Re: [Architecture] [IS][PET] X509 certificates as IS Authenticator

[Danushka Fernando]

AFAIU the problem we are addressing isn't browser to web app authentication
but web app to server authentication when webapp trying on some backend
work. Travelocity is used for a POC I guess.
Any way have we done any implementation here. Can you post some link for
that. And I guess we are not talking about mutual ssl authentication here
like we have done in mutual ssl authenticator.

Thanks & Regards
Danushka Fernando
Senior Software Engineer
WSO2 inc. http://wso2.com/
Mobile : +94716332729


On Jan 29, 2016 10:35 AM, "Shakila Sivagnanarajah"  wrote:

> Hi Rajjaz,
>
> The diagram makes me bit confused. The concept is: IS allows the user to
> access the requested application (here travelocity.com), If it
> authenticates him with other API (here X509 certificates app).
>
> Are we adding the certificate to the client via authenticator and
> authenticate that client through IS? If we add the certificate to the
> browser manually, why do we need IS in the middle? In my point of view,
> authenticator should do this. Once the certificate is added to the browser,
> anyone can access the app via that browser. Is this the expected flow?
>
> Thank you
>
> On Fri, Jan 29, 2016 at 3:03 PM, Rajjaz Mohammed  wrote:
>
>> Hi Dimuthu,
>> I'm here attached the image[1] shows the flow of X509 certificate. and
>> X509 certificate is going to be a one of custom authenticator. SSL is by
>> far the largest use of X.509 certificates, many people use the terms
>> interchangeably. They're not the same however; a "SSL Certificate" is a
>> X.509 Certificate with Extended Key Usage: Server Authentication . Other
>> "common" types of X.509 certs are Client Authentication , Code Signing ,
>> and a handful of others are used for various encryption and authentication
>> schemes[3]. there is no evidence i find to say its superior but since its
>> an custom one we can use if the client wish.
>>
>>
>> [1]
>> [image: Inline image 1]
>>
>> [2]
>> [image: Inline image 2]
>> [3]
>> http://security.stackexchange.com/questions/36932/what-is-the-difference-between-ssl-and-x-509-certificates
>> [4]
>> http://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication
>>
>>
>>
>>
>>
>> On Fri, Jan 29, 2016 at 9:00 AM, Dimuthu Leelarathne 
>> wrote:
>>
>>> Hi Rajjaz,
>>>
>>> Could you explain why your solution superior to 2-way SSL?
>>>
>>> thanks,
>>> Dimuthu
>>>
>>> On Tue, Jan 26, 2016 at 12:29 PM, Rajjaz Mohammed 
>>> wrote:
>>>
 Hi all,
 I have planned to Implement X509 certificate as IS authenticator.  the
 flow of authentication will be like described in below image[1].

 Flow of X509 certificate authentication [2]

1. The client opens a connection to the server and asks the server
to authenticate itself.
2. The server authenticates itself and -- optionally -- asks the
client to authenticate itself. Client authentication, while possible 
 with
SSL, is seldom used in most SSL transactions.
3. The client authenticates itself. If the client desires an
encrypted connection, it takes steps to establish one.
4. The client begins the transaction.

 So, we generate a certificate for our sever and we will provide/issue
 it to our clients, if our clients need to connect to our server they
 browser must need to have that certificate. it will be one time
 configuration if client set the certificate one time then he no need to
 care about certificate.

 This is my basic Idea so If you have anything  to add/change X509
 certificate authentication please ad in this thread.


 [1]
 [image: Inline image 1]
 [2]
 http://www.javaworld.com/article/2075188/learn-java/construct-secure-networked-applications-with-certificates--part-4.html




 --
 Thank you
 Best Regards

 *Rajjaz HM*
 Associate Software Engineer
 WSO2 Inc. 
 lean | enterprise | middleware
 Mobile | +94752833834
 Email   | raj...@wso2.com
 LinkedIn | Blogger | WSO2 Profile
 

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


>>>
>>>
>>> --
>>> Dimuthu Leelarathne
>>> Director
>>>
>>> WSO2, Inc. (http://wso2.com)
>>> email: dimut...@wso2.com
>>> Mobile : 0773661935
>>>
>>> Lean . Enterprise . Middleware
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> Thank you
>> Best Regards
>>
>> *Rajjaz HM*
>> Associate Software Engineer
>> WSO2 Inc. 
>> lean | enterprise | middleware
>> Mobile | +94752833834
>> Email   | raj...@wso2.com
>> 

Re: [Architecture] Fully automate cloud to cloud (iPaaS) use cases

[Nadeeshaan Gunasinghe]

Hi Keerthika,
That approach looks so good since we can use this even in the past releases
also. As I remember Thulasika used similar approach before.


*Nadeeshaan Gunasinghe*
Software Engineer, WSO2 Inc. http://wso2.com
+94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe <#>

  

Get a signature like this: Click here!


On Fri, Jan 29, 2016 at 12:14 PM, Malaka Silva  wrote:

> This looks good, since this way we can support ESB versions since 480.
>
> On Fri, Jan 29, 2016 at 11:14 AM, Keerthika Mahendralingam <
> keerth...@wso2.com> wrote:
>
>> Hi Thulashika,
>> I think you can use the following script to save the feilds in registry.
>> It will work with 4.8.1, 4.9.0 and 4.10 as well.
>>
>> >
>> var accessToken = mc.getProperty('accessToken');
>>
>> importPackage(Packages.org.apache.synapse.config);
>>
>> mc.getConfiguration().getRegistry().newResource("connectors/credentials/
>> accessToken",false);
>>
>> mc.getConfiguration().getRegistry().updateResource("
>> connectors/credentials/accessToken", accessToken);
>>
>> ]]>
>>
>> 
>>
>>
>> @Malaka/Nadeesan, Do you have any suggestion on this?
>>
>>
>>
>> Thanks,
>>
>> On Wed, Jan 27, 2016 at 3:25 PM, Nadeeshaan Gunasinghe <
>> nadeesh...@wso2.com> wrote:
>>
>>> Hi Thulasika,
>>>
>>> This feature is not available in the WSO2 ESB 4.9.0. This is available
>>> from in 4.10.
>>>
>>> Thanks
>>>
>>> *Nadeeshaan Gunasinghe*
>>> Software Engineer, WSO2 Inc. http://wso2.com
>>> +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
>>> <#-724930154_2030771968_-851590053_>
>>> 
>>>   
>>> 
>>> Get a signature like this: Click here!
>>> 
>>>
>>> On Wed, Jan 27, 2016 at 2:05 PM, Thulasika Vijayanathan <
>>> thulas...@wso2.com> wrote:
>>>
 Hi ,

 I am implementing common init method for ESB 4.9 and 4.10. For ESB 4.10
 I use the property mediator to store new persistent content(accessToken) in
 the registry as following:
  >>> expression="get-property('uri.var.accessToken')" scope="registry"/>

 when I enabling the connector artifact in ESB 4.9.0 I'm getting the
 following error due to scope "registry".How to proceed further?

 ERROR - PropertyMediatorFactory Only 'axis2' or 'transport' or
 'axis2-client' or 'default' or 'operation' values are allowed for attribute
 scope for a property mediator, Unsupported scope registry
 [2016-01-27 13:31:53,717] ERROR - MediationLibraryAdminService Unable
 to update status for :  {org.wso2.carbon.connector}salesforcerest ::
 Template configuration : null cannot be builtfor Synapse Library artifact :
 newInit1
 org.apache.synapse.deployers.SynapseArtifactDeploymentException:
 Template configuration : null cannot be builtfor Synapse Library artifact :
 newInit1
 at
 org.apache.synapse.libraries.model.LibraryArtifact$TemplateArtifactFile.build(LibraryArtifact.java:196)
 at
 org.apache.synapse.libraries.model.LibraryArtifact.loadComponentsInto(LibraryArtifact.java:100)
 at
 org.apache.synapse.libraries.model.SynapseLibrary.loadLibrary(SynapseLibrary.java:144)
 at
 org.apache.synapse.libraries.model.SynapseLibrary.loadLibrary(SynapseLibrary.java:129)
 at
 org.apache.synapse.libraries.util.LibDeployerUtils.loadLibArtifacts(LibDeployerUtils.java:340)
 at
 org.wso2.carbon.mediation.library.service.MediationLibraryAdminService.addImport(MediationLibraryAdminService.java:100)
 at
 org.wso2.carbon.mediation.library.service.MediationLibraryAdminService.addImport(MediationLibraryAdminService.java:124)
 at
 org.wso2.carbon.mediation.library.service.MediationLibraryAdminService.updateStatus(MediationLibraryAdminService.java:436)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:606)
 at
 org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:212)
 at
 

[Architecture] Siebel Connector

[Thulasika Vijayanathan]

Hi ,

I am  planing to do the siebel REST connector  using  a Siebel 15.0.0.0.

I have decided to implement following  operations for Siebel Objects using
[1] :


   -

query  particular record by row ID.
   -

delete  particular record by row ID.
   -

insert the row.
   -

upset operation .
   -

fetch schema of a repository object .
   -

retrieve attachments .


[1]  https://docs.oracle.com/cd/E14004_01/books/SAI_OFM/SAI_OFM_REST9.html


-- 
Thulasika
Associate Software Engineer
Mobile:0778014295
email: thulas...@wso2.com 
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [IS][PET] X509 certificates as IS Authenticator

[Shakila Sivagnanarajah]

Hi Rajjaz,

The diagram makes me bit confused. The concept is: IS allows the user to
access the requested application (here travelocity.com), If it
authenticates him with other API (here X509 certificates app).

Are we adding the certificate to the client via authenticator and
authenticate that client through IS? If we add the certificate to the
browser manually, why do we need IS in the middle? In my point of view,
authenticator should do this. Once the certificate is added to the browser,
anyone can access the app via that browser. Is this the expected flow?

Thank you

On Fri, Jan 29, 2016 at 3:03 PM, Rajjaz Mohammed  wrote:

> Hi Dimuthu,
> I'm here attached the image[1] shows the flow of X509 certificate. and
> X509 certificate is going to be a one of custom authenticator. SSL is by
> far the largest use of X.509 certificates, many people use the terms
> interchangeably. They're not the same however; a "SSL Certificate" is a
> X.509 Certificate with Extended Key Usage: Server Authentication . Other
> "common" types of X.509 certs are Client Authentication , Code Signing ,
> and a handful of others are used for various encryption and authentication
> schemes[3]. there is no evidence i find to say its superior but since its
> an custom one we can use if the client wish.
>
>
> [1]
> [image: Inline image 1]
>
> [2]
> [image: Inline image 2]
> [3]
> http://security.stackexchange.com/questions/36932/what-is-the-difference-between-ssl-and-x-509-certificates
> [4]
> http://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication
>
>
>
>
>
> On Fri, Jan 29, 2016 at 9:00 AM, Dimuthu Leelarathne 
> wrote:
>
>> Hi Rajjaz,
>>
>> Could you explain why your solution superior to 2-way SSL?
>>
>> thanks,
>> Dimuthu
>>
>> On Tue, Jan 26, 2016 at 12:29 PM, Rajjaz Mohammed 
>> wrote:
>>
>>> Hi all,
>>> I have planned to Implement X509 certificate as IS authenticator.  the
>>> flow of authentication will be like described in below image[1].
>>>
>>> Flow of X509 certificate authentication [2]
>>>
>>>1. The client opens a connection to the server and asks the server
>>>to authenticate itself.
>>>2. The server authenticates itself and -- optionally -- asks the
>>>client to authenticate itself. Client authentication, while possible with
>>>SSL, is seldom used in most SSL transactions.
>>>3. The client authenticates itself. If the client desires an
>>>encrypted connection, it takes steps to establish one.
>>>4. The client begins the transaction.
>>>
>>> So, we generate a certificate for our sever and we will provide/issue it
>>> to our clients, if our clients need to connect to our server they browser
>>> must need to have that certificate. it will be one time configuration if
>>> client set the certificate one time then he no need to care about
>>> certificate.
>>>
>>> This is my basic Idea so If you have anything  to add/change X509
>>> certificate authentication please ad in this thread.
>>>
>>>
>>> [1]
>>> [image: Inline image 1]
>>> [2]
>>> http://www.javaworld.com/article/2075188/learn-java/construct-secure-networked-applications-with-certificates--part-4.html
>>>
>>>
>>>
>>>
>>> --
>>> Thank you
>>> Best Regards
>>>
>>> *Rajjaz HM*
>>> Associate Software Engineer
>>> WSO2 Inc. 
>>> lean | enterprise | middleware
>>> Mobile | +94752833834
>>> Email   | raj...@wso2.com
>>> LinkedIn | Blogger | WSO2 Profile
>>> 
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> Dimuthu Leelarathne
>> Director
>>
>> WSO2, Inc. (http://wso2.com)
>> email: dimut...@wso2.com
>> Mobile : 0773661935
>>
>> Lean . Enterprise . Middleware
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Thank you
> Best Regards
>
> *Rajjaz HM*
> Associate Software Engineer
> WSO2 Inc. 
> lean | enterprise | middleware
> Mobile | +94752833834
> Email   | raj...@wso2.com
> LinkedIn | Blogger | WSO2 Profile
> 
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
Shakila Sivagnanarajah
Associate Software Engineer
Mobile :+94 (0) 768 856837
shak...@wso2.com
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [IS][PET] X509 certificates as IS Authenticator

[Rajjaz Mohammed]

Hi Dimuthu,
I'm here attached the image[1] shows the flow of X509 certificate. and X509
certificate is going to be a one of custom authenticator. SSL is by far the
largest use of X.509 certificates, many people use the terms
interchangeably. They're not the same however; a "SSL Certificate" is a
X.509 Certificate with Extended Key Usage: Server Authentication . Other
"common" types of X.509 certs are Client Authentication , Code Signing ,
and a handful of others are used for various encryption and authentication
schemes[3]. there is no evidence i find to say its superior but since its
an custom one we can use if the client wish.


[1]
[image: Inline image 1]

[2]
[image: Inline image 2]
[3]
http://security.stackexchange.com/questions/36932/what-is-the-difference-between-ssl-and-x-509-certificates
[4]
http://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication




On Fri, Jan 29, 2016 at 9:00 AM, Dimuthu Leelarathne 
wrote:

> Hi Rajjaz,
>
> Could you explain why your solution superior to 2-way SSL?
>
> thanks,
> Dimuthu
>
> On Tue, Jan 26, 2016 at 12:29 PM, Rajjaz Mohammed  wrote:
>
>> Hi all,
>> I have planned to Implement X509 certificate as IS authenticator.  the
>> flow of authentication will be like described in below image[1].
>>
>> Flow of X509 certificate authentication [2]
>>
>>1. The client opens a connection to the server and asks the server to
>>authenticate itself.
>>2. The server authenticates itself and -- optionally -- asks the
>>client to authenticate itself. Client authentication, while possible with
>>SSL, is seldom used in most SSL transactions.
>>3. The client authenticates itself. If the client desires an
>>encrypted connection, it takes steps to establish one.
>>4. The client begins the transaction.
>>
>> So, we generate a certificate for our sever and we will provide/issue it
>> to our clients, if our clients need to connect to our server they browser
>> must need to have that certificate. it will be one time configuration if
>> client set the certificate one time then he no need to care about
>> certificate.
>>
>> This is my basic Idea so If you have anything  to add/change X509
>> certificate authentication please ad in this thread.
>>
>>
>> [1]
>> [image: Inline image 1]
>> [2]
>> http://www.javaworld.com/article/2075188/learn-java/construct-secure-networked-applications-with-certificates--part-4.html
>>
>>
>>
>>
>> --
>> Thank you
>> Best Regards
>>
>> *Rajjaz HM*
>> Associate Software Engineer
>> WSO2 Inc. 
>> lean | enterprise | middleware
>> Mobile | +94752833834
>> Email   | raj...@wso2.com
>> LinkedIn | Blogger | WSO2 Profile
>> 
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Dimuthu Leelarathne
> Director
>
> WSO2, Inc. (http://wso2.com)
> email: dimut...@wso2.com
> Mobile : 0773661935
>
> Lean . Enterprise . Middleware
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
Thank you
Best Regards

*Rajjaz HM*
Associate Software Engineer
WSO2 Inc. 
lean | enterprise | middleware
Mobile | +94752833834
Email   | raj...@wso2.com
LinkedIn | Blogger | WSO2 Profile

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [IS][PET] X509 certificates as IS Authenticator

[Malaka Silva]

Hi All,

This is my understanding and correct if I am wrong.

An X.509 certificate contains information about the identity to which a
certificate is issued and the identity that issued it.

We can configure this authinticator even as the first step.

So for each user there is a going to be a certificate issued and needs to
be downloaded from IS dashboard.
​Users needs to install it on their browsers. When request comes to inbound
authinticator, it'll a
uthentication
​user by certificate.

As shakila mentioned if this is the only inbound step configured then
anyone from that browser can access the resource. However usually this is
used as a multi-factor ​
authinticator
​ in real use I guess.​


On Fri, Jan 29, 2016 at 8:12 PM, Danushka Fernando 
wrote:

> AFAIU the problem we are addressing isn't browser to web app
> authentication but web app to server authentication when webapp trying on
> some backend work. Travelocity is used for a POC I guess.
> Any way have we done any implementation here. Can you post some link for
> that. And I guess we are not talking about mutual ssl authentication here
> like we have done in mutual ssl authenticator.
>
> Thanks & Regards
> Danushka Fernando
> Senior Software Engineer
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729
>
>
> On Jan 29, 2016 10:35 AM, "Shakila Sivagnanarajah" 
> wrote:
>
>> Hi Rajjaz,
>>
>> The diagram makes me bit confused. The concept is: IS allows the user to
>> access the requested application (here travelocity.com), If it
>> authenticates him with other API (here X509 certificates app).
>>
>> Are we adding the certificate to the client via authenticator and
>> authenticate that client through IS? If we add the certificate to the
>> browser manually, why do we need IS in the middle? In my point of view,
>> authenticator should do this. Once the certificate is added to the browser,
>> anyone can access the app via that browser. Is this the expected flow?
>>
>> Thank you
>>
>> On Fri, Jan 29, 2016 at 3:03 PM, Rajjaz Mohammed  wrote:
>>
>>> Hi Dimuthu,
>>> I'm here attached the image[1] shows the flow of X509 certificate. and
>>> X509 certificate is going to be a one of custom authenticator. SSL is by
>>> far the largest use of X.509 certificates, many people use the terms
>>> interchangeably. They're not the same however; a "SSL Certificate" is a
>>> X.509 Certificate with Extended Key Usage: Server Authentication . Other
>>> "common" types of X.509 certs are Client Authentication , Code Signing ,
>>> and a handful of others are used for various encryption and authentication
>>> schemes[3]. there is no evidence i find to say its superior but since its
>>> an custom one we can use if the client wish.
>>>
>>>
>>> [1]
>>> [image: Inline image 1]
>>>
>>> [2]
>>> [image: Inline image 2]
>>> [3]
>>> http://security.stackexchange.com/questions/36932/what-is-the-difference-between-ssl-and-x-509-certificates
>>> [4]
>>> http://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Jan 29, 2016 at 9:00 AM, Dimuthu Leelarathne 
>>> wrote:
>>>
 Hi Rajjaz,

 Could you explain why your solution superior to 2-way SSL?

 thanks,
 Dimuthu

 On Tue, Jan 26, 2016 at 12:29 PM, Rajjaz Mohammed 
 wrote:

> Hi all,
> I have planned to Implement X509 certificate as IS authenticator.  the
> flow of authentication will be like described in below image[1].
>
> Flow of X509 certificate authentication [2]
>
>1. The client opens a connection to the server and asks the server
>to authenticate itself.
>2. The server authenticates itself and -- optionally -- asks the
>client to authenticate itself. Client authentication, while possible 
> with
>SSL, is seldom used in most SSL transactions.
>3. The client authenticates itself. If the client desires an
>encrypted connection, it takes steps to establish one.
>4. The client begins the transaction.
>
> So, we generate a certificate for our sever and we will provide/issue
> it to our clients, if our clients need to connect to our server they
> browser must need to have that certificate. it will be one time
> configuration if client set the certificate one time then he no need to
> care about certificate.
>
> This is my basic Idea so If you have anything  to add/change X509
> certificate authentication please ad in this thread.
>
>
> [1]
> [image: Inline image 1]
> [2]
> http://www.javaworld.com/article/2075188/learn-java/construct-secure-networked-applications-with-certificates--part-4.html
>
>
>
>
> --
> Thank you
> Best Regards
>
> *Rajjaz HM*
> Associate Software Engineer
> WSO2 Inc. 
> lean | enterprise | middleware
> Mobile 

Re: [Architecture] Fully automate cloud to cloud (iPaaS) use cases

[Malaka Silva]

I think best is first check with script mediator and if there are
performance issues will move to class mediator approach.

On Sat, Jan 30, 2016 at 12:56 PM, Keerthika Mahendralingam <
keerth...@wso2.com> wrote:

> +Nadeesan.
>
> On Sat, Jan 30, 2016 at 12:48 PM, Keerthika Mahendralingam <
> keerth...@wso2.com> wrote:
>
>> +1 for class mediator.
>>
>> @Thulasika, As Malaka said in the code review, it is better to create a
>> common module for this function so that other connectors also make use of
>> it.
>>
>> On Sat, Jan 30, 2016 at 12:40 PM, Kathees Rajendram 
>> wrote:
>>
>>> Hi Thulasika,
>>>
>>> I think Script mediator will have some performance impact on the
>>> mediation logic. You should create a class mediator to store the content
>>> into the registry. As Malaka said you should do load testing with both and
>>> compare performance  with script mediator and class mediator.
>>>
>>> String resourcePath = "conf:/store/myStore";
>>> mc.getConfiguration().getRegistry().newResource(resourcePath, false);
>>> mc.getConfiguration().getRegistry().updateResource(
>>> resourcePath,
>>> mc.getProperty("myProperty").toString().getBytes());
>>>
>>> Thanks,
>>> Kathees
>>>
>>> On Sat, Jan 30, 2016 at 11:35 AM, Malaka Silva  wrote:
>>>
 Hi All,

 If we implement this using esb 4.10 feature whole connector is
 compatible with ESB 4.10 only. Doing a separate version of each connector
 to support this feature is not good.

 So will proceed with script mediator approach. However we need to run
 some testing before implementing this for rest.

 eg:- Load test and concurrent testing.

 On Sat, Jan 30, 2016 at 11:25 AM, Thulasika Vijayanathan <
 thulas...@wso2.com> wrote:

> Hi All,
>
> I used  the script mediator to store the access token then I tried to
> use ESB 4.10 registry persistence feature to store the access token. It
> works in 4.10 but It doesn't work with previous versions even we can't
> enable the connector in previous versions(4.8 & 4.9) so finally I have 
> used
> the script mediator.
>
> Thanks,
> Thulasika.
>
> On Fri, Jan 29, 2016 at 8:17 PM, Nadeeshaan Gunasinghe <
> nadeesh...@wso2.com> wrote:
>
>> Hi Keerthika,
>> That approach looks so good since we can use this even in the past
>> releases also. As I remember Thulasika used similar approach before.
>>
>>
>> *Nadeeshaan Gunasinghe*
>> Software Engineer, WSO2 Inc. http://wso2.com
>> +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
>> <#2024489807_-158099495_-1336465115_-1479784970_201381195_-1671503430_>
>> 
>> 
>>   
>> Get a signature like this: Click here!
>> 
>>
>> On Fri, Jan 29, 2016 at 12:14 PM, Malaka Silva 
>> wrote:
>>
>>> This looks good, since this way we can support ESB versions since
>>> 480.
>>>
>>> On Fri, Jan 29, 2016 at 11:14 AM, Keerthika Mahendralingam <
>>> keerth...@wso2.com> wrote:
>>>
 Hi Thulashika,
 I think you can use the following script to save the feilds in
 registry. It will work with 4.8.1, 4.9.0 and 4.10 as well.

 

 


 @Malaka/Nadeesan, Do you have any suggestion on this?



 Thanks,

 On Wed, Jan 27, 2016 at 3:25 PM, Nadeeshaan Gunasinghe <
 nadeesh...@wso2.com> wrote:

> Hi Thulasika,
>
> This feature is not available in the WSO2 ESB 4.9.0. This is
> available from in 4.10.
>
> Thanks
>
> *Nadeeshaan Gunasinghe*
> Software Engineer, WSO2 Inc. http://wso2.com
> +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
> <#2024489807_-158099495_-1336465115_-1479784970_201381195_-1671503430_-724930154_2030771968_-851590053_>
> 
> 
> 

Re: [Architecture] Fully automate cloud to cloud (iPaaS) use cases

[Keerthika Mahendralingam]

+Nadeesan.

On Sat, Jan 30, 2016 at 12:48 PM, Keerthika Mahendralingam <
keerth...@wso2.com> wrote:

> +1 for class mediator.
>
> @Thulasika, As Malaka said in the code review, it is better to create a
> common module for this function so that other connectors also make use of
> it.
>
> On Sat, Jan 30, 2016 at 12:40 PM, Kathees Rajendram 
> wrote:
>
>> Hi Thulasika,
>>
>> I think Script mediator will have some performance impact on the
>> mediation logic. You should create a class mediator to store the content
>> into the registry. As Malaka said you should do load testing with both and
>> compare performance  with script mediator and class mediator.
>>
>> String resourcePath = "conf:/store/myStore";
>> mc.getConfiguration().getRegistry().newResource(resourcePath, false);
>> mc.getConfiguration().getRegistry().updateResource(
>> resourcePath,
>> mc.getProperty("myProperty").toString().getBytes());
>>
>> Thanks,
>> Kathees
>>
>> On Sat, Jan 30, 2016 at 11:35 AM, Malaka Silva  wrote:
>>
>>> Hi All,
>>>
>>> If we implement this using esb 4.10 feature whole connector is
>>> compatible with ESB 4.10 only. Doing a separate version of each connector
>>> to support this feature is not good.
>>>
>>> So will proceed with script mediator approach. However we need to run
>>> some testing before implementing this for rest.
>>>
>>> eg:- Load test and concurrent testing.
>>>
>>> On Sat, Jan 30, 2016 at 11:25 AM, Thulasika Vijayanathan <
>>> thulas...@wso2.com> wrote:
>>>
 Hi All,

 I used  the script mediator to store the access token then I tried to
 use ESB 4.10 registry persistence feature to store the access token. It
 works in 4.10 but It doesn't work with previous versions even we can't
 enable the connector in previous versions(4.8 & 4.9) so finally I have used
 the script mediator.

 Thanks,
 Thulasika.

 On Fri, Jan 29, 2016 at 8:17 PM, Nadeeshaan Gunasinghe <
 nadeesh...@wso2.com> wrote:

> Hi Keerthika,
> That approach looks so good since we can use this even in the past
> releases also. As I remember Thulasika used similar approach before.
>
>
> *Nadeeshaan Gunasinghe*
> Software Engineer, WSO2 Inc. http://wso2.com
> +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
> <#-158099495_-1336465115_-1479784970_201381195_-1671503430_>
> 
> 
>   
> Get a signature like this: Click here!
> 
>
> On Fri, Jan 29, 2016 at 12:14 PM, Malaka Silva 
> wrote:
>
>> This looks good, since this way we can support ESB versions since 480.
>>
>> On Fri, Jan 29, 2016 at 11:14 AM, Keerthika Mahendralingam <
>> keerth...@wso2.com> wrote:
>>
>>> Hi Thulashika,
>>> I think you can use the following script to save the feilds in
>>> registry. It will work with 4.8.1, 4.9.0 and 4.10 as well.
>>>
>>> >>
>>> var accessToken = mc.getProperty('accessToken');
>>>
>>> importPackage(Packages.org.apache.synapse.config);
>>>
>>>
>>> mc.getConfiguration().getRegistry().newResource("connectors/credentials/
>>> accessToken",false);
>>>
>>> mc.getConfiguration().getRegistry().updateResource("
>>> connectors/credentials/accessToken", accessToken);
>>>
>>> ]]>
>>>
>>> 
>>>
>>>
>>> @Malaka/Nadeesan, Do you have any suggestion on this?
>>>
>>>
>>>
>>> Thanks,
>>>
>>> On Wed, Jan 27, 2016 at 3:25 PM, Nadeeshaan Gunasinghe <
>>> nadeesh...@wso2.com> wrote:
>>>
 Hi Thulasika,

 This feature is not available in the WSO2 ESB 4.9.0. This is
 available from in 4.10.

 Thanks

 *Nadeeshaan Gunasinghe*
 Software Engineer, WSO2 Inc. http://wso2.com
 +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
 <#-158099495_-1336465115_-1479784970_201381195_-1671503430_-724930154_2030771968_-851590053_>
 
 
   
 Get a signature like this: Click here!
 

 On 

Re: [Architecture] Fully automate cloud to cloud (iPaaS) use cases

[Keerthika Mahendralingam]

+1 for class mediator.

@Thulasika, As Malaka said in the code review, it is better to create a
common module for this function so that other connectors also make use of
it.

On Sat, Jan 30, 2016 at 12:40 PM, Kathees Rajendram 
wrote:

> Hi Thulasika,
>
> I think Script mediator will have some performance impact on the mediation
> logic. You should create a class mediator to store the content into the
> registry. As Malaka said you should do load testing with both and compare
> performance  with script mediator and class mediator.
>
> String resourcePath = "conf:/store/myStore";
> mc.getConfiguration().getRegistry().newResource(resourcePath, false);
> mc.getConfiguration().getRegistry().updateResource(
> resourcePath,
> mc.getProperty("myProperty").toString().getBytes());
>
> Thanks,
> Kathees
>
> On Sat, Jan 30, 2016 at 11:35 AM, Malaka Silva  wrote:
>
>> Hi All,
>>
>> If we implement this using esb 4.10 feature whole connector is compatible
>> with ESB 4.10 only. Doing a separate version of each connector to support
>> this feature is not good.
>>
>> So will proceed with script mediator approach. However we need to run
>> some testing before implementing this for rest.
>>
>> eg:- Load test and concurrent testing.
>>
>> On Sat, Jan 30, 2016 at 11:25 AM, Thulasika Vijayanathan <
>> thulas...@wso2.com> wrote:
>>
>>> Hi All,
>>>
>>> I used  the script mediator to store the access token then I tried to
>>> use ESB 4.10 registry persistence feature to store the access token. It
>>> works in 4.10 but It doesn't work with previous versions even we can't
>>> enable the connector in previous versions(4.8 & 4.9) so finally I have used
>>> the script mediator.
>>>
>>> Thanks,
>>> Thulasika.
>>>
>>> On Fri, Jan 29, 2016 at 8:17 PM, Nadeeshaan Gunasinghe <
>>> nadeesh...@wso2.com> wrote:
>>>
 Hi Keerthika,
 That approach looks so good since we can use this even in the past
 releases also. As I remember Thulasika used similar approach before.


 *Nadeeshaan Gunasinghe*
 Software Engineer, WSO2 Inc. http://wso2.com
 +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
 <#-1336465115_-1479784970_201381195_-1671503430_>
 
   
   
 Get a signature like this: Click here!
 

 On Fri, Jan 29, 2016 at 12:14 PM, Malaka Silva  wrote:

> This looks good, since this way we can support ESB versions since 480.
>
> On Fri, Jan 29, 2016 at 11:14 AM, Keerthika Mahendralingam <
> keerth...@wso2.com> wrote:
>
>> Hi Thulashika,
>> I think you can use the following script to save the feilds in
>> registry. It will work with 4.8.1, 4.9.0 and 4.10 as well.
>>
>> >
>> var accessToken = mc.getProperty('accessToken');
>>
>> importPackage(Packages.org.apache.synapse.config);
>>
>>
>> mc.getConfiguration().getRegistry().newResource("connectors/credentials/
>> accessToken",false);
>>
>> mc.getConfiguration().getRegistry().updateResource("
>> connectors/credentials/accessToken", accessToken);
>>
>> ]]>
>>
>> 
>>
>>
>> @Malaka/Nadeesan, Do you have any suggestion on this?
>>
>>
>>
>> Thanks,
>>
>> On Wed, Jan 27, 2016 at 3:25 PM, Nadeeshaan Gunasinghe <
>> nadeesh...@wso2.com> wrote:
>>
>>> Hi Thulasika,
>>>
>>> This feature is not available in the WSO2 ESB 4.9.0. This is
>>> available from in 4.10.
>>>
>>> Thanks
>>>
>>> *Nadeeshaan Gunasinghe*
>>> Software Engineer, WSO2 Inc. http://wso2.com
>>> +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
>>> <#-1336465115_-1479784970_201381195_-1671503430_-724930154_2030771968_-851590053_>
>>> 
>>> 
>>>   
>>> Get a signature like this: Click here!
>>> 
>>>
>>> On Wed, Jan 27, 2016 at 2:05 PM, Thulasika Vijayanathan <
>>> thulas...@wso2.com> wrote:
>>>
 Hi ,

 I am implementing common init method for ESB 4.9 and 4.10. For ESB
 4.10 I use the property mediator to store new 

Re: [Architecture] Fully automate cloud to cloud (iPaaS) use cases

[Thulasika Vijayanathan]

Hi All,

I used  the script mediator to store the access token then I tried to use
ESB 4.10 registry persistence feature to store the access token. It works
in 4.10 but It doesn't work with previous versions even we can't enable the
connector in previous versions(4.8 & 4.9) so finally I have used the script
mediator.

Thanks,
Thulasika.

On Fri, Jan 29, 2016 at 8:17 PM, Nadeeshaan Gunasinghe 
wrote:

> Hi Keerthika,
> That approach looks so good since we can use this even in the past
> releases also. As I remember Thulasika used similar approach before.
>
>
> *Nadeeshaan Gunasinghe*
> Software Engineer, WSO2 Inc. http://wso2.com
> +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
> <#-1671503430_>
> 
>   
> 
> Get a signature like this: Click here!
> 
>
> On Fri, Jan 29, 2016 at 12:14 PM, Malaka Silva  wrote:
>
>> This looks good, since this way we can support ESB versions since 480.
>>
>> On Fri, Jan 29, 2016 at 11:14 AM, Keerthika Mahendralingam <
>> keerth...@wso2.com> wrote:
>>
>>> Hi Thulashika,
>>> I think you can use the following script to save the feilds in registry.
>>> It will work with 4.8.1, 4.9.0 and 4.10 as well.
>>>
>>> >>
>>> var accessToken = mc.getProperty('accessToken');
>>>
>>> importPackage(Packages.org.apache.synapse.config);
>>>
>>> mc.getConfiguration().getRegistry().newResource("connectors/credentials/
>>> accessToken",false);
>>>
>>> mc.getConfiguration().getRegistry().updateResource("
>>> connectors/credentials/accessToken", accessToken);
>>>
>>> ]]>
>>>
>>> 
>>>
>>>
>>> @Malaka/Nadeesan, Do you have any suggestion on this?
>>>
>>>
>>>
>>> Thanks,
>>>
>>> On Wed, Jan 27, 2016 at 3:25 PM, Nadeeshaan Gunasinghe <
>>> nadeesh...@wso2.com> wrote:
>>>
 Hi Thulasika,

 This feature is not available in the WSO2 ESB 4.9.0. This is available
 from in 4.10.

 Thanks

 *Nadeeshaan Gunasinghe*
 Software Engineer, WSO2 Inc. http://wso2.com
 +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
 <#-1671503430_-724930154_2030771968_-851590053_>
 
   
   
 Get a signature like this: Click here!
 

 On Wed, Jan 27, 2016 at 2:05 PM, Thulasika Vijayanathan <
 thulas...@wso2.com> wrote:

> Hi ,
>
> I am implementing common init method for ESB 4.9 and 4.10. For ESB
> 4.10 I use the property mediator to store new persistent
> content(accessToken) in the registry as following:
>   expression="get-property('uri.var.accessToken')" scope="registry"/>
>
> when I enabling the connector artifact in ESB 4.9.0 I'm getting the
> following error due to scope "registry".How to proceed further?
>
> ERROR - PropertyMediatorFactory Only 'axis2' or 'transport' or
> 'axis2-client' or 'default' or 'operation' values are allowed for 
> attribute
> scope for a property mediator, Unsupported scope registry
> [2016-01-27 13:31:53,717] ERROR - MediationLibraryAdminService Unable
> to update status for :  {org.wso2.carbon.connector}salesforcerest ::
> Template configuration : null cannot be builtfor Synapse Library artifact 
> :
> newInit1
> org.apache.synapse.deployers.SynapseArtifactDeploymentException:
> Template configuration : null cannot be builtfor Synapse Library artifact 
> :
> newInit1
> at
> org.apache.synapse.libraries.model.LibraryArtifact$TemplateArtifactFile.build(LibraryArtifact.java:196)
> at
> org.apache.synapse.libraries.model.LibraryArtifact.loadComponentsInto(LibraryArtifact.java:100)
> at
> org.apache.synapse.libraries.model.SynapseLibrary.loadLibrary(SynapseLibrary.java:144)
> at
> org.apache.synapse.libraries.model.SynapseLibrary.loadLibrary(SynapseLibrary.java:129)
> at
> org.apache.synapse.libraries.util.LibDeployerUtils.loadLibArtifacts(LibDeployerUtils.java:340)
> at
> org.wso2.carbon.mediation.library.service.MediationLibraryAdminService.addImport(MediationLibraryAdminService.java:100)
> at
> 

Re: [Architecture] Fully automate cloud to cloud (iPaaS) use cases

[Kathees Rajendram]

Hi Thulasika,

I think Script mediator will have some performance impact on the mediation
logic. You should create a class mediator to store the content into the
registry. As Malaka said you should do load testing with both and compare
performance  with script mediator and class mediator.

String resourcePath = "conf:/store/myStore";
mc.getConfiguration().getRegistry().newResource(resourcePath, false);
mc.getConfiguration().getRegistry().updateResource(
resourcePath,
mc.getProperty("myProperty").toString().getBytes());

Thanks,
Kathees

On Sat, Jan 30, 2016 at 11:35 AM, Malaka Silva  wrote:

> Hi All,
>
> If we implement this using esb 4.10 feature whole connector is compatible
> with ESB 4.10 only. Doing a separate version of each connector to support
> this feature is not good.
>
> So will proceed with script mediator approach. However we need to run some
> testing before implementing this for rest.
>
> eg:- Load test and concurrent testing.
>
> On Sat, Jan 30, 2016 at 11:25 AM, Thulasika Vijayanathan <
> thulas...@wso2.com> wrote:
>
>> Hi All,
>>
>> I used  the script mediator to store the access token then I tried to use
>> ESB 4.10 registry persistence feature to store the access token. It works
>> in 4.10 but It doesn't work with previous versions even we can't enable the
>> connector in previous versions(4.8 & 4.9) so finally I have used the script
>> mediator.
>>
>> Thanks,
>> Thulasika.
>>
>> On Fri, Jan 29, 2016 at 8:17 PM, Nadeeshaan Gunasinghe <
>> nadeesh...@wso2.com> wrote:
>>
>>> Hi Keerthika,
>>> That approach looks so good since we can use this even in the past
>>> releases also. As I remember Thulasika used similar approach before.
>>>
>>>
>>> *Nadeeshaan Gunasinghe*
>>> Software Engineer, WSO2 Inc. http://wso2.com
>>> +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
>>> <#-1479784970_201381195_-1671503430_>
>>> 
>>>   
>>> 
>>> Get a signature like this: Click here!
>>> 
>>>
>>> On Fri, Jan 29, 2016 at 12:14 PM, Malaka Silva  wrote:
>>>
 This looks good, since this way we can support ESB versions since 480.

 On Fri, Jan 29, 2016 at 11:14 AM, Keerthika Mahendralingam <
 keerth...@wso2.com> wrote:

> Hi Thulashika,
> I think you can use the following script to save the feilds in
> registry. It will work with 4.8.1, 4.9.0 and 4.10 as well.
>
> 
> var accessToken = mc.getProperty('accessToken');
>
> importPackage(Packages.org.apache.synapse.config);
>
>
> mc.getConfiguration().getRegistry().newResource("connectors/credentials/
> accessToken",false);
>
> mc.getConfiguration().getRegistry().updateResource("
> connectors/credentials/accessToken", accessToken);
>
> ]]>
>
> 
>
>
> @Malaka/Nadeesan, Do you have any suggestion on this?
>
>
>
> Thanks,
>
> On Wed, Jan 27, 2016 at 3:25 PM, Nadeeshaan Gunasinghe <
> nadeesh...@wso2.com> wrote:
>
>> Hi Thulasika,
>>
>> This feature is not available in the WSO2 ESB 4.9.0. This is
>> available from in 4.10.
>>
>> Thanks
>>
>> *Nadeeshaan Gunasinghe*
>> Software Engineer, WSO2 Inc. http://wso2.com
>> +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
>> <#-1479784970_201381195_-1671503430_-724930154_2030771968_-851590053_>
>> 
>> 
>>   
>> Get a signature like this: Click here!
>> 
>>
>> On Wed, Jan 27, 2016 at 2:05 PM, Thulasika Vijayanathan <
>> thulas...@wso2.com> wrote:
>>
>>> Hi ,
>>>
>>> I am implementing common init method for ESB 4.9 and 4.10. For ESB
>>> 4.10 I use the property mediator to store new persistent
>>> content(accessToken) in the registry as following:
>>>  >> expression="get-property('uri.var.accessToken')" scope="registry"/>
>>>
>>> when I enabling the connector artifact in ESB 4.9.0 I'm getting the
>>> following error due to scope "registry".How to proceed further?
>>>
>>> ERROR - PropertyMediatorFactory Only 'axis2' or 'transport' or
>>> 'axis2-client' or 

Re: [Architecture] [Dev] Creating a Dashboard for Web Application Statistics Monitoring for Application Server 6.0.0

[Manoj Kumara]

Hi Manjula,

At the moment Lochana is integrating the work we done for AS 5.3.0 and this
feature is not yet included on AS 6.0.0 which is pure Tomcat bases. You can
find the branch on [1].

Lochana will update once the initial work is included.

[1] https://github.com/wso2/product-as/tree/wso2as-6.0.0

*Manoj Kumara*
WSO2 Inc. *| **lean. enterprise. middleware.*
*Mobile:* +94 713 448188

On Fri, Jan 29, 2016 at 10:34 AM, Manjula Rathnayake 
wrote:

> Hi all,
>
> +1 for getting this in App Cloud.
>
> Can anyone point me a download link for latest AS-6.0.0?
>
> thank you.
>
> On Fri, Jan 29, 2016 at 9:15 AM, Sagara Gunathunga 
> wrote:
>
>>
>>
>> On Fri, Jan 29, 2016 at 8:53 AM, Dimuthu Leelarathne 
>> wrote:
>>
>>> Hi Lochana,
>>>
>>> Can this dashboard be reused by the MSS?
>>>
>>
>> Yes, that was the plan we discussed, in fact current AS dashboard is
>> already being used with MS with few tweaks.  This dashboard is basically
>> not product specific it can be used anywhere for HTTP monitoring only
>> change is the way we capture HTTP traffic, in AS as a Tomcat Valve in MS as
>> an Interceptor etc.
>>
>>
>>> @Manjula - App Cloud should be using this dashboard.
>>>
>>
>> +1  Great way to put this into action.
>>
>> Thanks !
>>
>>>
>>
>>>
>>> thanks,
>>> Dimuthu
>>>
>>> On Mon, Jan 25, 2016 at 12:50 PM, Lochana Ranaweera 
>>> wrote:
>>>
 Hi all,

 We had a design review meeting on this and I'm stating a summary of
 what was discussed below.


1. The HTTP monitoring dashboard under discussion will run on DAS
rather than on DS. It was mentioned that in a presentation layer POV, 
 the
DS and the DAS are synonymous.
2. The previous dashboard design can be reused as it guarantees the
required user experience. However, customizations will be required in 
 the
areas of paging and navigation (breadcrumb trails)
3. The dashboard will be packaged in the form of a tool box for
DAS, which is basically as a CAR file that users can download.
4. Even though the dashboard is for HTTP monitoring, it should be
able to support the concept of unified dashboards.

 The first milestone of the project was set to port existing gadgets
 over to the new DS, without any changes at DS, to determine the extent to
 which they will be supported.

 Please correct me if I have missed out on anything.

 Thanks and regards,
 Lochana Ranaweera.



 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


>>>
>>>
>>> --
>>> Dimuthu Leelarathne
>>> Director
>>>
>>> WSO2, Inc. (http://wso2.com)
>>> email: dimut...@wso2.com
>>> Mobile : 0773661935
>>>
>>> Lean . Enterprise . Middleware
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> Sagara Gunathunga
>>
>> Architect; WSO2, Inc.;  http://wso2.com
>> V.P Apache Web Services;http://ws.apache.org/
>> Linkedin; http://www.linkedin.com/in/ssagara
>> Blog ;  http://ssagara.blogspot.com
>>
>>
>
>
> --
> Manjula Rathnayaka
> Associate Technical Lead
> WSO2, Inc.
> Mobile:+94 77 743 1987
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Fully automate cloud to cloud (iPaaS) use cases

[Malaka Silva]

Hi All,

If we implement this using esb 4.10 feature whole connector is compatible
with ESB 4.10 only. Doing a separate version of each connector to support
this feature is not good.

So will proceed with script mediator approach. However we need to run some
testing before implementing this for rest.

eg:- Load test and concurrent testing.

On Sat, Jan 30, 2016 at 11:25 AM, Thulasika Vijayanathan  wrote:

> Hi All,
>
> I used  the script mediator to store the access token then I tried to use
> ESB 4.10 registry persistence feature to store the access token. It works
> in 4.10 but It doesn't work with previous versions even we can't enable the
> connector in previous versions(4.8 & 4.9) so finally I have used the script
> mediator.
>
> Thanks,
> Thulasika.
>
> On Fri, Jan 29, 2016 at 8:17 PM, Nadeeshaan Gunasinghe <
> nadeesh...@wso2.com> wrote:
>
>> Hi Keerthika,
>> That approach looks so good since we can use this even in the past
>> releases also. As I remember Thulasika used similar approach before.
>>
>>
>> *Nadeeshaan Gunasinghe*
>> Software Engineer, WSO2 Inc. http://wso2.com
>> +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
>> <#201381195_-1671503430_>
>> 
>>   
>> 
>> Get a signature like this: Click here!
>> 
>>
>> On Fri, Jan 29, 2016 at 12:14 PM, Malaka Silva  wrote:
>>
>>> This looks good, since this way we can support ESB versions since 480.
>>>
>>> On Fri, Jan 29, 2016 at 11:14 AM, Keerthika Mahendralingam <
>>> keerth...@wso2.com> wrote:
>>>
 Hi Thulashika,
 I think you can use the following script to save the feilds in
 registry. It will work with 4.8.1, 4.9.0 and 4.10 as well.

 

 


 @Malaka/Nadeesan, Do you have any suggestion on this?



 Thanks,

 On Wed, Jan 27, 2016 at 3:25 PM, Nadeeshaan Gunasinghe <
 nadeesh...@wso2.com> wrote:

> Hi Thulasika,
>
> This feature is not available in the WSO2 ESB 4.9.0. This is available
> from in 4.10.
>
> Thanks
>
> *Nadeeshaan Gunasinghe*
> Software Engineer, WSO2 Inc. http://wso2.com
> +94770596754 | nadeesh...@wso2.com | Skype: nadeeshaan.gunasinghe
> <#201381195_-1671503430_-724930154_2030771968_-851590053_>
> 
> 
>   
> Get a signature like this: Click here!
> 
>
> On Wed, Jan 27, 2016 at 2:05 PM, Thulasika Vijayanathan <
> thulas...@wso2.com> wrote:
>
>> Hi ,
>>
>> I am implementing common init method for ESB 4.9 and 4.10. For ESB
>> 4.10 I use the property mediator to store new persistent
>> content(accessToken) in the registry as following:
>>  > expression="get-property('uri.var.accessToken')" scope="registry"/>
>>
>> when I enabling the connector artifact in ESB 4.9.0 I'm getting the
>> following error due to scope "registry".How to proceed further?
>>
>> ERROR - PropertyMediatorFactory Only 'axis2' or 'transport' or
>> 'axis2-client' or 'default' or 'operation' values are allowed for 
>> attribute
>> scope for a property mediator, Unsupported scope registry
>> [2016-01-27 13:31:53,717] ERROR - MediationLibraryAdminService Unable
>> to update status for :  {org.wso2.carbon.connector}salesforcerest ::
>> Template configuration : null cannot be builtfor Synapse Library 
>> artifact :
>> newInit1
>> org.apache.synapse.deployers.SynapseArtifactDeploymentException:
>> Template configuration : null cannot be builtfor Synapse Library 
>> artifact :
>> newInit1
>> at
>> org.apache.synapse.libraries.model.LibraryArtifact$TemplateArtifactFile.build(LibraryArtifact.java:196)
>> at
>> 

Re: [Architecture] [IS][PET] X509 certificates as IS Authenticator

[Rajjaz Mohammed]

Hi all,
X 509 is only the certificate to verify client and server.

@shakila/malaka
according to last meeting with prabath , we need to upload the key file
manually but when we try to access the server without set the key file
there want to be pop-up window to upload the key file. and yes your correct
through X 509 only we can check server and client at first time for each
data access from server. as malaka mentioned it can be use in IS as one
step in multi-factor ​authentication.

@Danushka
actual implementation still not started and AFAIK mutual SSL authenticator
also using the X 509 certificate. i will update more about how its going to
different from mutual SSL in coming days.

@prabath
can you check whether the mentioned flow is correct?

On Fri, Jan 29, 2016 at 9:16 PM, Malaka Silva  wrote:

> Hi All,
>
> This is my understanding and correct if I am wrong.
>
> An X.509 certificate contains information about the identity to which a
> certificate is issued and the identity that issued it.
>
> We can configure this authinticator even as the first step.
>
> So for each user there is a going to be a certificate issued and needs to
> be downloaded from IS dashboard.
> ​Users needs to install it on their browsers. When request comes to
> inbound authinticator, it'll a
> uthentication
> ​user by certificate.
>
> As shakila mentioned if this is the only inbound step configured then
> anyone from that browser can access the resource. However usually this is
> used as a multi-factor ​
> authinticator
> ​ in real use I guess.​
>
>
> On Fri, Jan 29, 2016 at 8:12 PM, Danushka Fernando 
> wrote:
>
>> AFAIU the problem we are addressing isn't browser to web app
>> authentication but web app to server authentication when webapp trying on
>> some backend work. Travelocity is used for a POC I guess.
>> Any way have we done any implementation here. Can you post some link for
>> that. And I guess we are not talking about mutual ssl authentication here
>> like we have done in mutual ssl authenticator.
>>
>> Thanks & Regards
>> Danushka Fernando
>> Senior Software Engineer
>> WSO2 inc. http://wso2.com/
>> Mobile : +94716332729
>>
>>
>> On Jan 29, 2016 10:35 AM, "Shakila Sivagnanarajah" 
>> wrote:
>>
>>> Hi Rajjaz,
>>>
>>> The diagram makes me bit confused. The concept is: IS allows the user to
>>> access the requested application (here travelocity.com), If it
>>> authenticates him with other API (here X509 certificates app).
>>>
>>> Are we adding the certificate to the client via authenticator and
>>> authenticate that client through IS? If we add the certificate to the
>>> browser manually, why do we need IS in the middle? In my point of view,
>>> authenticator should do this. Once the certificate is added to the browser,
>>> anyone can access the app via that browser. Is this the expected flow?
>>>
>>> Thank you
>>>
>>> On Fri, Jan 29, 2016 at 3:03 PM, Rajjaz Mohammed 
>>> wrote:
>>>
 Hi Dimuthu,
 I'm here attached the image[1] shows the flow of X509 certificate. and
 X509 certificate is going to be a one of custom authenticator. SSL is by
 far the largest use of X.509 certificates, many people use the terms
 interchangeably. They're not the same however; a "SSL Certificate" is a
 X.509 Certificate with Extended Key Usage: Server Authentication . Other
 "common" types of X.509 certs are Client Authentication , Code Signing ,
 and a handful of others are used for various encryption and authentication
 schemes[3]. there is no evidence i find to say its superior but since its
 an custom one we can use if the client wish.


 [1]
 [image: Inline image 1]

 [2]
 [image: Inline image 2]
 [3]
 http://security.stackexchange.com/questions/36932/what-is-the-difference-between-ssl-and-x-509-certificates
 [4]
 http://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication





 On Fri, Jan 29, 2016 at 9:00 AM, Dimuthu Leelarathne  wrote:

> Hi Rajjaz,
>
> Could you explain why your solution superior to 2-way SSL?
>
> thanks,
> Dimuthu
>
> On Tue, Jan 26, 2016 at 12:29 PM, Rajjaz Mohammed 
> wrote:
>
>> Hi all,
>> I have planned to Implement X509 certificate as IS authenticator.
>> the flow of authentication will be like described in below image[1].
>>
>> Flow of X509 certificate authentication [2]
>>
>>1. The client opens a connection to the server and asks the
>>server to authenticate itself.
>>2. The server authenticates itself and -- optionally -- asks the
>>client to authenticate itself. Client authentication, while possible 
>> with
>>SSL, is seldom used in most SSL transactions.
>>3. The client authenticates itself. If the client desires an
>>encrypted