Hi Thishani, Yeah, that makes sense. So when trying to save, we will prompt with a warning and if the user wishes to continue we remove the element and proceed. WDYT?
Cheers, *Nadeeshaan Gunasinghe* Senior Software Engineer, WSO2 Inc. http://wso2.com +94770596754 | [email protected] | Skype: nadeeshaan.gunasinghe <#> <http://www.facebook.com/nadeeshaan.gunasinghe> <http://lk.linkedin.com/in/nadeeshaan> <http://twitter.com/Nadeeshaan> <http://nadeeshaan.blogspot.com/> Get your own email signature <https://wisestamp.com/email-install?utm_source=promotion&utm_medium=signature&utm_campaign=get_your_own> On Mon, Jan 15, 2018 at 9:25 AM, Thishani Lucas <[email protected]> wrote: > Hi Nadeeshaan, > > That sounds good. If we remove the policy element, the proxy will not be > marked secure. But shouldn't we tell the user that he's trying to save a > proxy without enabling the security, when he actually needs security? > > Thanks, > Thishani > > On Sun, Jan 14, 2018 at 6:15 PM, Nadeeshaan Gunasinghe < > [email protected]> wrote: > >> Hi Thishani, >> >> What if we allow saving the proxy and internally we remove the policy >> element? >> >> Cheers, >> >> *Nadeeshaan Gunasinghe* >> Senior Software Engineer, WSO2 Inc. http://wso2.com >> +94770596754 | [email protected] | Skype: nadeeshaan.gunasinghe >> <#m_-6585691684464879059_m_3251148601859864474_> >> <http://www.facebook.com/nadeeshaan.gunasinghe> >> <http://lk.linkedin.com/in/nadeeshaan> <http://twitter.com/Nadeeshaan> >> <http://nadeeshaan.blogspot.com/> >> Get your own email signature >> <https://wisestamp.com/email-install?utm_source=promotion&utm_medium=signature&utm_campaign=get_your_own> >> >> On Fri, Jan 12, 2018 at 12:37 PM, Thishani Lucas <[email protected]> >> wrote: >> >>> Hi All, >>> >>> According to the issue [1], when deploying a proxy in the EI with a >>> policy key defined and without the 'enableSec' element, the proxy is >>> getting deployed. When accessing even the http endpoint, we need to give >>> authorization details. When I reproduced this scenario, I had certain >>> observations. >>> >>> - Even though security is disabled, the proxy is marked as secure. >>> - To access the proxy, we need to give authorization details. But >>> the access is not controlled by the given policy file. >>> - We could access the proxy even with incorrect username and >>> password. >>> >>> To overcome this issue, the obvious solution is to disable the saving of >>> proxy with the policy key when security is disabled. >>> >>> Please provide your suggestions. >>> >>> [1] https://wso2.org/jira/browse/ESBJAVA-4459 >>> >>> Thanks, >>> Thishani >>> >>> -- >>> Regards, >>> >>> *Thishani Lucas* >>> *Software Engineer* >>> *WSO2 Lanka (Private) Limited**: http://wso2.com <http://wso2.com/>* >>> *lean.enterprise.middle-ware* >>> >>> *Tel: +94 77 2556931 <+94%2077%20255%206931> * >>> >>> *LinkedIn: https://www.linkedin.com/in/thishani-lucas/ >>> <https://www.linkedin.com/in/thishani-lucas/>* >>> >>> <http://wso2.com/signature> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> > > > -- > Regards, > > *Thishani Lucas* > *Software Engineer* > *WSO2 Lanka (Private) Limited**: http://wso2.com <http://wso2.com/>* > *lean.enterprise.middle-ware* > > *Tel: +94 77 2556931 <+94%2077%20255%206931> * > > *LinkedIn: https://www.linkedin.com/in/thishani-lucas/ > <https://www.linkedin.com/in/thishani-lucas/>* > > <http://wso2.com/signature> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
