IDENTITY-3815 >>> [3] https://wso2.org/jira/browse/IDENTITY-3817 >>> >>> And also it will be great if we can change the default value of >>> XSSPreventionConfig.Enabled to 'false' because this was added in order to >>> prevent XSS centrally, however the approach is not 100% bug free. Whoever >>> has this enabled needs to test all their functionality well. Therefore what >>> I suggest is to make it 'false' by default and whatever product that needs >>> it can enable it at product level. WDYT ? Can we do this ? >>> >>> Regards, >>> Johann. >>> >>> >>> On Wed, Oct 14, 2015 at 6:30 PM, Kishanthan Thangarajah < >>> [email protected]> wrote: >>> >>>> Can we also have test case for this fix please? >>>> >>>> On Wed, Oct 14, 2015 at 6:13 PM, Isura Karunaratne <[email protected]> >>>> wrote: >>>> >>>>> Hi, >>>>> >>>>> This issue is fixed in [1]. >>>>> >>>>> >>>>> Thanks >>>>> isura >>>>> >>>>> >>>>> [1] https://wso2.org/jira/browse/CARBON-15517 >>>>> >>>>> >>>>> On Wed, Oct 14, 2015 at 11:25 AM, Johann Nallathamby <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Isura, >>>>>> >>>>>> Can you look into this issue urgently. I remember you fixing an issue >>>>>> related to this. >>>>>> >>>>>> Thanks. >>>>>> >>>>>> On Wed, Oct 14, 2015 at 7:16 AM, Indika Sampath <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> I debug code of our and found issue. It seems implementation of some >>>>>>> API changed in user-core. Let me explain the flow. >>>>>>> >>>>>>> Our queue/topic creation has two call. >>>>>>> >>>>>>> 1. We create internal role when adding queue and assign >>>>>>> "changePermission", "publish", "consume" permissions to it. Which means >>>>>>> that, user who created particular queue can update permission, publish >>>>>>> or >>>>>>> consume. >>>>>>> >>>>>>> - Below code line used to get internal role name: >>>>>>> >>>>>>> UserCoreUtil.addInternalDomainName(QUEUE_ROLE_PREFIX + >>>>>>> queueName.replace(".","-").replace("/", "-")) >>>>>>> >>>>>>> result = {java.lang.String@10289}"*Internal/Q_userQueue*" >>>>>>> value = {char[21]@10290} >>>>>>> hash = 0 >>>>>>> hash32 = 0 >>>>>>> >>>>>>> - assign permission as below: >>>>>>> >>>>>>> userStoreManager.addRole(roleName, user, null); >>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>>>>> PERMISSION_CHANGE_PERMISSION); >>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>>>>> TreeNode.Permission.CONSUME.toString().toLowerCase()); >>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>>>>> TreeNode.Permission.PUBLISH.toString().toLowerCase()); >>>>>>> >>>>>>> 2. User can select some other role listed in in queue add page. He >>>>>>> can select these role when adding queue or later by updating queue. So >>>>>>> in >>>>>>> update permission we checked whether any of user's role has above assign >>>>>>> change permission. >>>>>>> >>>>>>> - get role list of user: >>>>>>> >>>>>>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser) >>>>>>> >>>>>>> result = {java.lang.String[3]@9689} >>>>>>> [0] = {java.lang.String@9690}"*Internal/Q_userQueue*" >>>>>>> [1] = {java.lang.String@9691}"Internal/everyone" >>>>>>> [2] = {java.lang.String@9692}"role1" >>>>>>> >>>>>>> - check whether any of role has change permission >>>>>>> >>>>>>> for (String userRole : userRoles) { >>>>>>> if >>>>>>> (userRealm.getAuthorizationManager().isRoleAuthorized(userRole, queueID, >>>>>>> PERMISSION_CHANGE_PERMISSION)) { >>>>>>> isUserHasChangePermission = true; >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> Issue is above check false for all roles. But we assigned change >>>>>>> permission to *Internal/Q_userQueue* role when creating queue. >>>>>>> >>>>>>> 3. Next I evaluate below code line to check whether which role has >>>>>>> change permission to queueID. Result is as below: >>>>>>> >>>>>>> userRealm.getAuthorizationManager().getAllowedRolesForResource(queueID, >>>>>>> PERMISSION_CHANGE_PERMISSION) >>>>>>> >>>>>>> result = {java.lang.String[1]@9694} >>>>>>> [0] = {java.lang.String@9686}"*INTERNAL/Q_userQueue*" >>>>>>> >>>>>>> Result has different role name. We created role name called >>>>>>> *Internal/Q_userQueue* and assign permissions but it has created >>>>>>> with different name *INTERNAL/Q_userQueue* and assign permission. >>>>>>> >>>>>>> Please have look into this because it is blocking issue to our >>>>>>> implementation. >>>>>>> >>>>>>> Cheers! >>>>>>> >>>>>>> >>>>>>> On Tue, Oct 13, 2015 at 5:22 PM, Kishanthan Thangarajah < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Was this issue found in 4.4.2 RC1 too? >>>>>>>> >>>>>>>> On Tue, Oct 13, 2015 at 4:58 PM, Sasikala Kottegoda < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Manuri, >>>>>>>>> >>>>>>>>> We tested MB 3.0.0 with this release and our scenario of queue >>>>>>>>> creation fails after giving a permission denied error. The scenario >>>>>>>>> is as >>>>>>>>> follows: >>>>>>>>> >>>>>>>>> 1. Create a user "user1" with a role assigned with permission to >>>>>>>>> create queues. >>>>>>>>> 2. Login from "user1" and try to create a queue, we get a >>>>>>>>> permission denied error. >>>>>>>>> >>>>>>>>> When creating a queue the following happens from our code. >>>>>>>>> >>>>>>>>> 1. We create an internal role for the queue and assign it to the >>>>>>>>> current user with permissions assigned. >>>>>>>>> >>>>>>>>> userRealm.getAuthorizationManager().authorizeRole(roleName, queueId, >>>>>>>>> >>>>>>>>> PERMISSION_CHANGE_PERMISSION); >>>>>>>>> >>>>>>>>> 2. Next, we create the queue and update permissions for the queue. In >>>>>>>>> this step, we check if the current user has permissions to change the >>>>>>>>> queue. >>>>>>>>> >>>>>>>>> String[] userRoles = >>>>>>>>> userRealm.getUserStoreManager().getRoleListOfUser(loggedInUser); >>>>>>>>> for (String userRole : userRoles) { >>>>>>>>> if (userRealm.getAuthorizationManager().isRoleAuthorized( >>>>>>>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION)) { >>>>>>>>> isUserHasChangePermission = true; >>>>>>>>> } >>>>>>>>> } >>>>>>>>> >>>>>>>>> At this stage, >>>>>>>>> *'*(userRealm.getAuthorizationManager().isRoleAuthorized( >>>>>>>>> userRole, queueID, PERMISSION_CHANGE_PERMISSION))' false >>>>>>>>> implying that any of roles assigned to the user do not have >>>>>>>>> permissions to change the queue, thus not allowing the user to create >>>>>>>>> the queue. >>>>>>>>> >>>>>>>>> >>>>>>>>> Thank you >>>>>>>>> >>>>>>>>> >>>>>>>>> On Mon, Oct 12, 2015 at 9:24 PM, Manuri Amaya Perera < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi Devs, >>>>>>>>>> >>>>>>>>>> WSO2 Carbon Kernel 4.4.2 RC2 Release Vote. >>>>>>>>>> >>>>>>>>>> This release fixes the following issues: >>>>>>>>>> https://wso2.org/jira/issues/?filter=12396 >>>>>>>>>> >>>>>>>>>> Please download and test your products with kernel 4.4.2 RC2 and >>>>>>>>>> vote. Vote will be open for 72 hours or longer as needed. >>>>>>>>>> >>>>>>>>>> *​Source and binary distribution files:* >>>>>>>>>> https://svn.wso2.org/repos/wso2/people/aruna/v4.4.2-rc2 >>>>>>>>>> >>>>>>>>>> *Maven staging repository:* >>>>>>>>>> >>>>>>>>>> http://maven.wso2.org/nexus/content/repositories/orgwso2carbon-019/ >>>>>>>>>> >>>>>>>>>> *The tag to be voted upon:* >>>>>>>>>> https://github.com/wso2/carbon-kernel/tree/v4.4.2-rc2 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> [ ] Broken - do not release (explain why) >>>>>>>>>> [ ] Stable - go ahead and release >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thank you >>>>>>>>>> Carbon Team >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> *Manuri Amaya Perera* >>>>>>>>>> >>>>>>>>>> *Software Engineer* >>>>>>>>>> >>>>>>>>>> *WSO2 Inc.* >>>>>>>>>> >>>>>>>>>> *Blog: http://manuriamayaperera.blogspot.com >>>>>>>>>> <http://manuriamayaperera.blogspot.com>* >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Dev mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Sasikala Kottegoda >>>>>>>>> *Software Engineer* >>>>>>>>> WSO2 Inc., http://wso2.com/ >>>>>>>>> lean. enterprise. middleware >>>>>>>>> Mobile: +94 774835928/712792401 >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Dev mailing list >>>>>>>>> [email protected] >>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Kishanthan Thangarajah* >>>>>>>> Associate Technical Lead, >>>>>>>> Platform Technologies Team, >>>>>>>> WSO2, Inc. >>>>>>>> lean.enterprise.middleware >>>>>>>> >>>>>>>> Mobile - +94773426635 >>>>>>>> Blog - *http://kishanthan.wordpress.com >>>>>>>> <http://kishanthan.wordpress.com>* >>>>>>>> Twitter - *http://twitter.com/kishanthan >>>>>>>> <http://twitter.com/kishanthan>* >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Dev mailing list >>>>>>>> [email protected] >>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Indika Sampath >>>>>>> Senior Software Engineer >>>>>>> WSO2 Inc. >>>>>>> http://wso2.com >>>>>>> >>>>>>> Phone: +94 716 424 744 >>>>>>> Blog: http://indikasampath.blogspot.com/ >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> >>>>>> *Johann Dilantha Nallathamby* >>>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>>> Governance Technologies Team >>>>>> WSO2, Inc. >>>>>> lean.enterprise.middleware >>>>>> >>>>>> Mobile - *+94777776950* >>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Isura Dilhara Karunaratne >>>>> Senior Software Engineer >>>>> >>>>> Mob +94 772 254 810 >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Kishanthan Thangarajah* >>>> Associate Technical Lead, >>>> Platform Technologies Team, >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - +94773426635 >>>> Blog - *http://kishanthan.wordpress.com >>>> <http://kishanthan.wordpress.com>* >>>> Twitter - *http://twitter.com/kishanthan >>>> <http://twitter.com/kishanthan>* >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Technical Lead & Product Lead of WSO2 Identity Server >>> Governance Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Technical Lead & Product Lead of WSO2 Identity Server >> Governance Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >> > > > > -- > *Kishanthan Thangarajah* > Associate Technical Lead, > Platform Technologies Team, > WSO2, Inc. > lean.enterprise.middleware > > Mobile - +94773426635 > Blog - *http://kishanthan.wordpress.com <http://kishanthan.wordpress.com>* > Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>* > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
