Re: [Dev] [EI] Proxy Access Requires Authorization Even Though Security Disabled

Sun, 14 Jan 2018 04:58:55 -0800 

Hi Thishani,

What if we allow saving the proxy and internally we remove the policy
element?

Cheers,

*Nadeeshaan Gunasinghe*
Senior Software Engineer, WSO2 Inc. http://wso2.com
+94770596754 | [email protected] | Skype: nadeeshaan.gunasinghe <#>
<http://www.facebook.com/nadeeshaan.gunasinghe>
<http://lk.linkedin.com/in/nadeeshaan> <http://twitter.com/Nadeeshaan>
<http://nadeeshaan.blogspot.com/>
Get your own email signature
<https://wisestamp.com/email-install?utm_source=promotion&utm_medium=signature&utm_campaign=get_your_own>

On Fri, Jan 12, 2018 at 12:37 PM, Thishani Lucas <[email protected]> wrote:

> Hi All,
>
> According to the issue [1], when deploying a proxy in the EI with a policy
> key defined and without the 'enableSec' element, the proxy is getting
> deployed. When accessing even the http endpoint, we need to give
> authorization details. When I reproduced this scenario, I had certain
> observations.
>
>    - Even though security is disabled, the proxy is marked as secure.
>    - To access the proxy, we need to give authorization details. But the
>    access is not controlled by the given policy file.
>    - We could access the proxy even with incorrect username and password.
>
> To overcome this issue, the obvious solution is to disable the saving of
> proxy with the policy key when security is disabled.
>
> Please provide your suggestions.
>
> [1] https://wso2.org/jira/browse/ESBJAVA-4459
>
> Thanks,
> Thishani
>
> --
> Regards,
>
> *Thishani Lucas*
> *Software Engineer*
> *WSO2 Lanka (Private) Limited**: http://wso2.com <http://wso2.com/>*
> *lean.enterprise.middle-ware*
>
> *Tel: +94 77 2556931 <+94%2077%20255%206931> *
>
> *LinkedIn: https://www.linkedin.com/in/thishani-lucas/
> <https://www.linkedin.com/in/thishani-lucas/>*
>
> <http://wso2.com/signature>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to