On Thu, Oct 20, 2016 at 1:40 PM, Harsha Thirimanna <[email protected]> wrote:
> > > *Harsha Thirimanna* > Associate Tech Lead | WSO2 > > Email: [email protected] > Mob: +94715186770 > Blog: http://harshathirimanna.blogspot.com/ > Twitter: http://twitter.com/harshathirimann > Linked-In: linked-in: http://www.linkedin.com/pub/ > harsha-thirimanna/10/ab8/122 > <http://wso2.com/signature> > > On Thu, Oct 20, 2016 at 1:39 PM, Harsha Thirimanna <[email protected]> > wrote: > >> Moving to DEV... >> >> *Harsha Thirimanna* >> Associate Tech Lead | WSO2 >> >> Email: [email protected] >> Mob: +94715186770 >> Blog: http://harshathirimanna.blogspot.com/ >> Twitter: http://twitter.com/harshathirimann >> Linked-In: linked-in: http://www.linkedin.com/pub/ha >> rsha-thirimanna/10/ab8/122 >> <http://wso2.com/signature> >> >> On Thu, Oct 20, 2016 at 12:49 PM, Harsha Thirimanna <[email protected]> >> wrote: >> > Hi, At this point I don't think that its good idea to remove already available authentication mechanism and use this instead, for secured APIs since those may have some logics those apis need. Instead only check with the REST APIs that need security. WDYT ? -Ishara > If there any REST API that already secured within itself the feature, then >>> we have to remove it and use this. As ex : DCR. in DCR we expect user in >>> request payload for now and that APIs are not secured. After apply this we >>> can remove the user from request payload and rely on this. And same as we >>> may have to check other REST APIs whether those are rely on any other >>> secure mechanism. >>> >>> @Isura, Can you please confirm in identity management REST API like >>> inforecovery ? >>> >>> @Ayesha, >>> Ishara already test the DCR and you can fix that removing user in >>> payload, apply this and test. >>> >>> *Harsha Thirimanna* >>> Associate Tech Lead | WSO2 >>> >>> Email: [email protected] >>> Mob: +94715186770 >>> Blog: http://harshathirimanna.blogspot.com/ >>> Twitter: http://twitter.com/harshathirimann >>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>> rsha-thirimanna/10/ab8/122 >>> <http://wso2.com/signature> >>> >>> On Thu, Oct 20, 2016 at 12:34 PM, Ishara Karunarathna <[email protected]> >>> wrote: >>> >>>> Hi Ayesha, >>>> >>>> This feature provide a authentication layer in front of any unsecured >>>> REST APIs. So do we need to test this with all the REST APIs ? >>>> >>>> -Ishara >>>> >>>> >>>> On Thu, Oct 20, 2016 at 12:05 PM, Ayesha Dissanayaka <[email protected]> >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I have started testing the"Generic Authentication Mechanism to all the >>>>> REST APIs" feature [1] in IS-5.3.0. >>>>> Please mention details on REST APIs in IS services which needs to be >>>>> secured, so that I can test those APIs with this feature. >>>>> >>>>> [1] https://wso2.org/jira/browse/IDENTITY-4742 >>>>> >>>>> Thanks! >>>>> -Ayesha >>>>> >>>>> -- >>>>> *Ayesha Dissanayaka* >>>>> Software Engineer, >>>>> WSO2, Inc : http://wso2.com >>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>>>> 20, Palmgrove Avenue, Colombo 3 >>>>> E-Mail: [email protected] <[email protected]> >>>>> >>>> >>>> >>>> >>>> -- >>>> Ishara Karunarathna >>>> Associate Technical Lead >>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>> >>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>> +94717996791 >>>> >>>> >>>> >>> >> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Ishara Karunarathna Associate Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
