On Mon, Sep 4, 2017 at 2:44 PM, Hasintha Indrajee <hasin...@wso2.com> wrote:
> I think we must avoid this if this is just to check whether the endpoint > exists or not. This is anyway a costly operation. Head will only reduce the > transport cost. Otherwise when the head request reaches back end, it does > the relevant operation treating the request as a GET and avoid responding > with actual payload. In our case this is very costly because within these > calls, there are user store accesses and multiple other DB accesses. > We'll need that check (or some other way) to check whether the identity mgt webapp exists and deployed since some products don't ship it by default. And yes, we need to get rid of calling an endpoint which does any heavy work. So shall we do the HEAD to a page which does not do any heavy work? May be to "accountrecoveryendpoint/error.jsp"? > > On Fri, Aug 18, 2017 at 4:39 PM, Isura Karunaratne <is...@wso2.com> wrote: > >> >> On Fri, Aug 18, 2017 at 4:33 PM Malithi Edirisinghe <malit...@wso2.com> >> wrote: >> >>> On Fri, Aug 18, 2017 at 4:02 PM, Isura Karunaratne <is...@wso2.com> >>> wrote: >>> >>>> Hi Malithi, >>>> >>>> On Fri, Aug 18, 2017 at 3:41 PM, Malithi Edirisinghe <malit...@wso2.com >>>> > wrote: >>>> >>>>> >>>>> >>>>> On Fri, Aug 18, 2017 at 12:31 PM, Nuwandi Wickramasinghe < >>>>> nuwan...@wso2.com> wrote: >>>>> >>>>>> Looks like http calls are done to validate the endpoint url. Do we >>>>>> need this validation before showing the link? >>>>>> >>>>>> Shall we remove these calls and directly show the hyper link? >>>>>> >>>>> >>>>> So here the validation is done as we are invoking another webapp. So >>>>> that this check make sure a broken link is never to be shown in this login >>>>> page. Moreover, this is just a HEAD call so I don't think invoking that >>>>> impacts the login page performance, because the actual page is not getting >>>>> rendered here. >>>>> The other thing is these webapps are coming from two features, so IMO, >>>>> we cannot directly couple them together. >>>>> >>>> >>>> Is that working correctly?. I think HEAD operation returns 200 OK for >>>> any endpoint starting with https://localhost:9443. >>>> >>> >>> How can that happen ? >>> >> Because carbon redirects invalid urls to main page. >> > This is because the http client follows the redirects by default. If we disable following redirects at the client this check should be possible, and it will return a 302 if identity mgt web app doesn't exist. > >> >> We call head on the URL right. Anyway, if it's not working we should fix. >>> >>>> >>>> Thanks >>>> Isura. >>>> >>>> >>>>>> On Fri, Aug 18, 2017 at 11:54 AM, Farasath Ahamed <farasa...@wso2.com >>>>>> > wrote: >>>>>> >>>>>>> >>>>>>> There is another complication here. We are not honouring the >>>>>>> hostname verification settings set by Kernel when doing the backend >>>>>>> call. >>>>>>> Ideally, we should be using the common-http client if we are doing >>>>>>> any backend https calls. >>>>>>> >>>>>>> >>>>>>> Farasath Ahamed >>>>>>> Software Engineer, WSO2 Inc.; http://wso2.com >>>>>>> Mobile: +94777603866 >>>>>>> Blog: blog.farazath.com >>>>>>> Twitter: @farazath619 <https://twitter.com/farazath619> >>>>>>> <http://wso2.com/signature> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Fri, Aug 18, 2017 at 11:45 AM, Gayan Gunawardana <ga...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> In IS 5.4.0-m2 SSO login page we can see couple of hyper links for >>>>>>>> Forgot Password, Forgot Username, Register Now as below. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Actually how it renders is >>>>>>>> >>>>>>>> <% >>>>>>>> url = new URL(identityMgtEndpointContext + >>>>>>>> "/recoverpassword.do?callback=" + Encode.forHtmlAttribute >>>>>>>> (urlEncodedURL)); >>>>>>>> httpURLConnection = (HttpURLConnection) >>>>>>>> url.openConnection(); >>>>>>>> httpURLConnection.setRequestMethod("HEAD"); >>>>>>>> httpURLConnection.connect(); >>>>>>>> if (httpURLConnection.getResponseCode() == >>>>>>>> HttpURLConnection.HTTP_OK) { >>>>>>>> %> >>>>>>>> <a id="passwordRecoverLink" href="<%=url%>">Forgot Password >>>>>>>> </a> >>>>>>>> <br/><br/> >>>>>>>> <% >>>>>>>> } >>>>>>>> >>>>>>>> So every time when user goes to SSO login page need to send 3 http >>>>>>>> requests to render 3 hyper links. Also if any of API raises back-end >>>>>>>> exception, bad stack trace will be printed as below. >>>>>>>> >>>>>>>> WARN {org.apache.cxf.phase.PhaseInterceptorChain} - Application { >>>>>>>> http://endpoint.recovery.identity.carbon.wso2.org/}ClaimsApi has >>>>>>>> thrown exception, unwinding now >>>>>>>> org.apache.cxf.interceptor.Fault >>>>>>>> >>>>>>>> Is there a better way to handle this situation ? >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Gayan >>>>>>>> >>>>>>>> -- >>>>>>>> Gayan Gunawardana >>>>>>>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/ >>>>>>>> Email: ga...@wso2.com >>>>>>>> Mobile: +94 (71) 8020933 >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Best Regards, >>>>>> >>>>>> Nuwandi Wickramasinghe >>>>>> >>>>>> Software Engineer >>>>>> >>>>>> WSO2 Inc. >>>>>> >>>>>> Web : http://wso2.com >>>>>> >>>>>> Mobile : 0719214873 <071%20921%204873> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Malithi Edirisinghe* >>>>> Associate Technical Lead >>>>> WSO2 Inc. >>>>> >>>>> Mobile : +94 (0) 718176807 >>>>> malit...@wso2.com >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> *Isura Dilhara Karunaratne* >>>> Associate Technical Lead | WSO2 >>>> Email: is...@wso2.com >>>> Mob : +94 772 254 810 <+94%2077%20225%204810> >>>> Blog : http://isurad.blogspot.com/ >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> >>> *Malithi Edirisinghe* >>> Associate Technical Lead >>> WSO2 Inc. >>> >>> Mobile : +94 (0) 718176807 >>> malit...@wso2.com >>> >> -- >> >> *Isura Dilhara Karunaratne* >> Associate Technical Lead | WSO2 >> Email: is...@wso2.com >> Mob : +94 772 254 810 <077%20225%204810> >> Blog : http://isurad.blogspot.com/ >> >> >> >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Hasintha Indrajee > WSO2, Inc. > Mobile:+94 771892453 <+94%2077%20189%202453> > > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Pulasthi Mahawithana* Senior Software Engineer WSO2 Inc., http://wso2.com/ Mobile: +94-71-5179022 Blog: https://medium.com/@pulasthi7/ <https://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
