Hi Nadeeshaan, That sounds good. If we remove the policy element, the proxy will not be marked secure. But shouldn't we tell the user that he's trying to save a proxy without enabling the security, when he actually needs security?
Thanks, Thishani On Sun, Jan 14, 2018 at 6:15 PM, Nadeeshaan Gunasinghe <[email protected]> wrote: > Hi Thishani, > > What if we allow saving the proxy and internally we remove the policy > element? > > Cheers, > > *Nadeeshaan Gunasinghe* > Senior Software Engineer, WSO2 Inc. http://wso2.com > +94770596754 | [email protected] | Skype: nadeeshaan.gunasinghe > <#m_3251148601859864474_> > <http://www.facebook.com/nadeeshaan.gunasinghe> > <http://lk.linkedin.com/in/nadeeshaan> <http://twitter.com/Nadeeshaan> > <http://nadeeshaan.blogspot.com/> > Get your own email signature > <https://wisestamp.com/email-install?utm_source=promotion&utm_medium=signature&utm_campaign=get_your_own> > > On Fri, Jan 12, 2018 at 12:37 PM, Thishani Lucas <[email protected]> > wrote: > >> Hi All, >> >> According to the issue [1], when deploying a proxy in the EI with a >> policy key defined and without the 'enableSec' element, the proxy is >> getting deployed. When accessing even the http endpoint, we need to give >> authorization details. When I reproduced this scenario, I had certain >> observations. >> >> - Even though security is disabled, the proxy is marked as secure. >> - To access the proxy, we need to give authorization details. But the >> access is not controlled by the given policy file. >> - We could access the proxy even with incorrect username and password. >> >> To overcome this issue, the obvious solution is to disable the saving of >> proxy with the policy key when security is disabled. >> >> Please provide your suggestions. >> >> [1] https://wso2.org/jira/browse/ESBJAVA-4459 >> >> Thanks, >> Thishani >> >> -- >> Regards, >> >> *Thishani Lucas* >> *Software Engineer* >> *WSO2 Lanka (Private) Limited**: http://wso2.com <http://wso2.com/>* >> *lean.enterprise.middle-ware* >> >> *Tel: +94 77 2556931 <+94%2077%20255%206931> * >> >> *LinkedIn: https://www.linkedin.com/in/thishani-lucas/ >> <https://www.linkedin.com/in/thishani-lucas/>* >> >> <http://wso2.com/signature> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > -- Regards, *Thishani Lucas* *Software Engineer* *WSO2 Lanka (Private) Limited**: http://wso2.com <http://wso2.com/>* *lean.enterprise.middle-ware* *Tel: +94 77 2556931 * *LinkedIn: https://www.linkedin.com/in/thishani-lucas/ <https://www.linkedin.com/in/thishani-lucas/>* <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
