Re: [Architecture] Deperecated sign methods in JWT generation flows.
We can do it if we implement it in the way I suggested. In first step we can call Utill method from signJWTWithRSA and deprecate it. But we don't touch signJWT method. Then later we remove signJWTWithRSA method and signJWT will call util method. Still we can use signJWT for extendibility. WDYT? Thanks & Regards Danushka Fernando Associate Tech Lead WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Thu, Nov 9, 2017 at 4:10 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote: > HI All, > We should not remove extensibility. > We need to look for an alternative way on this do any improvement while > keeping extensibility. > > Cheers, > Ruwan > > On Thu, Nov 9, 2017 at 3:28 PM, Danushka Fernando <danush...@wso2.com> > wrote: > >> Hi All >> In released IS 5.3.0 we have capability of extending the signing >> mechanism of JWT in JWTTokenGenerator and IDTokenBuilder. But in the latest >> code base [1] [2] we have deprecated all the protected methods and removed >> the usage of them as well. With this, we have removed the capability of >> extending signing mechanism. >> >> Previously we had following method structure. >> >> generateToken >> >> | >> >> -> signJWT (protected) >> >> | >>-> signJWTWithRSA (protected) >> >> >> Generate token method calls signJWT method and it calls sign JWT with RSA >> method. So simply by overriding signJWTWithRSA method we can override the >> JWT signing behavior. Currently we have deprecated both these methods and >> also removed the usage of the signJWT method and replaced its occurrence in >> generateToken method with OAuth2Util method. Which means we have removed >> the capability of extending signing. >> >> IMO what we should do here is deprecate signJWTWithRSA method and call >> utll method from signJWTWithRSA method and then in a future release we can >> remove that method and call util method directly from signJWT method. In >> that way we will remove duplicated code while not removing our >> extensibility. >> >> WDYT? Is there a reason for removing the current extensibility? >> >> [1] https://github.com/wso2-extensions/identity-inbound-auth- >> oauth/blob/master/components/org.wso2.carbon.identity. >> oauth/src/main/java/org/wso2/carbon/identity/oauth2/ >> authcontext/JWTTokenGenerator.java >> [2] https://github.com/wso2-extensions/identity-inbound-auth >> -oauth/blob/master/components/org.wso2.carbon.identity. >> oauth/src/main/java/org/wso2/carbon/identity/openidconnect/ >> DefaultIDTokenBuilder.java >> >> Thanks & Regards >> Danushka Fernando >> Associate Tech Lead >> WSO2 inc. http://wso2.com/ >> Mobile : +94716332729 <+94%2071%20633%202729> >> > > > > ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] Deperecated sign methods in JWT generation flows.
Hi All In released IS 5.3.0 we have capability of extending the signing mechanism of JWT in JWTTokenGenerator and IDTokenBuilder. But in the latest code base [1] [2] we have deprecated all the protected methods and removed the usage of them as well. With this, we have removed the capability of extending signing mechanism. Previously we had following method structure. generateToken | -> signJWT (protected) | -> signJWTWithRSA (protected) Generate token method calls signJWT method and it calls sign JWT with RSA method. So simply by overriding signJWTWithRSA method we can override the JWT signing behavior. Currently we have deprecated both these methods and also removed the usage of the signJWT method and replaced its occurrence in generateToken method with OAuth2Util method. Which means we have removed the capability of extending signing. IMO what we should do here is deprecate signJWTWithRSA method and call utll method from signJWTWithRSA method and then in a future release we can remove that method and call util method directly from signJWT method. In that way we will remove duplicated code while not removing our extensibility. WDYT? Is there a reason for removing the current extensibility? [1] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/authcontext/JWTTokenGenerator.java [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/blob/master/components/org.wso2.carbon.identity.oauth/src/main/java/org/wso2/carbon/identity/openidconnect/DefaultIDTokenBuilder.java Thanks & Regards Danushka Fernando Associate Tech Lead WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [Dev] Username Recovery Feature in IS 6.0.0
> wise or Does he need to configure it for the whole domain at once?* >> >> >> We need to have a global configuration identity.yaml file for all the >> domains. It is better to have domain/roles/group wise configuration for all >> the identity managment scenarios like account lock, password policy, >> password recovery, idle account suspenstion, force password reset, user >> onbording with ask paassword. >> >> >> Thanks >> Isura. >> >> >> Please provide us your comments on this point. >> >> Thanks, >> >> Dina. >> -- >> *Dinali Rosemin Dabarera* >> Software Engineer >> WSO2 Lanka (pvt) Ltd. >> Web: http://wso2.com/ >> Email : gdrdabar...@gmail.com >> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >> Mobile: +94770198933 <+94%2077%20019%208933> >> >> >> >> >> <https://lk.linkedin.com/in/dinalidabarera> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ___ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> >> >> ___ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> >> >> Thanks, >> -- >> Pushpalanka. >> -- >> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons). >> Senior Software Engineer, WSO2 Lanka (pvt) Ltd; wso2.com/ >> Mobile: +94779716248 >> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/ >> pushpalanka/ | Twitter: @pushpalanka >> >> >> ___ >> Dev mailing list >> d...@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> >> >> >> -- >> *Pubudu Gunatilaka* >> Committer and PMC Member - Apache Stratos >> Software Engineer >> WSO2, Inc.: http://wso2.com >> mobile : +94774078049 <%2B94772207163> >> >> >> ___ >> Dev mailing list >> d...@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> >> >> >> -- >> *Thanks and Best Regards,* >> Imesh Ashandimal Chandrasiri >> *Software Engineer* >> WSO2, Inc. >> lean . enterprise . middleware >> *E:* ime...@wso2.com | *P:* 0716519187 >> >> >> Disclaimer: This communication may contain privileged or other >> confidential information and is intended exclusively for the addressee/s. >> If you are not the intended recipient/s, or believe that you may have >> received this communication in error, please reply to the sender indicating >> that fact and delete the copy you received and in addition, you should not >> print, copy, retransmit, disseminate, or otherwise use the information >> contained in this communication. Internet communications cannot be >> guaranteed to be timely, secure, error or virus-free. The sender does not >> accept liability for any errors or omissions. >> >> ___ >> Dev mailing list >> d...@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> >> >> >> -- >> Thanks and Regards >> *,Shani Ranasinghe* >> Senior Software Engineer >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: +94 77 2273555 <+94%2077%20227%203555> >> Blog: http://waysandmeans.blogspot.com/ >> linked in: lk.linkedin.com/pub/shani-ranasinghe/34/111/ab >> >> ___ >> Dev mailing list >> d...@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> >> >> >> -- >> *Dinali Rosemin Dabarera* >> Software Engineer >> WSO2 Lanka (pvt) Ltd. >> Web: http://wso2.com/ >> Email : gdrdabar...@gmail.com >> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >> Mobile: +94770198933 <+94%2077%20019%208933> >> >> >> >> >> <https://lk.linkedin.com/in/dinalidabarera> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> *Dinali Rosemin Dabarera* >> Software Engineer >> WSO2 Lanka (pvt) Ltd. >> Web: http://wso2.com/ >> Email : gdrdabar...@gmail.com >> LinkedIn <https://lk.linkedin.com/in/dinalidabarera> >> Mobile: +94770198933 <+94%2077%20019%208933> >> >> >> >> >> <https://lk.linkedin.com/in/dinalidabarera> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- > > *Isura Dilhara Karunaratne* > Senior Software Engineer | WSO2 > Email: is...@wso2.com > Mob : +94 772 254 810 <+94%2077%20225%204810> > Blog : http://isurad.blogspot.com/ > > > > > ___ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [IS 6.0.0] Email Management Component Implementation
On Sun, Jan 22, 2017 at 5:43 PM, Isura Karunaratne <is...@wso2.com> wrote: > Hi Lahiru, > > On Sun, Jan 22, 2017 at 4:40 PM Lahiru Manohara <lahir...@wso2.com> wrote: > >> Hi, >> >> We are implementing email management component for IS 6.0.0. The >> following properties will be included in the email template. >> >> configuration: >> - >> subject: >> body: >> footer: >> type: >> display: >> locale: >> emailContentType: >> >> The following directory structure will be used to keep the template based >> on the locale. >> >> config/ >> >> └── email/ >> >> ├── en_US >> >> │└── email-admin-config.yaml >> >> └── en_GB >> >> └── email-admin-config.yaml >> >> +1 for the directory structure. >> >> Are we having this folder structure inside conf/identity or did you mean the conf folder by config? I think it should go in to the conf/identity/email. WDYT? > We need to support both HTML and text based email templates. Also, there >> should be a way to specify user claims in email templates. We support those >> features in IS5.3.0. >> >> Thanks >> Isura. >> >> >> Appreciate your suggestions on above design. >> >> Best Regards, >> -- >> *Lahiru Manohara* >> *Software Engineer* >> Mobile: +94716561576 >> WSO2 Inc. | http://wso2.com >> lean.enterprise.middleware >> >> >> > ___ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [Identity Server] Creating a server configuration Identity.yaml vs component wise yaml files and Reading the server configurations
Johan Problem with reading from seperate places is like this. How we have read yaml files is using snakeyaml library, we create a class with parameters as same name as yaml file properties. And we pass this class and we retrieve object of that mapping bean. So how should we achieve that? One idea was to have a common bean in commons and have sub beans in component. But that will lead to a cyclic dependency. Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Thu, Jan 19, 2017 at 2:03 PM, Johann Nallathamby <joh...@wso2.com> wrote: > Hi Danushka, > > Did you see [1]? The thread talks about a single config file for the most > commonly changed config files. However the thread doesn't seem to have a > conclusion. > > @Kernel Team, > Is this something we have completed implementing? If so can you share some > latest details of how we should be using it? > > @Danushka, > In any case one mistake we made in C4 based IS is reading and parsing the > identity.xml from a single component - identity.core. We must not make the > same mistake again. Each component must pass its own configuration in the > yaml file using snakeyaml and build its own configuration model. This will > achieve less coupling among bundles. Of course you can have utilities in > [2] if needed to pass identity.yaml but nothing specific to a specific > feature. > > So I think to summarize, the configuration file is specific to the product > and a single file for the whole server, but parsing the file is the > responsibility of each component. This doesn't apply for more complex > configurations such as claim-config.yaml, user-store-config.yaml, etc. > > [1] [Architecture] Configuration files in C5 > [2] https://github.com/wso2/carbon-identity-commons/tree/mas > ter/components/org.wso2.carbon.identity.common/src/main/ > java/org/wso2/carbon/identity/common/util > > Regards, > Johann. > > On Thu, Jan 19, 2017 at 1:46 PM, Danushka Fernando <danush...@wso2.com> > wrote: > >> Hi All >> We are currently working on setting challenge questions feature for IS >> 6.0.0-M1. We need some configurations specific to security questions / >> account recovery section. In C4 based products it was in identity.xml which >> is the server configuration. In C5 code we dont have created a such file. >> We have several user management related configs which are deployed >> separately in C4 as well. But when we are moving towards C5, what should be >> the way of creating these configs. Is it component wise or server wise? >> >> Any ideas are appreciated. >> >> Thanks & Regards >> Danushka Fernando >> Senior Software Engineer >> WSO2 inc. http://wso2.com/ >> Mobile : +94716332729 <+94%2071%20633%202729> >> > > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+9476950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [Identity Server] Creating a server configuration Identity.yaml vs component wise yaml files and Reading the server configurations
Hi All We are currently working on setting challenge questions feature for IS 6.0.0-M1. We need some configurations specific to security questions / account recovery section. In C4 based products it was in identity.xml which is the server configuration. In C5 code we dont have created a such file. We have several user management related configs which are deployed separately in C4 as well. But when we are moving towards C5, what should be the way of creating these configs. Is it component wise or server wise? Any ideas are appreciated. Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [Dev] [IS 6.0.0] [User Portal] Challenge Questions in Self sign-up page of user portal
If everyone had it in past and no longer using it, big +1 for removing it. Only concern is about existing customers. If we can explain the rationale behind removing it we are in clear I guess. @Sewmini Yes there is a reviewed user story for this. But when we discuss about some implementation details today, we realized that lot of people had this and removed this due to vulnerabilities in it. Hence Indunil started this discussion. Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Jan 18, 2017 6:04 PM, "KasunG Gajasinghe" <kas...@wso2.com> wrote: > > Security questions are a thing of the past. Google, Facebook they all have > removed the security questions based password recovery mechanisms. [1] [2] > So, +1 to drop this support in IS 6. > > [1] http://googlesystem.blogspot.com/2014/12/google- > drops-support-for-security.html > [2] https://www.facebook.com/help/community/question/?id=815382261879187 > > On Wed, Jan 18, 2017 at 5:37 PM, Nuwan Dias <nuw...@wso2.com> wrote: > >> >> >> On Wed, Jan 18, 2017 at 5:10 PM, Indunil Upeksha Rathnayake < >> indu...@wso2.com> wrote: >> >>> Hi, >>> >>> Currently we are working on implementing C5 user portal in IS. >>> Appreciate your suggestions/ideas for the following concerns regarding >>> challenge questions. >>> >>> *1) Is it necessary to include challenge questions in IS 6.0.0 as a >>> recovery option?* >>> Seems like secret questions are neither secure nor reliable enough to be >>> used as a account recovery mechanism. And also most of the vendors has >>> completely removed support for security questions including google. In C5, >>> security question sets will be some what strengthen the recovery and makes >>> it hard to guess the questions. But seems like need to consider whether it >>> need to be implemented or not. >>> >> >> I personally have never used a security question to recover any of the >> accounts of which I forgot passwords. Its always a recovery through email >> or mobile. Therefore I don't see this as a valuable feature. >> >>> >>> *2) Is it necessary to include security questions in user self sign-up >>> page? If needed, following way is appropriate?* >>> As we have planned, in C5, admin can create several security question >>> sets and can configure the minimum number of questions that need to be >>> answered by a user. So that in self sign up UI when populating security >>> questions to a user, >>> >>>- security questions need to be categorized according to the >>>security question sets >>>- all the sets need to be populated for the user >>>- user can select any number of security questions from different >>>sets not from a same set >>>- need to validate whether the user has answered for the minimum >>>number of questions >>> >>> When an answer to a question is personal, the question itself is >> probably personal too. Therefore I don't think an admin can decide on what >> questions to be asked from you. Its unlikely you'll remember an answer to a >> question which is not very relevant to you. If we're doing this (I'm >> negative on implementing the feature itself too :)), I think we should let >> the user decide his own questions and answers. >> >> >>> Appreciate your ideas on this. >>> >>> Thanks and Regards >>> -- >>> Indunil Upeksha Rathnayake >>> Software Engineer | WSO2 Inc >>> Emailindu...@wso2.com >>> Mobile 0772182255 <077%20218%202255> >>> >>> ___ >>> Dev mailing list >>> d...@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Nuwan Dias >> >> Software Architect - WSO2, Inc. http://wso2.com >> email : nuw...@wso2.com >> Phone : +94 777 775 729 <077%20777%205729> >> > > > > -- > > *Kasun Gajasinghe*Associate Technical Lead, WSO2 Inc. > email: kasung AT spamfree wso2.com > linked-in: http://lk.linkedin.com/in/gajasinghe > blog: http://kasunbg.org > phone: +1 650-745-4499 <(650)%20745-4499>, 77 678 0813 > > ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] create tenant via rest api
There is a soap api. You can use TenantMgtService. Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Fri, Feb 26, 2016 at 3:35 AM, John Q <johnq3...@gmail.com> wrote: > Hello everyone, > > I am wondering if there is a rest api for carbon to create tenants? > > I saw that private paas have a rest api for creating tenant, but i only > have installed , wso2is, wso2am and wso2esb and don't use the private paas. > > If there is such api please where can i find it? > > Thanks, > John > > > > ___ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [AppCloud] Kubernetes Deployment Clean up Application Design for New App Cloud
On Tue, Feb 23, 2016 at 5:48 PM, Lahiru Manohara <lahir...@wso2.com> wrote: > Hi All, > > AppCloud we are implementing deployment clean up method for Kubernetes, > otherwise it will be a overhead for Kubernetes to keep idle deployments all > the time. We are designing this as Jax-RS service and schedule a cron job > for execute a shell script which calls the Jax-RS service. The deployment > clean up will be based on data which are currently available on AppCloud > database and MSF4J monitoring dashboard database. We are selecting not idle > application based on MSF4J database from REQUESTS_SUMMARY_PER_MINUTE table > based on the following logic. > Can't we use a task implementation here? Why this is better? > > IF current time - last request time for application <= threshold value > AND average request count > threshold value > Is this the same threshold value or different values? I know this should come with billing any way is this going in the tier definition? For now where this is defined? > > Reason for selecting idle applications rather than not idle applications, > we have a situation there are no single request came to a particular > application and it will not record in MSF4J database. So considering that > kind of situations we are getting not idle application set from MSF4J and > it will reduce all application set from AppCloud database. For this > operation we are using HashSet removeAll method. > I think "Reason for selecting idle applications rather than not idle applications" should be "Reason for selecting not idle applications rather than idle applications". Any way what do you mean by MSF4J database? Can you explain more? > Appreciate your suggestions on above approach. > > -- > Best regards, > > *Lahiru Manohara* > *Software Engineer* > Mobile: +94716561576 > WSO2 Inc. | http://wso2.com > lean.enterprise.middleware > > ___ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Dev, QA, Production
Hi John If you have three esb servers in three environments you can separate out the registries of the three environments. And you can create a registry artifact in same path with different values and you can point to it from your sequence. Currently WSO2 AppFactory provides this function OOTB if you are interested. Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Sat, Feb 20, 2016 at 2:31 AM, John Q <johnq3...@gmail.com> wrote: > Hello, > Which is the better approach to externalize parameters in esb artifacts, > for example, a username and password pair used within a sequence. I'm using > local-entries for this purpose. but the values of these local entries are > not the same in dev and production environments. > > Once these local entries are deployed into the server, I need to make > future deployments of sequences, proxies, etc, and prevent these local > entries to be overwritten with the local entries. > > Can any body give me some advice or guide in order to face these > deployment relative issues? > > Thanks in advice, > John > > ___ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [IS][PET] X509 certificates as IS Authenticator
AFAIU the problem we are addressing isn't browser to web app authentication but web app to server authentication when webapp trying on some backend work. Travelocity is used for a POC I guess. Any way have we done any implementation here. Can you post some link for that. And I guess we are not talking about mutual ssl authentication here like we have done in mutual ssl authenticator. Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Jan 29, 2016 10:35 AM, "Shakila Sivagnanarajah" <shak...@wso2.com> wrote: > Hi Rajjaz, > > The diagram makes me bit confused. The concept is: IS allows the user to > access the requested application (here travelocity.com), If it > authenticates him with other API (here X509 certificates app). > > Are we adding the certificate to the client via authenticator and > authenticate that client through IS? If we add the certificate to the > browser manually, why do we need IS in the middle? In my point of view, > authenticator should do this. Once the certificate is added to the browser, > anyone can access the app via that browser. Is this the expected flow? > > Thank you > > On Fri, Jan 29, 2016 at 3:03 PM, Rajjaz Mohammed <raj...@wso2.com> wrote: > >> Hi Dimuthu, >> I'm here attached the image[1] shows the flow of X509 certificate. and >> X509 certificate is going to be a one of custom authenticator. SSL is by >> far the largest use of X.509 certificates, many people use the terms >> interchangeably. They're not the same however; a "SSL Certificate" is a >> X.509 Certificate with Extended Key Usage: Server Authentication . Other >> "common" types of X.509 certs are Client Authentication , Code Signing , >> and a handful of others are used for various encryption and authentication >> schemes[3]. there is no evidence i find to say its superior but since its >> an custom one we can use if the client wish. >> >> >> [1] >> [image: Inline image 1] >> >> [2] >> [image: Inline image 2] >> [3] >> http://security.stackexchange.com/questions/36932/what-is-the-difference-between-ssl-and-x-509-certificates >> [4] >> http://www.codeproject.com/Articles/326574/An-Introduction-to-Mutual-SSL-Authentication >> >> >> >> >> >> On Fri, Jan 29, 2016 at 9:00 AM, Dimuthu Leelarathne <dimut...@wso2.com> >> wrote: >> >>> Hi Rajjaz, >>> >>> Could you explain why your solution superior to 2-way SSL? >>> >>> thanks, >>> Dimuthu >>> >>> On Tue, Jan 26, 2016 at 12:29 PM, Rajjaz Mohammed <raj...@wso2.com> >>> wrote: >>> >>>> Hi all, >>>> I have planned to Implement X509 certificate as IS authenticator. the >>>> flow of authentication will be like described in below image[1]. >>>> >>>> Flow of X509 certificate authentication [2] >>>> >>>>1. The client opens a connection to the server and asks the server >>>>to authenticate itself. >>>>2. The server authenticates itself and -- optionally -- asks the >>>>client to authenticate itself. Client authentication, while possible >>>> with >>>>SSL, is seldom used in most SSL transactions. >>>>3. The client authenticates itself. If the client desires an >>>>encrypted connection, it takes steps to establish one. >>>>4. The client begins the transaction. >>>> >>>> So, we generate a certificate for our sever and we will provide/issue >>>> it to our clients, if our clients need to connect to our server they >>>> browser must need to have that certificate. it will be one time >>>> configuration if client set the certificate one time then he no need to >>>> care about certificate. >>>> >>>> This is my basic Idea so If you have anything to add/change X509 >>>> certificate authentication please ad in this thread. >>>> >>>> >>>> [1] >>>> [image: Inline image 1] >>>> [2] >>>> http://www.javaworld.com/article/2075188/learn-java/construct-secure-networked-applications-with-certificates--part-4.html >>>> >>>> >>>> >>>> >>>> -- >>>> Thank you >>>> Best Regards >>>> >>>> *Rajjaz HM* >>>> Associate Software Engineer >>>> WSO2 Inc. <http://wso2.com/> >>>> lean | enterprise | middleware >>>> Mobile | +947528
Re: [Architecture] [AF] Adding ESB Applications to App Factory
Hi Guys First of all sorry for the late update. We compared the dbscripts of ESB 4.8.1 and ESB 4.9.0 and realized they are similar. So I believe we can share the same databases across 4.2.x Products which we have in cloud and ESB 4.9.0. But still if we need to use the components that we developed for AS we will need to maintain a separate version which is based on 4.4.x kernel. I guess that's simple development work. So here is the update about what has been done up to now and what has to be done further. - Developing the apptype for car to create a sample app with functionalities build, deploy and promote (Copy to artifact repo). -- *Done.* - Developing the docker image for ESB 4.9.0 -- *Done, Need to be tested.* - Develop json files and scripts to create and deploy the cartridges and execute them at the setup time. (We can just copy the files related to Appserver and we can change the parameters) -- *Not Done.* - Need to test launching and we need to decide what to show when we launch a ESB application and we need to generate the launch url based on that. For this we will need to develop some components which will pass the deployment status from ESB to AF similar to what we developed for web applications and services deployed in app server. -- *Not Done.* - Dev studio integration for App Factory ESB application with applying rules previously discussed. -- *Not Done.* - Git hook to check whether committed files are according to the rules.. -- *Not Done.* Thanks & Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Sun, Oct 4, 2015 at 7:43 AM, Kasun De Silva <kas...@wso2.com> wrote: > Hi Manjula/Danushka and All, > > When I was reading through the options listed by Danushka, I got the > preference to #1 as well, > > Go with ESB 4.8.1 for now. (Later we need to upgrade all the products to >> 4.4.x kernel) Backport the fix for logging to 4.8.1 if possible. (@ESB team >> is this possible?) >> > > Because #2 and #3 would add much complexity to the cloud deployment. I > think we are at a state that we should consider the stability of the cloud > deployment because we are planing to go production late this year. So for > the sake of simplicity and the stability of the we should not introduce > anything that is adding any complexity cloud deployment, So my personal > preference would be go with #1. > > And I believe we can do an upgrade later, and first thing should be we > should get ESB apptype running to cloud deployment. So I think going with > ESB 4.8.1 would be the ideal case. > > But in the previous mail Kasun mentioned that the iPass won't work with > 4.8.1 and other drawbacks with the option #1. So I think we better have a > session to analyse the options we have with one or two ESB team members > and select the best option for us. > > WDYT? > > > Thanks, > Kasun > > *Kasun de Silva* > Software Engineer | *WSO2 Inc.*; http://wso2.com > lean.enterprise.middleware > > email : kas...@wso2.com > mobile : +94 77 794 4260 > > > On Thu, Oct 1, 2015 at 10:38 AM, Kasun Indrasiri <ka...@wso2.com> wrote: > >> Hi, >> >> Not having 4.9 in the ESB as a service will be a huge drawback.. IMO. >> There are quite a lot of changes that we specifically did for 4.9 to fix >> the behavior in MT mode etc. (inbound EP, tasks coordination etc.). So, I >> don't think going back to 4.8.1 is the best option we have. Anyway, iPaaS >> work also needs ESB 4.9, so going back to 4.8.1 won't work for iPaaS. >> >> thanks, >> Kasun >> >> On Thu, Oct 1, 2015 at 10:04 AM, Manjula Rathnayake <manju...@wso2.com> >> wrote: >> >>> Hi all, >>> >>> I am +1 for #1 due to the simplicity we get in cloud deployment. >>> >>> @Nadeeshaan, can we get the car based logging improvement to ESB 4.8.1? >>> >>> thank you. >>> >>> On Wed, Sep 30, 2015 at 5:32 PM, Danushka Fernando <danush...@wso2.com> >>> wrote: >>> >>>> Hi All, >>>> >>>> I am working on adding ESB Application to App Factory. Currently all >>>> application type related code is developed and sample code also done. While >>>> looking into adding ESB container faced an issue. >>>> >>>> Currently AF dev setups and App Cloud deployed all the products which >>>> are based on Carbon 4.2.0. But ESB 4.9.0 contains a feature to add log >>>> filtering based on Capp names. But AFAIK ESB 4.9.0 is based on carbon >>>> 4.4.x. So we cannot mount existing databases to ESB 4.9.0. >>>> >>>> >>>> So
Re: [Architecture] [AF] Adding CAR application type to App Factory
After revisiting the architecture, we changed having three different Resources CAR files to one CAR file. And in the UI we will let other users to upload a CAR file for other stages. Reason for this change is that in AF we don't allow to commit, build, deploy after the promotion. But QAs/DevOps won't know about the values until it comes to their stage (Testing/Production). Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Mon, Jul 20, 2015 at 10:36 AM, Danushka Fernando danush...@wso2.com wrote: Hi Please find my answers inline On Mon, Jul 20, 2015 at 9:40 AM, Jasintha Dasanayake jasin...@wso2.com wrote: If I have understood correctly, there is a maven multimode project and inside that there are registry resource projects , an ESB project and a Capp project right ? so in your project structure graph where is the Capp project ? is it the first application id ? Yes Also what is the type of these * ResourcesCAR project ? are these registry resource projects ? Yes Hope you going to use the existing carbon CAR deployer right ? , if so existing CAR structure shouldn't be changed so it's better to validate that also in the begging Yes that's in the plan. We will have a git hook to validate this. Thanks and Regards /Jasintha On Fri, Jul 17, 2015 at 10:08 PM, Danushka Fernando danush...@wso2.com wrote: Hi All, Currently we are working on a feature that will enable to develop, deploy and manage CAR files via App Factory. As the first part of this I started working on CAR application type and the ESB runtime. In this phase the expectation is to 1. Create an car type multi module application 2. Build and Deploy the correct artifacts 3. Create versions 4. Promote Decided sample project structure would be something similar to following ├── pom.xml ├── applicationID │ └── pom.xml ├── applicationIDApplicationResources │ ├── artifact.xml │ ├── Development │ │ └── EchoServiceEP.xml │ ├── echo.wsdl │ ├── pom.xml │ ├── Production │ │ └── EchoServiceEP.xml │ └── Testing │ └── EchoServiceEP.xml ├── applicationIDDevelopmentResourcesCAR │ └── pom.xml ├── applicationIDProductionResourcesCAR │ └── pom.xml ├── applicationIDSimpleProxy │ ├── artifact.xml │ ├── pom.xml │ └── src │ └── main │ └── synapse-config │ └── proxy-services │ └── applicationIDSimpleProxyService-version.xml └── applicationIDTestingResourcesCAR └── pom.xml Since CAR Projects are built with Maven this is the first time that we are going to introduce an maven multi module application type to App Factory. Tricky parts are the versioning the project and deploy the correct artifacts. We will use extension points provided by AF to achieve these tasks. We are planning to implement an Application Type Processor, an Initial Deployer and a Deployer. Then after the Stratos 4.1.0 upgrade task is done ESB docker cartidges will use to spawn ESB instances. Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Jasintha Dasanayake* *Senior Software EngineerWSO2 Inc. | http://wso2.com http://wso2.com/lean . enterprise . middleware* *mobile :- 0711368118* ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [AF] ESB Apptype Resources section
Hi All Currently in AF we have four kind of resources/runtime configs. 1. Databases 2. Data Sources 3. APIs 4. Registry Resources But for ESB Apptype only Registry Resources will be valid. So in the UI we need to show only registry resources for the application. This is planned to handle by adding some configurations to the AppType configuration. AppType configuration will contain a new configuration as Supported_Resources_Types which could contain values such as datasources, databases, apis and registry_resources in comma separated way. In UI it will show only supported resources types and users can manage those types of resources via AppFactory for the particular AppType. In this case it will only be registry_resources. First problem to solve is what to show in this page for view purposes. Since no edit part is there and only will be a place to upload the new CAR file for the stage it will only be matter of showing the resources of the ESB application. There are few things that we can show here. 1. We can show the CAR file for the stage and add a download link. But the problem is from where to get this built artifact from to let the user download the artifact. Options we have are like below. 1. Download from Jenkins - We need to construct an url for jenkins built artifact. But again this url contains groupIds of the artifact which is difficult to construct. 2. Download from S2 Git - We can get this artifact from s2 git location to a temp location in AF and let the user download it. Here again we need to clone whole repo for the simple download. 3. Build it from source code on the fly - Will take processing power and will be slow also. 4. Store the CAR in some apache server so later we can provide the users the link to download 2. We can read the artifacts.xml from the source code and show it in the UI just for view purposes. 3. Show registry resources from the registry itself. 4. Provide the git repo url and show the CAR file name. No download option provided. Next problem is to match these things with the existing UI. For ESB apptype we need to give upload option instead of edit option. To solve this we can do following 1. We can do a complex configuration in apptype to say which apptype allows uploading car files and not and which apptype allows just the car file uploading and which allows adding from ui and which allows both and so on. 2. We can introduce a new runtime config type as CAR Resources and we can have upload option there which will be cleaner IMO. But still the we need to solve first problem in a clean way to provide a complete solution. IMO #5 is OK and simple. But having a download option is always nicer and better. Any Ideas would be appreciated. [1] [Architecture] [AF] Adding CAR application type to App Factory Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [IS] Service Provider/Identity Provider file base configuration in clustered environment
Why can't we do the same thing when we add it from the config file and ui? I mean in both cases if we write to the same place in same manner then ui can read it from db and show it in ui so users can see it added from the UI as well. About claim configs +1 to make it configurable. In customer deployments we have faced the problem that if we do it wrong in first time then we need to clean dbs and restart. Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Mon, Jul 20, 2015 at 2:42 PM, Harsha Thirimanna hars...@wso2.com wrote: Hi All, Since we support file base deployment for SP/IDP, we should have consistent mechanism to deploy it in clustered environment. *How it works now* We can create SP and IDP from UI and it is stored in data base, for both super tenant and multi-tenant mode. In file base, we can only create super tenant SP/IDP. It is also not show in the UI. *Problems* When we create IDP or SP in file, we update the database and retrieve from database when it wants. Every time when restart the node, we re-deploy all the idp configs. In cluster mode, we have to maintain same config file in all the node, otherwise wrong file may be updated or some other node will delete from database if some files not available in there. In claim deployment, we deployed claims from config file only in very first start of the server. So after that we can't change the file. We have to go to the UI. If we solve that problem to deploy when it change, then above pattern can be seen again. *Suggesion* If we consider these are as deploy-able artifact, then we can move these in to the deployment path and allow to dep-synch work. In that case , only concern is adding configs to the database or not. OR We can keep as same now and write simple deployment component base on database. We can delete config file just after update the database from file and let user to edit from UI. If user want to change from file only, then he can put new config again and it will udpate database again and delete file in local. Then we don't want to put any file in to the other node in cluster. But if we put another config file in other node, then it will update the database(but not a big issue). OR As same as second option in above, we can update database from reading file and keep the file as it is without deleting from locally. To do that we have to create a config to allow , one specific node to do the update and others are not. All the config can be seen from the UI and allow to edit. WDYT ? *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * http://www.apache.org/* *email: **hars...@wso2.com* az...@wso2.com* cell: +94 71 5186770 * *twitter: **http://twitter.com/ http://twitter.com/afkham_azeez* *harshathirimannlinked-in: **http: http://lk.linkedin.com/in/afkhamazeez**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122* *Lean . Enterprise . Middleware* ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [IS] Service Provider/Identity Provider file base configuration in clustered environment
s/configurable/deployable Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Mon, Jul 20, 2015 at 4:02 PM, Danushka Fernando danush...@wso2.com wrote: Why can't we do the same thing when we add it from the config file and ui? I mean in both cases if we write to the same place in same manner then ui can read it from db and show it in ui so users can see it added from the UI as well. About claim configs +1 to make it configurable. In customer deployments we have faced the problem that if we do it wrong in first time then we need to clean dbs and restart. Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Mon, Jul 20, 2015 at 2:42 PM, Harsha Thirimanna hars...@wso2.com wrote: Hi All, Since we support file base deployment for SP/IDP, we should have consistent mechanism to deploy it in clustered environment. *How it works now* We can create SP and IDP from UI and it is stored in data base, for both super tenant and multi-tenant mode. In file base, we can only create super tenant SP/IDP. It is also not show in the UI. *Problems* When we create IDP or SP in file, we update the database and retrieve from database when it wants. Every time when restart the node, we re-deploy all the idp configs. In cluster mode, we have to maintain same config file in all the node, otherwise wrong file may be updated or some other node will delete from database if some files not available in there. In claim deployment, we deployed claims from config file only in very first start of the server. So after that we can't change the file. We have to go to the UI. If we solve that problem to deploy when it change, then above pattern can be seen again. *Suggesion* If we consider these are as deploy-able artifact, then we can move these in to the deployment path and allow to dep-synch work. In that case , only concern is adding configs to the database or not. OR We can keep as same now and write simple deployment component base on database. We can delete config file just after update the database from file and let user to edit from UI. If user want to change from file only, then he can put new config again and it will udpate database again and delete file in local. Then we don't want to put any file in to the other node in cluster. But if we put another config file in other node, then it will update the database(but not a big issue). OR As same as second option in above, we can update database from reading file and keep the file as it is without deleting from locally. To do that we have to create a config to allow , one specific node to do the update and others are not. All the config can be seen from the UI and allow to edit. WDYT ? *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * http://www.apache.org/* *email: **hars...@wso2.com* az...@wso2.com* cell: +94 71 5186770 * *twitter: **http://twitter.com/ http://twitter.com/afkham_azeez* *harshathirimannlinked-in: **http: http://lk.linkedin.com/in/afkhamazeez**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122* *Lean . Enterprise . Middleware* ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [AF] Adding CAR application type to App Factory
Hi Please find my answers inline On Mon, Jul 20, 2015 at 9:40 AM, Jasintha Dasanayake jasin...@wso2.com wrote: If I have understood correctly, there is a maven multimode project and inside that there are registry resource projects , an ESB project and a Capp project right ? so in your project structure graph where is the Capp project ? is it the first application id ? Yes Also what is the type of these * ResourcesCAR project ? are these registry resource projects ? Yes Hope you going to use the existing carbon CAR deployer right ? , if so existing CAR structure shouldn't be changed so it's better to validate that also in the begging Yes that's in the plan. We will have a git hook to validate this. Thanks and Regards /Jasintha On Fri, Jul 17, 2015 at 10:08 PM, Danushka Fernando danush...@wso2.com wrote: Hi All, Currently we are working on a feature that will enable to develop, deploy and manage CAR files via App Factory. As the first part of this I started working on CAR application type and the ESB runtime. In this phase the expectation is to 1. Create an car type multi module application 2. Build and Deploy the correct artifacts 3. Create versions 4. Promote Decided sample project structure would be something similar to following ├── pom.xml ├── applicationID │ └── pom.xml ├── applicationIDApplicationResources │ ├── artifact.xml │ ├── Development │ │ └── EchoServiceEP.xml │ ├── echo.wsdl │ ├── pom.xml │ ├── Production │ │ └── EchoServiceEP.xml │ └── Testing │ └── EchoServiceEP.xml ├── applicationIDDevelopmentResourcesCAR │ └── pom.xml ├── applicationIDProductionResourcesCAR │ └── pom.xml ├── applicationIDSimpleProxy │ ├── artifact.xml │ ├── pom.xml │ └── src │ └── main │ └── synapse-config │ └── proxy-services │ └── applicationIDSimpleProxyService-version.xml └── applicationIDTestingResourcesCAR └── pom.xml Since CAR Projects are built with Maven this is the first time that we are going to introduce an maven multi module application type to App Factory. Tricky parts are the versioning the project and deploy the correct artifacts. We will use extension points provided by AF to achieve these tasks. We are planning to implement an Application Type Processor, an Initial Deployer and a Deployer. Then after the Stratos 4.1.0 upgrade task is done ESB docker cartidges will use to spawn ESB instances. Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Jasintha Dasanayake* *Senior Software EngineerWSO2 Inc. | http://wso2.com http://wso2.com/lean . enterprise . middleware* *mobile :- 0711368118* ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [AF] Adding CAR application type to App Factory
Hi All, Currently we are working on a feature that will enable to develop, deploy and manage CAR files via App Factory. As the first part of this I started working on CAR application type and the ESB runtime. In this phase the expectation is to 1. Create an car type multi module application 2. Build and Deploy the correct artifacts 3. Create versions 4. Promote Decided sample project structure would be something similar to following ├── pom.xml ├── applicationID │ └── pom.xml ├── applicationIDApplicationResources │ ├── artifact.xml │ ├── Development │ │ └── EchoServiceEP.xml │ ├── echo.wsdl │ ├── pom.xml │ ├── Production │ │ └── EchoServiceEP.xml │ └── Testing │ └── EchoServiceEP.xml ├── applicationIDDevelopmentResourcesCAR │ └── pom.xml ├── applicationIDProductionResourcesCAR │ └── pom.xml ├── applicationIDSimpleProxy │ ├── artifact.xml │ ├── pom.xml │ └── src │ └── main │ └── synapse-config │ └── proxy-services │ └── applicationIDSimpleProxyService-version.xml └── applicationIDTestingResourcesCAR └── pom.xml Since CAR Projects are built with Maven this is the first time that we are going to introduce an maven multi module application type to App Factory. Tricky parts are the versioning the project and deploy the correct artifacts. We will use extension points provided by AF to achieve these tasks. We are planning to implement an Application Type Processor, an Initial Deployer and a Deployer. Then after the Stratos 4.1.0 upgrade task is done ESB docker cartidges will use to spawn ESB instances. Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [AF] Removing Registry Mounts for the Dev, Test, Prod Registries
The thing is Dimuthu, currently there is no description field for external apis. So please advise. Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Jun 16, 2015 6:13 PM, Dimuthu Leelarathne dimut...@wso2.com wrote: Hi Pirin, On Tue, Jun 16, 2015 at 3:30 PM, Pirinthapan Mahendran pirintha...@wso2.com wrote: Hi all, I am implementing the UX solution, proposed by Danushka, to improve the performance of Runtime configs page after removing the registry mounts. To implement this, I am saving the resource name and description to the existing runtime database (AF_RESOURCE) and showing these information in the Runtime configs overview page and other config pages (APIs page and Properties page). Isn't this already done 2.1.0 release. In the existing overview page we are showing Name and Authentication for external APIs while all the other resource types are showing Name and Description. Now the problem is when we saving the external api information to the runtime database there is no column to save the authentication type. In the main overview page, for external APIs we need to show the Name and Description only. But when we go into the APIs page we need to show the authentication type. Hence you need to have the authentication type stored somewhere. To overcome this issue we can choose one of the following solution. 1. We can add another table AF_EXTERNAL_API and store authentication type there. +1 thanks, dimuthu 1. We can stop showing authentication type without retrieving data from remote server. 2. We can add another column to the existing AF_RESOURCE table to store authentication type. 3. Add a description to external apis and show it in UI instead of authentication type (Currently there is no description to external apis). 1 3 will need data migration. 1 would be cleaner than 3. If we are going with 2, then it will show only the name of the external apis while others will show name and description. I kindly expect your thoughts on this issue. Thanks. Mahendran Pirinthapan Software Engineer | WSO2 Inc. Mobile +94772378732. On Fri, Jun 12, 2015 at 1:01 PM, Pirinthapan Mahendran pirintha...@wso2.com wrote: Hi all, I am working on the above task. I will remove the registry mounts for Dev, Test, Prod registries and implement the UX solution as explained by Danushka. Thanks. Mahendran Pirinthapan Software Engineer | WSO2 Inc. Mobile +94772378732. On Wed, Jun 10, 2015 at 2:31 PM, Danushka Fernando danush...@wso2.com wrote: Hi All Currently we are trying to improve the performance of the App Factory. While doing that we identified that having a lot of registry mounts (in AF case 3) might be an performance impact. These mounts are used to read runtime config values and when we want to add / update we are calling the remote service. Reason for this solution was that runtime config pages are really slow due to the service calls we are doing and also because these calls can fail it was a point of failure. So because of these mounts we are retrieving values without remote calls. But because of these mounts there could be an impact on other operations such as Load tenant registry, Load tenant, get artifacts, etc. So we thought about removing them and come up with an UX solution. We will get values from remote calls. But we won't retrieve them in every page load. There will be a button saying something like load values from remote server and we will do the service call only if that button is clicked. We will save the names of these runtime configs in runtime database and we will list down the names in the UI from the runtime database. And with the new Stratos / Private PaaS upgrade we will be moving towards the Metadata service, where other PaaS also have similar service. So after that we won’t be using these registries any way. So we are going to go ahead with the above solution to achieve better user experience, stability and performance. Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Dimuthu Leelarathne Director Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: dimut...@wso2.com Mobile : 0773661935 Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [AF] Removing Registry Mounts for the Dev, Test, Prod Registries
Hi All Currently we are trying to improve the performance of the App Factory. While doing that we identified that having a lot of registry mounts (in AF case 3) might be an performance impact. These mounts are used to read runtime config values and when we want to add / update we are calling the remote service. Reason for this solution was that runtime config pages are really slow due to the service calls we are doing and also because these calls can fail it was a point of failure. So because of these mounts we are retrieving values without remote calls. But because of these mounts there could be an impact on other operations such as Load tenant registry, Load tenant, get artifacts, etc. So we thought about removing them and come up with an UX solution. We will get values from remote calls. But we won't retrieve them in every page load. There will be a button saying something like load values from remote server and we will do the service call only if that button is clicked. We will save the names of these runtime configs in runtime database and we will list down the names in the UI from the runtime database. And with the new Stratos / Private PaaS upgrade we will be moving towards the Metadata service, where other PaaS also have similar service. So after that we won’t be using these registries any way. So we are going to go ahead with the above solution to achieve better user experience, stability and performance. Thanks Regards Danushka Fernando Senior Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [AF] Calling a webservice in SSO login flow.
Hi All While going through first login call I found a webservice call from jaggery_acs.jag to TenantManagementService (action - getUsersofTenant) of AppFactory itself. Found two issues of this. 1. Since we are calling a service created by AF we could call it in OSGI manner rather than calling it in webservice manner. 2. I realized in above service call we are retrieving all roles of the tenant and loop through them and get all users of each role and loop through the users and get claims of each user and sent it. In the receiving end though we are only getting one user's info. I am guessing this will cause whole lot of LDAP calls when there are multiple users in the tenant. So I am going to create new service call which will return one user's info. And thought of removing above mentioned method from the service too since this method could be performance degradable point. And I will call this in an OSGI manner from the jaggery application. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [AF] Calling a webservice in SSO login flow.
Sorry for the false alarm about second point. We are calling the right service, Just the code contained the naming of wrong action. But its calling the right action. Thought the first point is valid. Any ideas? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Fri, Jun 5, 2015 at 2:55 PM, Danushka Fernando danush...@wso2.com wrote: Hi All While going through first login call I found a webservice call from jaggery_acs.jag to TenantManagementService (action - getUsersofTenant) of AppFactory itself. Found two issues of this. 1. Since we are calling a service created by AF we could call it in OSGI manner rather than calling it in webservice manner. 2. I realized in above service call we are retrieving all roles of the tenant and loop through them and get all users of each role and loop through the users and get claims of each user and sent it. In the receiving end though we are only getting one user's info. I am guessing this will cause whole lot of LDAP calls when there are multiple users in the tenant. So I am going to create new service call which will return one user's info. And thought of removing above mentioned method from the service too since this method could be performance degradable point. And I will call this in an OSGI manner from the jaggery application. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [AF] Calling a webservice in SSO login flow.
And by further investigation I found following facts. 1. From the result of this call (only place) we are only using the roles of user and we are putting it to a session object. 2. This session object is only used in generating help messages. 3. But in the call (web service) we are retrieving the claims of the user which could query LDAP several times. So I will change this to retrieve roles only. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Fri, Jun 5, 2015 at 3:06 PM, Danushka Fernando danush...@wso2.com wrote: Sorry for the false alarm about second point. We are calling the right service, Just the code contained the naming of wrong action. But its calling the right action. Thought the first point is valid. Any ideas? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Fri, Jun 5, 2015 at 2:55 PM, Danushka Fernando danush...@wso2.com wrote: Hi All While going through first login call I found a webservice call from jaggery_acs.jag to TenantManagementService (action - getUsersofTenant) of AppFactory itself. Found two issues of this. 1. Since we are calling a service created by AF we could call it in OSGI manner rather than calling it in webservice manner. 2. I realized in above service call we are retrieving all roles of the tenant and loop through them and get all users of each role and loop through the users and get claims of each user and sent it. In the receiving end though we are only getting one user's info. I am guessing this will cause whole lot of LDAP calls when there are multiple users in the tenant. So I am going to create new service call which will return one user's info. And thought of removing above mentioned method from the service too since this method could be performance degradable point. And I will call this in an OSGI manner from the jaggery application. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [App Factory] Jira Integration for WSO2 App Factory
Hi Are there extension points in jira where we can extend authentication mechanism. BTW password is something we don't have. We have only username. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Apr 1, 2015 4:25 PM, Fathima Dilhasha dilha...@wso2.com wrote: Hi, I need few other clarifications as well. So far, I have been successful in creating a JIRA project via SOAP only. This SOAP client requires username and password for the Jira instance. So, if we want to allow users to create projects in their JIRA instance, we will have to request for username and password for JIRA instance. Is that okay? We will not store any username or password, but we'll need it to create a SOAP session. WDYT? Thanks. Regards, Dilhasha *M.N.F. Dilhasha* Software Engineering Intern | *WSO2 Inc.* email : *dilha...@wso2.com dilha...@wso2.com*mobile : +94 77 8449321 On Wed, Apr 1, 2015 at 2:34 PM, Fathima Dilhasha dilha...@wso2.com wrote: The prices for cloud and server instances of JIRA are the same as mentioned in [1] https://www.atlassian.com/software/jira/pricing/?tab=cloud. [1]https://www.atlassian.com/software/jira/pricing/?tab=cloud Thanks. *M.N.F. Dilhasha* Software Engineering Intern | *WSO2 Inc.* email : *dilha...@wso2.com dilha...@wso2.com*mobile : +94 77 8449321 On Wed, Apr 1, 2015 at 2:31 PM, Fathima Dilhasha dilha...@wso2.com wrote: Hi, IMO, creating separate JIRA instances for each tenant is not a feasible option, So regarding the projects that are created in the Jira instance of App Factory, User will have to undergo the limitation that, the tenant name would be appended at the end of project name. Is there any way we can avoid that? Thanks. Regards, Dilhasha *M.N.F. Dilhasha* Software Engineering Intern | *WSO2 Inc.* email : *dilha...@wso2.com dilha...@wso2.com*mobile : +94 77 8449321 On Wed, Apr 1, 2015 at 2:25 PM, Fathima Dilhasha dilha...@wso2.com wrote: Hi Anuruddha, Yeah I understand the issue with appending the tenant domain every time. +1 for the suggestion under 1) Regarding 2) that is when we create a Jira instance, AFAIK, whether we use an on-demand instance for App Factory or a Cloud instance, we would get the same problem of duplicate projects. Unless we create separate Jira Cloud instances for each tenant. WDYT? Thanks. Regards, Dilhasha *M.N.F. Dilhasha* Software Engineering Intern | *WSO2 Inc.* email : *dilha...@wso2.com dilha...@wso2.com*mobile : +94 77 8449321 On Tue, Mar 31, 2015 at 7:37 PM, Anuruddha Premalal anurud...@wso2.com wrote: Hi Fathima, I'm -1 in appending suffixes to project name at all the time. Jira is something we are going to expose to users. IMO we should allow them (at least for users with their own jira cloud) to go with what they wanted as the project name. You have to treat this as two separate scenarios. Jira could be available in the following ways; 1.) Cloud hosted on-demand jira offered by Atlassian. - This is hosted in a multitenant way (instance per customer) . You can read more about Atlassian cloud architecture [1] - In this case you don't actually need to append any suffix to project name. However if two tenants tries to share the same Cloud jira, we have to perform the project name validation and prompt user; there is already an existing project. 2.) AppFactory hosted single jira instance. - This is where we actually face the problem of duplicate project names; And it is because we don't have the containerized deployment for jira. How are we actually going to host jira? is another topic we need to discuss. Are we going to maintain a separate jira for AppFactory or are we going to go with Atlasian jira cloud?. What are the cost factors of each of them?. If we are going with Atlasian cloud we wan't face duplicate project name issue for multiple tenants. [1] https://developer.atlassian.com/static/connect/docs/latest/concepts/cloud-development.html#overview Regards, Anuruddha. On Tue, Mar 31, 2015 at 1:12 AM, Fathima Dilhasha dilha...@wso2.com wrote: Hi, Okay, I got it now. So, there is no possibility of having similar named projects in a particular tenant right? If so appending tenant domain to the project name will be the best approach we can take. +1 for that. Thanks. Regards, Dilhasha *M.N.F. Dilhasha* Software Engineering Intern | *WSO2 Lanka* email : *dilha...@wso2.com dilha...@wso2.com*mobile : +94 77 8449321 On Tue, Mar 31, 2015 at 1:36 PM, Manisha Gayathri mani...@wso2.com wrote: On Tue, Mar 31, 2015 at 1:31 PM, Fathima Dilhasha dilha...@wso2.com wrote: Hi Mahesh, Yes, what I meant was App owner. Thanks for pointing out the scenario of having two similar named projects. AFAIK, we can not have projects with same name in a single Jira instance. +1 for Appending the App owners name at the end
Re: [Architecture] [App Factory] Jira Integration for WSO2 App Factory
I understand that fact. What I was asking is can we customize the authentication behavior. Are there extension points. Any way if there are not you can have a pretty defined user for each tenant same as we do for jenkins. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Apr 1, 2015 7:14 PM, Fathima Dilhasha dilha...@wso2.com wrote: Hi danushka, The issue is with how the SOAP API for JIRA works. It requires admin username and password to establish a SOAP session, to create a project via the SOAP API. If we are to create a project on a user specified JIRA instance, the username and password (For that particular JIRA instance) are required. Thanks. Regards, Dilhasha *M.N.F. Dilhasha* Software Engineering Intern | *WSO2 Inc.* email : *dilha...@wso2.com dilha...@wso2.com*mobile : +94 77 8449321 On Wed, Apr 1, 2015 at 6:07 PM, Danushka Fernando danush...@wso2.com wrote: Hi Are there extension points in jira where we can extend authentication mechanism. BTW password is something we don't have. We have only username. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Apr 1, 2015 4:25 PM, Fathima Dilhasha dilha...@wso2.com wrote: Hi, I need few other clarifications as well. So far, I have been successful in creating a JIRA project via SOAP only. This SOAP client requires username and password for the Jira instance. So, if we want to allow users to create projects in their JIRA instance, we will have to request for username and password for JIRA instance. Is that okay? We will not store any username or password, but we'll need it to create a SOAP session. WDYT? Thanks. Regards, Dilhasha *M.N.F. Dilhasha* Software Engineering Intern | *WSO2 Inc.* email : *dilha...@wso2.com dilha...@wso2.com*mobile : +94 77 8449321 On Wed, Apr 1, 2015 at 2:34 PM, Fathima Dilhasha dilha...@wso2.com wrote: The prices for cloud and server instances of JIRA are the same as mentioned in [1] https://www.atlassian.com/software/jira/pricing/?tab=cloud. [1]https://www.atlassian.com/software/jira/pricing/?tab=cloud Thanks. *M.N.F. Dilhasha* Software Engineering Intern | *WSO2 Inc.* email : *dilha...@wso2.com dilha...@wso2.com*mobile : +94 77 8449321 On Wed, Apr 1, 2015 at 2:31 PM, Fathima Dilhasha dilha...@wso2.com wrote: Hi, IMO, creating separate JIRA instances for each tenant is not a feasible option, So regarding the projects that are created in the Jira instance of App Factory, User will have to undergo the limitation that, the tenant name would be appended at the end of project name. Is there any way we can avoid that? Thanks. Regards, Dilhasha *M.N.F. Dilhasha* Software Engineering Intern | *WSO2 Inc.* email : *dilha...@wso2.com dilha...@wso2.com*mobile : +94 77 8449321 On Wed, Apr 1, 2015 at 2:25 PM, Fathima Dilhasha dilha...@wso2.com wrote: Hi Anuruddha, Yeah I understand the issue with appending the tenant domain every time. +1 for the suggestion under 1) Regarding 2) that is when we create a Jira instance, AFAIK, whether we use an on-demand instance for App Factory or a Cloud instance, we would get the same problem of duplicate projects. Unless we create separate Jira Cloud instances for each tenant. WDYT? Thanks. Regards, Dilhasha *M.N.F. Dilhasha* Software Engineering Intern | *WSO2 Inc.* email : *dilha...@wso2.com dilha...@wso2.com*mobile : +94 77 8449321 On Tue, Mar 31, 2015 at 7:37 PM, Anuruddha Premalal anurud...@wso2.com wrote: Hi Fathima, I'm -1 in appending suffixes to project name at all the time. Jira is something we are going to expose to users. IMO we should allow them (at least for users with their own jira cloud) to go with what they wanted as the project name. You have to treat this as two separate scenarios. Jira could be available in the following ways; 1.) Cloud hosted on-demand jira offered by Atlassian. - This is hosted in a multitenant way (instance per customer) . You can read more about Atlassian cloud architecture [1] - In this case you don't actually need to append any suffix to project name. However if two tenants tries to share the same Cloud jira, we have to perform the project name validation and prompt user; there is already an existing project. 2.) AppFactory hosted single jira instance. - This is where we actually face the problem of duplicate project names; And it is because we don't have the containerized deployment for jira. How are we actually going to host jira? is another topic we need to discuss. Are we going to maintain a separate jira for AppFactory or are we going to go with Atlasian jira cloud?. What are the cost factors of each of them?. If we are going with Atlasian cloud we wan't face duplicate project name issue for multiple tenants. [1] https
Re: [Architecture] [App Fac] Performance Improvements - Issues in enabling GReg resource Indexing in App Factory
Hi Ajith What I was pointing out was this could be a fix in our side (AF). Sorry if I mislead you. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Mar 25, 2015 6:11 AM, Ajith Vitharana aji...@wso2.com wrote: On Tue, Mar 24, 2015 at 8:14 PM, danush...@wso2.com wrote: I think same behavior is there in APIM too. They have the API list and separate list called Recently added. To get recently added to API list takes few seconds. Can’t we implement similar thing here? I don't see an issue to fix in indexing . There is no way to index the resource just after adding. Indexing will trigger from the frequency which scheduled in registry.xml file. So if you need reduce the indexing task frequency. -Ajith Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 *From:* Dimuthu Leelarathne dimut...@wso2.com *Sent:* Tuesday, March 24, 2015 10:22 PM *To:* Punnadi Gunarathna punn...@wso2.com *Cc:* architecture architecture@wso2.org Hi Chandana, Could we get fixes from Registry side for this? thanks, dimuthu On Tue, Mar 24, 2015 at 7:29 PM, Punnadi Gunarathna punn...@wso2.com wrote: Hi All, While fixing a cloud bug which is AF code tries to retrieve information of irrelevant apps when inside an app [1] , I found that passing a Map object rather than GenericArtifactFilter object to GenericArtifactManager would solve the problem [2]. When I changed the GenericArtifactFilter object to a Map object [3], it threw some exceptions. With the help of Greg team it was found out that the App Factory resources weren't indexed which result those exceptions. So I indexed the resource [5]. But after applying indexing I'm facing more problems as follows: 1. When an application is created, the 'trunk' created via 'appversion.rxt' will not be returned from getAppVersionRXTFromRegistry method in RxtManager.java until for few seconds (such as 10s), So it requires to implement retry attempts until it returns the version 'trunk' to proceed further in app creation process. 2. When an app version is created, newly created verson will not be returned by the same method mentioned in 1, due to the same reason and it will require some code changes to fix the exceptions introduced later in execution path. Moreover this might be a significant issue in Cloud as well. Please advice whether to keep the old implementation or to godhead with indexing and sort the remaining issues. [1] https://wso2.org/jira/browse/APPFAC-3009 [2][Dev] [Greg] What is the difference between overloaded findGenericArtifacts method in GenericArtifactManager - mail [3] https://github.com/punnadih/product-af/commit/dff7920619d25a134daef8f0134744908ae1e402 [4][Dev][App Fac] Registry resources Indexing issue fixed - mail -- Thanks and Regards, Punnadi Gunarathna Senior Software Engineer, WSO2, Inc.; http://wso2.com http://wso2 Blog: http://hi-my-world.blogspot.com/ Tel : 94 11 214 5345 Fax :94 11 2145300 http://lalajisureshika.blogspot.com/ -- Dimuthu Leelarathne Architect Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: dimut...@wso2.com Mobile : 0773661935 Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Ajith Vitharana. WSO2 Inc. - http://wso2.org Email : aji...@wso2.com Mobile : +1-812-360-5335 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [AF] Delete Forked Repos when Deleting an Application
Hi Manisha IMO it should be deleted. What are the complications in deleting them. Even the deployed artifacts also should be deleted. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Tue, Mar 3, 2015 at 12:41 PM, Gayan Dhanushka gay...@wso2.com wrote: Hi Manisha, Since this is a private repository (inside the tenant) IMO all the fork repositories and the build jobs should be deleted. Anyways there is no point of having a forked repository without a parent. If the user wants to retain the code, the local copies can be retained. It would be good to publish this information to the user wall to notify the users involved in the application. Regards Gayan On Mon, Mar 2, 2015 at 2:31 PM, Manisha Gayathri mani...@wso2.com wrote: Hi all, I am working on [1] Basically the user story is as below: 1. App owner creates an application 2. Invites few developers (dev1,dev2...) to the app 3. They fork the main repo and create individual repos for them 4. App owner deletes the application. This should automatically delete: - Parent repo in git - Build job in jenkins - Issue tracker space - Forked repos of dev1, dev2,... - Build jobs of forked repos of dev1, dev2... The user story is partially complete with current AF, except for the above 2 red highlighted functionalities. What would be the proper user story for deleting forked repos and respective build jobs? We can leave the forked repos as it is, even though the parent application (eg: app1) is deleted because forked repos are developers' personal space. But on the other hand, if we leave the forked repos without deleting when the app1 is deleted, we face an issue. That is, say someone creates a new app with app1 again and invites dev1. Dev1's UI does not show any forked repos. Only the parent repo of new app1 is shown. If dev1 tries to fork app1 again, it will give an error saying that he already has a fork. So how should we handle this requirement? Thanks Manisha [1]. https://wso2.org/jira/browse/APPFAC-2226 -- ~Regards *Manisha Eleperuma* Software Engineer WSO2, Inc.: http://wso2.com lean.enterprise.middleware *blog: http://manisha-eleperuma.blogspot.com/ http://manisha-eleperuma.blogspot.com/* *mobile: +94 71 8279777 %2B94%2071%208279777* ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Gayan Dhanuska Software Engineer http://wso2.com/ Lean Enterprise Middleware Mobile 071 666 2327 Office Tel : 94 11 214 5345 Fax : 94 11 214 5300 Twitter : https://twitter.com/gayanlggd ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [AppFactory] Showing time of the last deployment in the repos and builds page
I guess time stamp should include time zone too. Other wise in cloud it could be confusing. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Mar 3, 2015 5:26 PM, Harsha Thirimanna hars...@wso2.com wrote: +1 adding at least time stamp. I think we can give repository revision details with this repo and build page because it will important to the non-buildable artifacts to see which commits will be in the last deployment. WDYT ? *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * http://www.apache.org/* *email: **hars...@wso2.com* az...@wso2.com* cell: +94 71 5186770 , +94 * *774617784twitter: **http://twitter.com/ http://twitter.com/afkham_azeez* *harshathirimannlinked-in: **http: http://lk.linkedin.com/in/afkhamazeez**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122* *Lean . Enterprise . Middleware* On Tue, Mar 3, 2015 at 4:04 PM, Gayan Dhanushka gay...@wso2.com wrote: Hi all, I was working on [1] and found out that the deployment information is not shown to the UI for non buildable application types. Just the last build number is shown. Currently we just run a freestyle build for the non buildable application artifacts. The deployment information is updated using the last build id. IMO this is not good enough since there is a possibility to just do the deployment skipping the build. Therefore it is good to show the time when the last deployment happened non buildable application artifacts. To be consistent, the time of the last deployment will be shown for both buildable and non buildable application artifacts. Please share your thoughts. [1] https://wso2.org/jira/browse/APPFAC-2978 -- Gayan Dhanuska Software Engineer http://wso2.com/ Lean Enterprise Middleware Mobile 071 666 2327 Office Tel : 94 11 214 5345 Fax : 94 11 214 5300 Twitter : https://twitter.com/gayanlggd ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APIM] Decoupling Authorization Server - Authenticating with Identity Server from API Store
Actually in mutual authenticator we check for the certificate in the header, which will set if only mutual auth is successful. So idea here is since server trust the client, we trust the user. BTW, mutual authenticator have problems with AWS elb. So this won't be able to use in such places. So in AF we went for signed jwt authenticator due to this issue. On Feb 23, 2015 6:00 PM, Ranga Siriwardena ra...@wso2.com wrote: With mutual-auth, authentication happens for particular user and user name is send as a header for authentication. If the client is trusted and the user is a valid user, then that user is identified as the signed in user. Thank You. Ranga. On Mon, Feb 23, 2015 at 5:52 PM, Nuwan Dias nuw...@wso2.com wrote: On Mon, Feb 23, 2015 at 5:43 PM, Ranga Siriwardena ra...@wso2.com wrote: Hi All, During the API Manager Key Manager separation, we identified that we will need to authenticate to identity components as signed in user instead of admin user which is pre-configured in api-manager configuration. For example, Lets say we have two users called subscriber1 and subscriber2. When creating OAuth Applications we have to call Oauth Admin Service as particular user so that, this user can retrieve his/her applications only. For this purpose we are facing two issues. 1) User has to sign in to Identity side admin services with basic authentication (using username and password). But password is not available in API store for this requirement. 2) User has to have permissions defined for particular admin service. In this case user need to have /permission/admin/manage permission to access OAuth Admin Service. As a solution for the first issue we can use mutual-auth, so that identity server(Key Manager) can trust API store when accessing admin services. How does mutul-auth solve this problem? Say 'ranga' logs into the Store, how does the Store ask the admin service to fetch ranga's OAuth apps only? For the second problem, one option we identified is changing permission required for OAuth Admin Service. So from API Manager side we can give that required permission to API store users (users who has subscriber role). For this we will need to patch IS component to achieve this requirement. Please let us know if you have any concerns/thoughts about this. Thank You. Ranga. -- Ranga Siriwardena Software Engineer WSO2 Inc. -- Nuwan Dias Associate Tech Lead - WSO2, Inc. http://wso2.com email : nuw...@wso2.com Phone : +94 777 775 729 -- Ranga Siriwardena Software Engineer Mobile: +94779808031 WSO2 Inc. ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] OSG level security
Hi Goodwin I think only devops have access to a production environment who can do such intrude and we trust devops. Because if we don't trust them we can do nothing. If someone else accidentally try this I think java security could prevent these assuming that bundle is not signed. If it is signed also its not up to us I guess since devops credentials are not in our hand. What I have seen in bigger companies is they change devops credentials time to time. So they are secured. If they are not doing that its their problem. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Sat, Feb 14, 2015 at 9:52 PM, Harsha Thirimanna hars...@wso2.com wrote: Hi Imesh, Yes , as you said, it is no avoidable if it is going to the dropping. But my question is, do we need to address this, because it is like doing attack him self who has access to the system. *Harsha Thirimanna* Senior Software Engineer; WSO2, Inc.; http://wso2.com * http://www.apache.org/* *email: **hars...@wso2.com* az...@wso2.com* cell: +94 71 5186770 , +94 * *774617784twitter: **http://twitter.com/ http://twitter.com/afkham_azeez* *harshathirimannlinked-in: **http: http://lk.linkedin.com/in/afkhamazeez**//www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122* *Lean . Enterprise . Middleware* On Sat, Feb 14, 2015 at 8:57 PM, Imesh Gunaratne im...@wso2.com wrote: A good point Godwin! If an intruder get admin access to a host that runs a mission crtical server, he/she could anyway damage the system very badly. However I think you have a point. We use secure wallet to encrypt all the system passwords to avoid even an admin user getting access to the server. But still seems like he/she can interact with the system by dropping a new bundle. On Fri, Feb 13, 2015 at 9:39 PM, Godwin Amila Shrimal god...@wso2.com wrote: Hi, Since most of the hacking/fraud happens from the internally this topic just came to my mind, Our carbon products don't have OSGI level security, As an example, If someone internally in the company knows OSGI then can write an OSGI bundle which harm to the system and deploy simply. Shouldn't we consider this ? (Apologize if I am asking a question which is not valid) Thanks Godwin -- *Godwin Amila Shrimal* Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *http://lnkd.in/KUum6D http://lnkd.in/KUum6D* twitter: https://twitter.com/godwinamila ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Imesh Gunaratne* Technical Lead WSO2 Inc: http://wso2.com T: +94 11 214 5345 M: +94 77 374 2057 W: http://imesh.gunaratne.org Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Moving deployment section from configuration xml and Facilitate AppFactory users to deploy apps with their custom app types if its not already available
Hi Dimuthu We are staying at one configuration because only changing configuration when stage changes are cartidge type and alias. So we can append the stage to the given value from code when we read it easily. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Thu, Dec 4, 2014 at 11:16 AM, Dimuthu Leelarathne dimut...@wso2.com wrote: Hi Janaka, Understood the question. :) +1. We need 3 runtimes defined - one per each lifecycle. thanks, dimuthu On Thu, Dec 4, 2014 at 11:14 AM, Janaka Ranabahu jan...@wso2.com wrote: Hi Dimuthu, On Thu, Dec 4, 2014 at 10:42 AM, Dimuthu Leelarathne dimut...@wso2.com wrote: Hi Guys, Please start with why. Lets do minimal to achieve why with most healthiest way. Why we need to do this is to external parties to add interpreter based languages and their cartridges. We do not need a new deployer type right now. I proposed a new Runtime object only because we need to minimise the refactoring in the future. I don't think we need a deployer IMO. Maybe I raised my question in a wrong manner. I'm not talking about introducing a new deployer. Please see my comments below. Also please let me know whether I'm raising a invalid question. thanks, dimuthu On Thu, Dec 4, 2014 at 10:06 AM, Janaka Ranabahu jan...@wso2.com wrote: Hi Rajeevan, Could you explain a bit more on how we are going to relate the lifecycle stage with the runtime? If you look at the appfactory.xml, you might have noticed that the Deployer information is defined for each lifecycle stage. So with this new runtime.xml, how are we going to address that? Does the runtime.xml contains all configurations or are we going to have different sub directories and have a runtime.xml in each of them for each lifecycle environment? Thanks, Janaka On Wed, Dec 3, 2014 at 2:17 PM, Danushka Fernando danush...@wso2.com wrote: Hi Dimuthu and All We decided to go with a separate file for this runtime configs. So we will deploy this file to a different location with a different axis2 deployer. And we will mention in the apptype.xml which runtime to be used. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Wed, Dec 3, 2014 at 11:49 AM, Aiyadurai Rajeevan rajeev...@wso2.com wrote: Hi Dimuthu, Thanks for the suggestion. So, As a conclusion I will go ahead with the implementation as having a runtime.xml for the whole below peroperties and populate a map from there. The following section maps directly with the existing Deployer section in the appfactory.xml which we already defines for each stage. Runtime Runtimeappserver/Runtime ClassNameorg.wso2.carbon.appfactory.jenkins.deploy.JenkinsArtifactDeployer/ClassName Endpointhttps://sc.s2.AF_HOST:9463/services//Endpoint This endpoint is different from one environment to another even for a single runtime. RepositoryProvider ProviderClassorg.wso2.carbon.appfactory.s4.integration.GITBlitBasedGITRepositoryProvider/ProviderClass BaseURLhttps://gitblit.s2.wso2.com:8444//BaseURL URLPattern{@stage}/as/URLPattern This URL pattern also different from one environment to another even for a single runtime. Previously we had 3 such configurations which defines these changing properties of a runtime environment. My question is, if we are defining a runtime of a new apptype how are we going to map the lifecycle stages of that apptype with the runtime? Thanks, Janaka AdminUserNameadmin/AdminUserName AdminPasswordadmin/AdminPassword /RepositoryProvider AliasPrefixas/AliasPrefix CartridgeTypePrefixas/CartridgeTypePrefix DeploymentPolicyaf-deployment/DeploymentPolicy AutoscalePolicyeconomy/AutoscalePolicy RepoURL/RepoURL DataCartridgeType/DataCartridgeType DataCartridgeAlias/DataCartridgeAlias SubscribeOnDeploymentfalse/SubscribeOnDeployment /Runtime Thanks Regards, S.A.Rajeevan Software Engineer WSO2 Inc E-Mail: rajeev...@wso2.com | Mobile : +94776411636 On Wed, Dec 3, 2014 at 11:03 AM, Dimuthu Leelarathne dimut...@wso2.com wrote: HI Rajeevan, No GUI please. We are changing the whole user story here. thanks, dimuthu On Wed, Dec 3, 2014 at 10:54 AM, Aiyadurai Rajeevan rajeev...@wso2.com wrote: Hi Dimuthu/All, In addition to this mail conversation we had discussed this in an internal forum, Here is the update of thatdiscussion As of today We are using appfactory.xml file for the runtime configurations the below fraction is the the configuration properties. ApplicationType name=* ClassName org.wso2.carbon.appfactory.jenkins.deploy.JenkinsArtifactDeployer /ClassName Endpointhttps://sc.s2.AF_HOST:9463/services//Endpoint RepositoryProvider Property name=Class org.wso2.carbon.appfactory.s4
Re: [Architecture] Moving deployment section from configuration xml and Facilitate AppFactory users to deploy apps with their custom app types if its not already available
Hi Dimuthu and All We decided to go with a separate file for this runtime configs. So we will deploy this file to a different location with a different axis2 deployer. And we will mention in the apptype.xml which runtime to be used. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Wed, Dec 3, 2014 at 11:49 AM, Aiyadurai Rajeevan rajeev...@wso2.com wrote: Hi Dimuthu, Thanks for the suggestion. So, As a conclusion I will go ahead with the implementation as having a runtime.xml for the whole below peroperties and populate a map from there. Runtime Runtimeappserver/Runtime ClassNameorg.wso2.carbon.appfactory.jenkins.deploy.JenkinsArtifactDeployer/ClassName Endpointhttps://sc.s2.AF_HOST:9463/services//Endpoint RepositoryProvider ProviderClassorg.wso2.carbon.appfactory.s4.integration.GITBlitBasedGITRepositoryProvider/ProviderClass BaseURLhttps://gitblit.s2.wso2.com:8444//BaseURL URLPattern{@stage}/as/URLPattern AdminUserNameadmin/AdminUserName AdminPasswordadmin/AdminPassword /RepositoryProvider AliasPrefixas/AliasPrefix CartridgeTypePrefixas/CartridgeTypePrefix DeploymentPolicyaf-deployment/DeploymentPolicy AutoscalePolicyeconomy/AutoscalePolicy RepoURL/RepoURL DataCartridgeType/DataCartridgeType DataCartridgeAlias/DataCartridgeAlias SubscribeOnDeploymentfalse/SubscribeOnDeployment /Runtime Thanks Regards, S.A.Rajeevan Software Engineer WSO2 Inc E-Mail: rajeev...@wso2.com | Mobile : +94776411636 On Wed, Dec 3, 2014 at 11:03 AM, Dimuthu Leelarathne dimut...@wso2.com wrote: HI Rajeevan, No GUI please. We are changing the whole user story here. thanks, dimuthu On Wed, Dec 3, 2014 at 10:54 AM, Aiyadurai Rajeevan rajeev...@wso2.com wrote: Hi Dimuthu/All, In addition to this mail conversation we had discussed this in an internal forum, Here is the update of thatdiscussion As of today We are using appfactory.xml file for the runtime configurations the below fraction is the the configuration properties. ApplicationType name=* ClassName org.wso2.carbon.appfactory.jenkins.deploy.JenkinsArtifactDeployer /ClassName Endpointhttps://sc.s2.AF_HOST:9463/services//Endpoint RepositoryProvider Property name=Class org.wso2.carbon.appfactory.s4.integration.GITBlitBasedGITRepositoryProvider\ /Property Property name=BaseURLhttps://gitblit.s2.wso2.com:8444/ /Property Property name=URLPattern{@stage}/as/Property Property name=AdminUserNameadmin/Property Property name=AdminPasswordadmin/Property /RepositoryProvider Properties Property name=aliasasdev/Property Property name=cartridgeTypeasdev/Property Property name=deploymentPolicyaf-deployment/Property Property name=autoscalePolicyeconomy/Property Property name=repoURL/Property Property name=dataCartridgeType/Property Property name=dataCartridgeAlias/Property Property name=subscribeOnDeploymentfalse/Property /Properties /ApplicationType *Proposed solution* *Part 1: -* In the above xml, Content which enclosed within the *RepositoryProvider* are used to do the Pass artifact storage configuration. Hence, As suggested we can keep this in the *org.wso2.carbon.appfactory.jenkins.AppfactoryPluginManager.xml* file. *Part 2:- *Content which are enclosed within *Properties* tag are used for the subscription. Hence, Below is the solution which we are proposing. So, it would be more user friendly. There can be multi tenant subscriber and single tenant subscriber, Lets focus on the multi tenant scenario here. *Step 1*: Create Tenant *Step 2*:Tenant Admin Login *Step 3*: Go to subscriber manager, This would be a GUI which let the user to subscribe the needed Cartridge type, Environment(Dev,Test Prod), deploymentPolicy and autoscalePolicy. The GUI shall look like below. Here We can populate cartridge type, deploymentPolicy and autoscalePolicy details from Stratos service. So user can select the needed details in the above GUI and click subscribe, That will invoke a call to Stratos service for the cartridge allocation and create Repo URL which will used to commit the code in s2Git. Altogether there would be three URL for the 3 environments. Appreciate your views in this approach please. Thanks Regards, S.A.Rajeevan Software Engineer WSO2 Inc E-Mail: rajeev...@wso2.com | Mobile : +94776411636 On Tue, Dec 2, 2014 at 12:27 PM, Dimuthu Leelarathne dimut...@wso2.com wrote: Hi Danushka, Please see my comments below. On Tue, Dec 2, 2014 at 12:01 PM, Danushka Fernando danush...@wso2.com wrote: HI Dimuthu Please find my comments inline On Tue, Dec 2, 2014 at 8:45 AM
Re: [Architecture] Moving deployment section from configuration xml and Facilitate AppFactory users to deploy apps with their custom app types if its not already available
. So if we have deployment as a separate concept in the architecture it is going to be much better. thanks, dimuthu Look forward your views in this. Thanks Regards, S.A.Rajeevan Software Engineer WSO2 Inc E-Mail: rajeev...@wso2.com | Mobile : +94776411636 -- Dimuthu Leelarathne Architect Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: dimut...@wso2.com Mobile : 0773661935 Lean . Enterprise . Middleware Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APPFAC] - Issue in deploying php applications in M6 release
Can you list down the places this is used and where its breaking because its *. And with this are you going with any code changes? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Tue, Nov 11, 2014 at 10:59 PM, Roshan Deniyage rosh...@wso2.com wrote: Hi, With the M6 release of the appfactory, it has introduced a new bug for PHP application type. Due to this, php application are not deployed after build. In apptype.xml files there is a tag called Extension and it is to specify the artifact extensions. I'm fixing this issue and for current release uses the string value * as the value in Extension tag for application types which doesn't have an extension like PHP. I'm changing the that value from * to (empty) for application types which doesn't have any extension. Since, * value may mislead the users. * may be interpreted as all extension rather than no extension. Any concern on this decision? Thanks, Roshan Deniyage Associate Technical Lead WSO2, Inc: http://wso2.com Mobile: +94 777636406 Twitter: *https://twitter.com/roshku https://twitter.com/roshku* LinkedIn : https://www.linkedin.com/in/roshandeniyage ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Remove multiple backend calls that happens when loading resource overview page
I don't agree to the point having one template for an application. Since it could be a use case that different users attached to same database with different privileges, we should be able to create them IMHO On Nov 4, 2014 9:24 AM, Amalka Subasinghe ama...@wso2.com wrote: Hi Janaka, see my answers inline On Tue, Nov 4, 2014 at 9:06 AM, Janaka Ranabahu jan...@wso2.com wrote: Hi Amalka, On Tue, Nov 4, 2014 at 8:13 AM, Amalka Subasinghe ama...@wso2.com wrote: Hi Janaka, According to the new changes, when creating a database, it will create default user and template. If user want to create his own user and template, he can go for 'advanced options'. So that mean that we do not have a way to add a user/template before adding a database right? *Amalka*: yes we can't Also with this changes, can I edit/remove any of my existing templates/users? I see no way of doing that with the new set of UIs. *Amalka*: you can attach another user and update the template. Regarding the templates, now the system does not create 1 template per database. it creates 1 template per application. So I don't see any problem with edit/remove template functionality here . But, regarding the users, it would be good if we can have a option to 'edit existing user' or 'create new user' when editing database Thanks, Janaka Thanks Amalka On Tue, Nov 4, 2014 at 8:03 AM, Janaka Ranabahu jan...@wso2.com wrote: Hi Amalka, Previously we had database users and database template creation capability from the databases/datasources page. Where are these operations now? Are they with the newly added 'Databases' page? I'm unable to locate them in the attached screenshots. Thanks, Janaka On Wed, Oct 15, 2014 at 8:46 AM, Amalka Subasinghe ama...@wso2.com wrote: Hi, Currently when loading App Factory resources overview page, it do multiple backend calls to load the various information; to reduce backend calls we are planning to do the following as an initial step. 1. Move Resources - databases section to new tab called 'Databases' and change the layout of it 2. Load Resources page only from App Factory database Thanks Amalka ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Janaka Ranabahu* Senior Software Engineer; WSO2 Inc.; http://wso2.com *E-mail: jan...@wso2.com http://wso2.com**M: **+94 718370861 %2B94%20718370861* Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Amalka Subasinghe WSO2 Inc. Mobile: +94 77 9401267 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Janaka Ranabahu* Senior Software Engineer; WSO2 Inc.; http://wso2.com *E-mail: jan...@wso2.com http://wso2.com**M: **+94 718370861 %2B94%20718370861* Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Amalka Subasinghe WSO2 Inc. Mobile: +94 77 9401267 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [App Factory] Versioning in .NET applications
Hi Gayan Where this versioning concept is implemented? If it is in ApplicationType Processor may be we can merge .NET and PHP application type processors and create an application type processor named something like SingleTenantApplicationTypeProcessor. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Fri, Oct 31, 2014 at 10:25 AM, Gayan Dhanushka gay...@wso2.com wrote: Hi all, According to the current implementation in .NET applications versioning is done through the pom file generated with the .NET application archetype. This is not ideal since pom file is essentially used for artifact versioning and the concept is different from application versioning. The fact that we only use the maven archetype to build the .NET application also reiterate the need for proper versioning in .NET applications. As a solution I have done a fix to create a copy of the source version and rename it according to the format APP_NAME-APP_VERSION-default when creating a new version of a .NET application. This coincide with the way that we version PHP applications as well. Please share your thoughts on this. Regards GayanD -- Gayan Dhanuska Software Engineer http://wso2.com/ Lean Enterprise Middleware Mobile 071 666 2327 Office Tel : 94 11 214 5345 Fax : 94 11 214 5300 Twitter : https://twitter.com/gayanlggd ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [App Factory] Issues in deployment of uploadable artifacts
Gayan AFAIK there is a limitation in governance lifecycle which prevent us doing that. So I think better thing would be to fix current flow to be consistent. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Mon, Oct 27, 2014 at 9:48 PM, Gayan Dhanushka gay...@wso2.com wrote: Hi Pirinthapan, As discussed the other day if we are going to change the current implementation where we first deploy the artifact to Development and then promote it up to Production, this will be a very straight forward fix. We can just deploy the application into Production in one go. Then it will be just like deploying an application in the Production stage. Regards GayanD On Sun, Oct 26, 2014 at 3:26 PM, Danushka Fernando danush...@wso2.com wrote: Hi @Pirinthapan : Great findings. IMO if we are sticking to the plan that we are going to promote uploadable applications to production, then we need to wait until application creation is over and then promote them to production. We might be able to run Application Even Listener with ordered to run last to do this task. @Dimuthu, Janaka : WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Sun, Oct 26, 2014 at 3:04 PM, Pirinthapan Mahendran pirintha...@wso2.com wrote: Hi All, In AppFactory when we upload an existing artifact, it should be directly deployed to production stage. But in the current implementation sometimes it is getting deployed to development stage and sometimes it is getting deployed to production stage. According to my understanding the reason for this is, we are creating and promoting the application within the single method uploadExistingApplication in [1]. In this method first we are creating the application using the uploaded artifact. Once the application is created build is triggered automatically in a background thread. At the same time we are calling the bpel service to promote the application. So building and promoting are happening at the same time. This will give some unpredictable results. To overcome this issue we need to wait until all the application creation, initial build and initial deployment processes are finished. After that we need to promote the application. Once the promotion process is finished we need to deploy the application in the production stage. Kindly expect your ideas on this issue. 1. appmgt/src/site/blocks/application/add/ajax/add.jag Mahendran Pirinthapan Software Engineer | WSO2 Inc. Mobile +94772378732. ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Gayan Dhanuska Software Engineer http://wso2.com/ Lean Enterprise Middleware Mobile 071 666 2327 Office Tel : 94 11 214 5345 Fax : 94 11 214 5300 Twitter : https://twitter.com/gayanlggd ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [App Factory] Issues in deployment of uploadable artifacts
Hi @Pirinthapan : Great findings. IMO if we are sticking to the plan that we are going to promote uploadable applications to production, then we need to wait until application creation is over and then promote them to production. We might be able to run Application Even Listener with ordered to run last to do this task. @Dimuthu, Janaka : WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Sun, Oct 26, 2014 at 3:04 PM, Pirinthapan Mahendran pirintha...@wso2.com wrote: Hi All, In AppFactory when we upload an existing artifact, it should be directly deployed to production stage. But in the current implementation sometimes it is getting deployed to development stage and sometimes it is getting deployed to production stage. According to my understanding the reason for this is, we are creating and promoting the application within the single method uploadExistingApplication in [1]. In this method first we are creating the application using the uploaded artifact. Once the application is created build is triggered automatically in a background thread. At the same time we are calling the bpel service to promote the application. So building and promoting are happening at the same time. This will give some unpredictable results. To overcome this issue we need to wait until all the application creation, initial build and initial deployment processes are finished. After that we need to promote the application. Once the promotion process is finished we need to deploy the application in the production stage. Kindly expect your ideas on this issue. 1. appmgt/src/site/blocks/application/add/ajax/add.jag Mahendran Pirinthapan Software Engineer | WSO2 Inc. Mobile +94772378732. ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] What is the best/wso2 way to authenticate REST endpoints.
IMO storing username and password is not the recommended way. So +1 for oauth security. May be we can have both oauth and basic auth if needed. But if these endpoints are for third party developers who will write some client code using it I think oauth is the best way. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Fri, Oct 17, 2014 at 10:17 AM, Dulanja Liyanage dula...@wso2.com wrote: Hi, The API can be secured using either BasicAuth or OAuth. WSO2 IS SCIM endpoint is one example. If BasicAuth used, client side might have to store the username/password. If OAuth used, and the API is accessed via a browser, user can be redirected to the authorization Server to get authenticated, which removes the risk of having user credentials at client side. In either way, SSL should be used to avoid Man-in-the-middle attacks Hope this helps. Thanks Dulanja On Wed, Oct 15, 2014 at 11:18 AM, Ayesha Dissanayaka aye...@wso2.com wrote: Hi all, I have implemented ES Publisher REST API in order to access and perform CRUD operations on ES -BackOffice. Each endpoint is authenticated by a valid Session-ID, passed to the endpoint in request header. In-order to obtain a session-ID we have implemented a separate authenticate REST endpoint. A user can send username and password in the POST request to this endpoint and if credentials are valid a session-id will be returned. Currently, no encryption or other (basic-aouth/aouth) authorization mechanism is yet implemented. What would be the lightweight and best way to secure this 'authentication' endpoint? Is there a particular wso2 way of doing this? Thanks! - Ayesha -- *Ayesha Dissanayaka* Software Engineer, WSO2, Inc : http://wso2.com http://www.google.com/url?q=http%3A%2F%2Fwso2.comsa=Dsntz=1usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg 20, Palmgrove Avenue, Colombo 3 E-Mail: aye...@wso2.com ayshsa...@gmail.com ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Dulanja Liyanage WSO2 Inc. M: +94776764717 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [AF] Set Authorization dynamic headers from a bpel request
Hi As a part of introducing a new authenticator to App Factory I am working on setting a dynamic http header to the request done from bpel. Currently we only have support for static basic auth headers which we specify in epr files. So to solve the problem I am working on a Axis2 Handler which is same as UnifiedEndpointHandler [1] which will set the authorization header we need. WDYT? [1] https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/unified-endpoint/org.wso2.carbon.unifiedendpoint.core/4.2.1/src/main/java/org/wso2/carbon/unifiedendpoint/core/UnifiedEndpointHandler.java Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [AF] Set Authorization dynamic headers from a bpel request
Hi All The Approach I thought of is to add a new OutFlow phase after UEPPhase since I want this handler to run after unified endpoint handler (say AppFactoryEndPointPhase). And in this handler it will check whether any kind of authorization header is there and if it is not there it will set the authorization header for the new authenticator. Is there a better way of handling this. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Wed, Oct 8, 2014 at 2:24 PM, Danushka Fernando danush...@wso2.com wrote: Hi As a part of introducing a new authenticator to App Factory I am working on setting a dynamic http header to the request done from bpel. Currently we only have support for static basic auth headers which we specify in epr files. So to solve the problem I am working on a Axis2 Handler which is same as UnifiedEndpointHandler [1] which will set the authorization header we need. WDYT? [1] https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/unified-endpoint/org.wso2.carbon.unifiedendpoint.core/4.2.1/src/main/java/org/wso2/carbon/unifiedendpoint/core/UnifiedEndpointHandler.java Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [AF] WSO2 Cloud Authenticator
For server side it is in authenticators.xml. For client side it is in appfactory.xml. On Sep 17, 2014 9:42 AM, Manjula Rathnayake manju...@wso2.com wrote: Hi Danushka, How does the secret is shared among nodes? is it by a configuration file that is set in all nodes? thank you. On Fri, Sep 12, 2014 at 2:13 PM, Danushka Fernando danush...@wso2.com wrote: Hi All In AF we are using mutual ssl authentcator which will login a provided user to the system. But since with AWS ELB we cannot use this authentication we are decided to implement $subject. Here client will send a username and encrypted secret in header. Server will validate the secret and if it's valid then will log the user to the system. As the first step I have implemented the authenticator without encryption/decryption and changing the AF implementation to use this new authenticator. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Manjula Rathnayaka Software Engineer WSO2, Inc. Mobile:+94 77 743 1987 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [AF] WSO2 Cloud Authenticator
Hi All In AF we are using mutual ssl authentcator which will login a provided user to the system. But since with AWS ELB we cannot use this authentication we are decided to implement $subject. Here client will send a username and encrypted secret in header. Server will validate the secret and if it's valid then will log the user to the system. As the first step I have implemented the authenticator without encryption/decryption and changing the AF implementation to use this new authenticator. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APPFAC][FEATURE] Selenium test integration to Appfactory
Hi Anuruddha On Wed, Sep 10, 2014 at 10:16 AM, Anuruddha Premalal anurud...@wso2.com wrote: Hi All, We are planning to bring selenium test support to Appfactory web apps. Following is the initial architecture. * Selenium tests will added to a web app based on a configuration flag on the apptype xml. - Test suit creation will happen in the app creation phase. - Idea is to create a separate git repository for the test suit. Why we need a seperate git repo. If we do so IMO we need to version that repo also in same way we version the master repo. * Users will able to run tests if there are any changes in the selenium default test suit. - These test will run on a build server installed on a machine with web browser launch support. (install ubuntu desktop package) - We are avoiding headless mode in selenium because of some javascript execution issues which can cause due this mode. So will the user get the report of test output. IMO it should be downloadable from AF ui. WDYT? * Tests specific user actions and test results will categorize under the other services tab in Appfactory. Your feedback is welcome. Regards, -- *Anuruddha Premalal* Software Eng. | WSO2 Inc. Mobile : +94710461070 Web site : www.regilandvalley.com ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [APP Factory] Tenant Deletion implementation
Hi Goodwin If Its not there in runtime (at debug time) then its not using. You can easily check by checking the activation code in the particular component. If its used it should be registered as a tenant mgt listner in activate method. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Tue, Sep 9, 2014 at 9:35 PM, Godwin Amila Shrimal god...@wso2.com wrote: Hi, We are on the implementation of the Tenant deletion of APP Factory, we checked existing *TenantMgtListener* implementation in AF by debugging the server and found following classes. org.wso2.carbon.event.stream.manager.core.internal.util.helper.TenantMgtListenerImpl org.wso2.carbon.theme.mgt.util.ThemeLoadingListener org.wso2.carbon.keystore.mgt.KeystoreTenantMgtListener org.wso2.carbon.cassandra.server.TenantCreationListener org.wso2.carbon.appfactory.listners.tenant.DefaultRolesCreatorForTenant But when we checked the source code there are two more implementations as *AppFactoryTenantActivationListener* and *AppFactoryTenantMgtListener, * Are they currently using ? BTW *AppFactoryTenantActivationListener *marked as Deprecated. Please give a feedback on this. Thanks Godwin -- *Godwin Amila Shrimal* Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *http://lnkd.in/KUum6D http://lnkd.in/KUum6D* twitter: https://twitter.com/godwinamila ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Cloud Tenant deletion caching issue
Hi To the first most problem raised by Goodwin, AFAIU when you call tenant deletion you call deleteTenant in TenantManager. So why cant you clear the tenant from the map in JDBCTenantManger's deleteTenant method? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Sat, Sep 6, 2014 at 8:20 PM, Nirmal Fernando nir...@wso2.com wrote: Shouldn't this tenant event listener be triggered in all the nodes in the cluster? If not, I think we might need to fix it. On Sat, Sep 6, 2014 at 10:00 AM, Selvaratnam Uthaiyashankar shan...@wso2.com wrote: Even if we have public method, how will it work in a clustered environment? For example, delete request is sent to Node1, (and lets say one way or the other we delete the entry from map on Node1), and create request is sent to Node 2 (which still has the entry in the map). Are we going to use cluster messages to clear the entry from all nodes? On Friday, September 5, 2014, Nirmal Fernando nir...@wso2.com wrote: I think that should be ok. @Johann wdyt? On Fri, Sep 5, 2014 at 8:23 PM, Godwin Amila Shrimal god...@wso2.com wrote: Hi Nirmal, Yes we can do it, But current map doesn't have public access, then we need to have a public method inside the *JDBCTenantManager *to delete the entry. On Fri, Sep 5, 2014 at 8:00 PM, Nirmal Fernando nir...@wso2.com wrote: Can't we use a tenant event listener and remove the entry from the map on a tenant deletion event? On Fri, Sep 5, 2014 at 7:50 PM, Godwin Amila Shrimal god...@wso2.com wrote: Hi, We are working on tenant deletion implementation, once we perform the current tenant deletion operation in *TenantMgtAdminService* it deletes registry, user store etc. data. But it doesn't allow to create a tenant again with the same tenant domain name until restart the server. Reason for above situation is tenant domain and id is keeping in a map(*tenantDomainIdMap*) inside the *JDBCTenantManager*. When perform delete operation it check the availability from this map. As per the discussion we can see following solutions for this. *Solution1* Check the tenant availability from database not from memory data, but this will be costly if it is a frequently perform operation. *Solution2* We can give a public access to delete the particular key in the map, this will be a security issue which people can pass tenant domain and perform deletion. *Solution3* Run a periodic operation which check the availability of the tenant in the database and delete from map which are not exist. We are looking for a feedback on this. Thanks Godwin -- *Godwin Amila Shrimal* Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *http://lnkd.in/KUum6D http://lnkd.in/KUum6D* twitter: https://twitter.com/godwinamila ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Thanks regards, Nirmal Senior Software Engineer- Platform Technologies Team, WSO2 Inc. Mobile: +94715779733 Blog: http://nirmalfdo.blogspot.com/ ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Godwin Amila Shrimal* Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *http://lnkd.in/KUum6D http://lnkd.in/KUum6D* twitter: https://twitter.com/godwinamila ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Thanks regards, Nirmal Senior Software Engineer- Platform Technologies Team, WSO2 Inc. Mobile: +94715779733 Blog: http://nirmalfdo.blogspot.com/ -- S.Uthaiyashankar VP Engineering WSO2 Inc. http://wso2.com/ - lean . enterprise . middleware Phone: +94 714897591 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Thanks regards, Nirmal Senior Software Engineer- Platform Technologies Team, WSO2 Inc. Mobile: +94715779733 Blog: http://nirmalfdo.blogspot.com/ ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Cloud Tenant deletion caching issue
Hi On Sun, Sep 7, 2014 at 6:59 PM, Johann Nallathamby joh...@wso2.com wrote: On Sun, Sep 7, 2014 at 6:29 PM, Danushka Fernando danush...@wso2.com wrote: Hi To the first most problem raised by Goodwin, AFAIU when you call tenant deletion you call deleteTenant in TenantManager. So why cant you clear the tenant from the map in JDBCTenantManger's deleteTenant method? Yes. Should be able to do that. But as Shankar explained we need to send cluster messages to do the same in all the nodes. Yes I also agree to that point. +1. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Sat, Sep 6, 2014 at 8:20 PM, Nirmal Fernando nir...@wso2.com wrote: Shouldn't this tenant event listener be triggered in all the nodes in the cluster? If not, I think we might need to fix it. On Sat, Sep 6, 2014 at 10:00 AM, Selvaratnam Uthaiyashankar shan...@wso2.com wrote: Even if we have public method, how will it work in a clustered environment? For example, delete request is sent to Node1, (and lets say one way or the other we delete the entry from map on Node1), and create request is sent to Node 2 (which still has the entry in the map). Are we going to use cluster messages to clear the entry from all nodes? On Friday, September 5, 2014, Nirmal Fernando nir...@wso2.com wrote: I think that should be ok. @Johann wdyt? On Fri, Sep 5, 2014 at 8:23 PM, Godwin Amila Shrimal god...@wso2.com wrote: Hi Nirmal, Yes we can do it, But current map doesn't have public access, then we need to have a public method inside the *JDBCTenantManager *to delete the entry. On Fri, Sep 5, 2014 at 8:00 PM, Nirmal Fernando nir...@wso2.com wrote: Can't we use a tenant event listener and remove the entry from the map on a tenant deletion event? On Fri, Sep 5, 2014 at 7:50 PM, Godwin Amila Shrimal god...@wso2.com wrote: Hi, We are working on tenant deletion implementation, once we perform the current tenant deletion operation in *TenantMgtAdminService* it deletes registry, user store etc. data. But it doesn't allow to create a tenant again with the same tenant domain name until restart the server. Reason for above situation is tenant domain and id is keeping in a map(*tenantDomainIdMap*) inside the *JDBCTenantManager*. When perform delete operation it check the availability from this map. As per the discussion we can see following solutions for this. *Solution1* Check the tenant availability from database not from memory data, but this will be costly if it is a frequently perform operation. *Solution2* We can give a public access to delete the particular key in the map, this will be a security issue which people can pass tenant domain and perform deletion. *Solution3* Run a periodic operation which check the availability of the tenant in the database and delete from map which are not exist. We are looking for a feedback on this. Thanks Godwin -- *Godwin Amila Shrimal* Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *http://lnkd.in/KUum6D http://lnkd.in/KUum6D* twitter: https://twitter.com/godwinamila ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Thanks regards, Nirmal Senior Software Engineer- Platform Technologies Team, WSO2 Inc. Mobile: +94715779733 Blog: http://nirmalfdo.blogspot.com/ ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Godwin Amila Shrimal* Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94772264165* linkedin: *http://lnkd.in/KUum6D http://lnkd.in/KUum6D* twitter: https://twitter.com/godwinamila ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Thanks regards, Nirmal Senior Software Engineer- Platform Technologies Team, WSO2 Inc. Mobile: +94715779733 Blog: http://nirmalfdo.blogspot.com/ -- S.Uthaiyashankar VP Engineering WSO2 Inc. http://wso2.com/ - lean . enterprise . middleware Phone: +94 714897591 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Thanks regards, Nirmal Senior Software Engineer- Platform Technologies Team, WSO2 Inc. Mobile: +94715779733 Blog: http://nirmalfdo.blogspot.com/ ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https
[Architecture] [AF] Handle gitblitsystemadmin and jenkinssystemadmin in a better way.
Hi all Currently there are two gitblit and jenkins specific two users in AF who are not lying in any of the userstores. Due to this at some points when we do stuff as these system users we have written some code to eliminate some checks we do for normal users. e.g. :- 1. Gitblit pre commit validation 2. Gitblit post commit validation 3. Gitblit login 4. Jenkins login So my suggestion is to add these to system/internal userstore and remove those if conditions we check for these users. Its possible to add this users to each tenant as well. But that will duplicate the users and they are system users so IMO correct way is to add them as system users. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [Cloud] Tenant deletion
Hi +1 for the OnPreDelete concept. But the thing is we don't have this Pre and Post events anywhere in platform. I think that's something we should consider about. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Fri, Aug 22, 2014 at 9:14 AM, Dimuthu Leelarathne dimut...@wso2.com wrote: Hi Mahesh all, Lets consider Carbon Platform aspect first. Before we remove tenant from user core and registry, we have to delete it from all other places. So +1 for the interface that would allow different product teams to clean up their cleanup process, but here is what I recommend, We need a method call onPreDelete() on TenantMgtListener. This is to allow all product teams to implement it. So the first rule of thumb is, if any product is moving to cloud they must implement this method and prove that they clean up the tenant before they move to WSO2Cloud. So basically, in tenant.core what you have to do is call all OSGi registered TenantMgtListener's onPreDelete(), and after that delete from registry and finally user.core. That would be the most elegant and extensible fix for platform. Now we come to AF as a product/solution. We have to implement onPreDelete() method. So we as a product team should decide whether we are going to implement it from BPEL or not. So as a product in order to be WSO2Cloud friendly we have to implement onPreDelete() method. From what I feel, I believe the way to do is code + BPEL. thanks, dimuthu On Fri, Aug 22, 2014 at 7:26 AM, Ajanthan Balachandran ajant...@wso2.com wrote: On Fri, Aug 22, 2014 at 5:48 AM, Danushka Fernando danush...@wso2.com wrote: Hi Ajanthan Problem with OnDelete is it is called after tenant deleted (After deleting userstore and registry). But we need to cleanup before that otherwise we cannot call admin services since tenant is not there. As per I mentioned in the previous thread we need to call this at a OnPreDelete. IMO OnDelete method should be called as first step. @Mahesh : I think you have missed delete applications step. And delete applications step would Issue tracker details as well I guess. @ Ajanthan : Correct me if I am wrong. Looping through each applications and deleting will not be a salable solution. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Thu, Aug 21, 2014 at 8:46 PM, Ajanthan Balachandran ajant...@wso2.com wrote: On Thu, Aug 21, 2014 at 8:24 PM, Mahesh Chinthaka mahe...@wso2.com wrote: Hi Everyone, We are working on the Training Project -[Cloud] Tenant deletion code/script for cloud - https://redmine.wso2.com/issues/3121. Listed below the workflow of the tenant deletion process in the App Cloud as we identified. 1. Undeploy Jenkins web app from application server 2. Delete Git repository (use gitblit api to delete repo in Git) 3. Unsubscribe Stratos using Stratos Rest Services 4. Check database created by RSSAdmin and delete them 5. Perform TenantMgtAdminService deleteTenant operation - i. Delete Billing data ii. Delete Tenant Registration Data (Ex. REG_CLUSTER_LOCK, REG_LOG) iii. Delete Tenant User management data (Ex. UM_USER_PERMISSION, UM_USER) iv. Remove Tenant information from cache v. Delete UM_TENANT table Don't you need to cleanup issue tracker? As per the analysis there are two solutions we have identified to implement this , such as BPEL and Carbon Component. We thought of going for a *carbon component* implementation rather than using a* BPEL* due to following reasons. 1. Plugging a Carbon Component will give more extensibility to implement Tenant Deletion operation in future Cloud base products 2. If we used a BPEL we will have to reconstruct at each time when we meet a new requirement (ex: esb cloud integration). Proposed Solution Why can't you use existing TenantMgtListener and add onDelete method.It also has ListenerOrder and every implementation should be registered as OSGI service. 1. Create an abstraction for delete operation public interface TenantDeletion{ public void onDeletion(); } 2. Implement TenantDeletion for each operations public class JenkinsAppUndeployer implements TenantDeletion{ public void onDeletion(){ //Implementation of the JenkinsApp undeploy process } } 3. Use a configuration file to maintain the execution order which help to dynamically add new requirement ExecutionOrder class name=”org.wso2.cloud.tenant.JenkinsAppUndeployer”/class class name=”org.wso2.cloud.tenant.GitRepoRemover”/class class name=”org.wso2.cloud.tenant.XX”/class /ExecutionOrder We are looking for a feedback on this to move forward with selected design. -- Mahesh Chinthaka Software Engineer , WSO2. Phone : (+94) 71 63 63 083 Email : mahe...@wso2.com ___ Architecture mailing
Re: [Architecture] [AF] Tenant subscribing to stratos environments - making it fault tolerant
Hi Amila On Fri, Aug 15, 2014 at 10:45 AM, Amila Maha Arachchi ami...@wso2.com wrote: AF team, Its needless to say that there are several possible failure points in AF, hence in App Cloud. One such place is making the tenants subscribed to the dev, test and prod stratos environments. Due to some reason, if this step fails, then, thats the end of story for that tenant. Proposal: Hand over the subscription requests to a queue (doe not need to be JMS queue) and let a task do the subscription taking them from the queue. If the subscription is successful, remove it from the queue, else put it back, which will make the task to retry. +1 for the thought. This was a known point of failure all of us knew and we didn't think about a solution before. AFAIK, this subscription step does not need to be synchronous. So, the above change has no impact to the tenant creation flow. AFAIK this is already not synchronous. The problem is if it fails it stays failed. And your solution includes retries which is good. WDYT? Regards, Amila. -- *Amila Maharachchi* Senior Technical Lead WSO2, Inc.; http://wso2.com Blog: http://maharachchi.blogspot.com Mobile: +94719371446 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Using Carbon specific permissions for use with Java Security Manager
Hi Isuru and all The problem I see is not we are using Management permission, but using same permission everywhere. Because of that all secured endpoint s in carbon either can be exposed or blocked. We cannot block some and allow some. On Aug 17, 2014 1:23 AM, Isuru Perera isu...@wso2.com wrote: Hi all, In Carbon, we use ManagementPermission [1] to check security. See org.wso2.carbon.base.CarbonBaseUtils.checkSecurity() method [2]. Instead of checking ManagementPermission [1], I think we must use our own permissions to check security in CarbonContext APIs. The ManagementPermission [1] is used for a different purposes. Shall we introduce new Permission classes for future Carbon releases? Thanks! Best Regards, [1] http://docs.oracle.com/javase/7/docs/api/java/lang/management/ManagementPermission.html [2] https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/core/org.wso2.carbon.base/4.2.0/src/main/java/org/wso2/carbon/base/CarbonBaseUtils.java -- Isuru Perera Senior Software Engineer | WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware about.me/chrishantha ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Using Carbon specific permissions for use with Java Security Manager
And further more that AFAIU we can use this Management permission with different strings. On Aug 17, 2014 2:16 PM, Danushka Fernando danush...@wso2.com wrote: Hi Isuru and all The problem I see is not we are using Management permission, but using same permission everywhere. Because of that all secured endpoint s in carbon either can be exposed or blocked. We cannot block some and allow some. On Aug 17, 2014 1:23 AM, Isuru Perera isu...@wso2.com wrote: Hi all, In Carbon, we use ManagementPermission [1] to check security. See org.wso2.carbon.base.CarbonBaseUtils.checkSecurity() method [2]. Instead of checking ManagementPermission [1], I think we must use our own permissions to check security in CarbonContext APIs. The ManagementPermission [1] is used for a different purposes. Shall we introduce new Permission classes for future Carbon releases? Thanks! Best Regards, [1] http://docs.oracle.com/javase/7/docs/api/java/lang/management/ManagementPermission.html [2] https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/core/org.wso2.carbon.base/4.2.0/src/main/java/org/wso2/carbon/base/CarbonBaseUtils.java -- Isuru Perera Senior Software Engineer | WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware about.me/chrishantha ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [AF] Freestyle projects gets in to end less loop of builds when we hit Deploy.
Hi All While working on BYOAT I get in to the issue mentioned in $subject. The reason is when its a freestyle project rather than deploy we trigger a build. So it will get deployed by auto deploy. But in auto deploy now Jenkins calls AF. So it will trigger a build again. And this loop will go on like this. But for freestyle projects we need to build before deploy. So my suggested solution is to call deploy with an extra parameter saying whether needs to build and when its true we will build before deploy. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [AppFactory] BYOAT Progress
Hi All I am currently working on the Bring Your Own App Type feature. Currently I have implemented a Axis2 Deployer which will deploy Application Types. And with this we can create applications and build and deploy. But for the purpose of deployment we use Jenkins (plugin wrote by us) to push the artifact to the git repo (Dep sync location). There we have a structure like below. Stage/tenant id/service/deployment path/artifact for ex: Development/1/as/webapps/app1.war So the deployment path is configured as a property of the apptype. So we need to send this value to the JenkinsArtifactDeployer to push this to correct place. But we dont have the mapping to apptype to deployment path in current architecture at jenkins side. So we need to sent it to jenkins from where ever we call it from. Currently we are calling this from three places. 1. When we click deploy, we call Jenkins deployer from AF. Here we can send the deployment path as a param since its available. 2. When we commit auto build and auto deploy will triggered. 3. When we build auto deploy will triggered. So the solution we propose is use the path 1 for all the cases. But this will increase the network usage. Solution we propose for that issue is use a scaled deployment such as there will be a separate cluster to handle deploy messages. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] [AF] Bring Your Own App type
Hi All Problem : App Factory deployers should be able to add application types by packaging everything in a file. For example to add foo apptype add foo.apptype archive file and putting it in a location. [1] Solution : Add a new deployer (Apptype Deployer), which will listen to the location $CARBON_HOME/repository/deployment/server/apptypes and which will do the following set of tasks. 1. Explode the zip file. 2. This zip file should contain a xml file such as apptype.xml. 3. There are set of tags that should be in this xml (Mandatory Tags) and there could be set of properties which is custom to this apptype. 4. Pre check the availability of the class mentioned as the Application Type Processor (Which should be a Mandatory Tags). (This application type processor is a customization endpoint provided by App Factory) 5. Copy set of resources files to a named locations. 6. Populate a in memory data structure with the data in the apptype.xml. [1] https://redmine.wso2.com/issues/2889 Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [AF] Bring Your Own App type
HI Dimuthu There are several mandatory tags like app type name, description, and application type processor. These are used in our code / jaggery apps. But there could be other tags which are not mandatory and also specific to certain app types which are used inside the application type processor. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Tue, Jul 29, 2014 at 8:45 AM, Dimuthu Leelarathne dimut...@wso2.com wrote: Hi all, Thinking about the range of apps that we'll be supporting, I believe the mandatory tags will be very minimal(one or two or else). So I am +1 not doing the schema validation yet. If we use any standard parser it will properly give out any unrecognised tags. thanks, dimuthu On Mon, Jul 28, 2014 at 10:46 PM, Ramith Jayasinghe ram...@wso2.com wrote: I'm not really fond of having a predefined schema for application type xml. reasons: 1) in my opinion is too early to figure out what should be in the schema given that we don't have lot of apptypes (or identified what we will support in future) 2) I like to draw an example from Apache Ant. Correct me if im wrong but they purposely don't have a schema to validate tags in build.xml file. why ? because they if they do they can't introduce any ant tasks/types with out changing the schema. (- it becomes a bottleneck - and brings a lot of backward compatibility issues). What do you guys think? @Punnadhi: BTW is it possible to have un-Marshal xml if the xml document contains UN-recognized tags? On Mon, Jul 28, 2014 at 8:00 PM, Punnadi Gunarathna punn...@wso2.com wrote: Hi All, We thought of come-up with an XSD for the apptype.xml and use it to validate the xml file against the mandatory elements. If apptype.xml is validated and the result is success then it can be unmarshelled with JAXB. On Mon, Jul 28, 2014 at 5:33 PM, Danushka Fernando danush...@wso2.com wrote: Hi All Problem : App Factory deployers should be able to add application types by packaging everything in a file. For example to add foo apptype add foo.apptype archive file and putting it in a location. [1] Solution : Add a new deployer (Apptype Deployer), which will listen to the location $CARBON_HOME/repository/deployment/server/apptypes and which will do the following set of tasks. 1. Explode the zip file. 2. This zip file should contain a xml file such as apptype.xml. 3. There are set of tags that should be in this xml (Mandatory Tags) and there could be set of properties which is custom to this apptype. 4. Pre check the availability of the class mentioned as the Application Type Processor (Which should be a Mandatory Tags). (This application type processor is a customization endpoint provided by App Factory) 5. Copy set of resources files to a named locations. 6. Populate a in memory data structure with the data in the apptype.xml. [1] https://redmine.wso2.com/issues/2889 Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Thanks and Regards, Punnadi Gunarathna Senior Software Engineer, WSO2, Inc.; http://wso2.com http://wso2 Blog: http://hi-my-world.blogspot.com/ Tel : 94 11 214 5345 Fax :94 11 2145300 http://lalajisureshika.blogspot.com/ ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Ramith Jayasinghe Technical Lead WSO2 Inc., http://wso2.com lean.enterprise.middleware E: ram...@wso2.com P: +94 777542851 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Dimuthu Leelarathne Architect Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: dimut...@wso2.com Mobile : 0773661935 Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [AF] Bring Your Own App type
Hi Gayan These mandatory tags I mentioned are used in the common code which should be same to all app types. Check my previous mail. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Tue, Jul 29, 2014 at 10:40 AM, Gayan Dhanushka gay...@wso2.com wrote: Hi Danushka, Does all the app types contain a certain set of mandatory tags? I think we will have different mandatory tags according to different app types. So it is not good to be base on a few mandatory tags for each app type. Hence shouldn't we have a different validation mechanism for each application type? GayanD Gayan Dhanuska Software Engineer http://wso2.com/ Lean Enterprise Middleware Mobile 071 666 2327 Office Tel : 94 11 214 5345 Fax : 94 11 214 5300 Twitter : https://twitter.com/gayanlggd On Tue, Jul 29, 2014 at 10:30 AM, Danushka Fernando danush...@wso2.com wrote: HI Dimuthu There are several mandatory tags like app type name, description, and application type processor. These are used in our code / jaggery apps. But there could be other tags which are not mandatory and also specific to certain app types which are used inside the application type processor. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Tue, Jul 29, 2014 at 8:45 AM, Dimuthu Leelarathne dimut...@wso2.com wrote: Hi all, Thinking about the range of apps that we'll be supporting, I believe the mandatory tags will be very minimal(one or two or else). So I am +1 not doing the schema validation yet. If we use any standard parser it will properly give out any unrecognised tags. thanks, dimuthu On Mon, Jul 28, 2014 at 10:46 PM, Ramith Jayasinghe ram...@wso2.com wrote: I'm not really fond of having a predefined schema for application type xml. reasons: 1) in my opinion is too early to figure out what should be in the schema given that we don't have lot of apptypes (or identified what we will support in future) 2) I like to draw an example from Apache Ant. Correct me if im wrong but they purposely don't have a schema to validate tags in build.xml file. why ? because they if they do they can't introduce any ant tasks/types with out changing the schema. (- it becomes a bottleneck - and brings a lot of backward compatibility issues). What do you guys think? @Punnadhi: BTW is it possible to have un-Marshal xml if the xml document contains UN-recognized tags? On Mon, Jul 28, 2014 at 8:00 PM, Punnadi Gunarathna punn...@wso2.com wrote: Hi All, We thought of come-up with an XSD for the apptype.xml and use it to validate the xml file against the mandatory elements. If apptype.xml is validated and the result is success then it can be unmarshelled with JAXB. On Mon, Jul 28, 2014 at 5:33 PM, Danushka Fernando danush...@wso2.com wrote: Hi All Problem : App Factory deployers should be able to add application types by packaging everything in a file. For example to add foo apptype add foo.apptype archive file and putting it in a location. [1] Solution : Add a new deployer (Apptype Deployer), which will listen to the location $CARBON_HOME/repository/deployment/server/apptypes and which will do the following set of tasks. 1. Explode the zip file. 2. This zip file should contain a xml file such as apptype.xml. 3. There are set of tags that should be in this xml (Mandatory Tags) and there could be set of properties which is custom to this apptype. 4. Pre check the availability of the class mentioned as the Application Type Processor (Which should be a Mandatory Tags). (This application type processor is a customization endpoint provided by App Factory) 5. Copy set of resources files to a named locations. 6. Populate a in memory data structure with the data in the apptype.xml. [1] https://redmine.wso2.com/issues/2889 Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Thanks and Regards, Punnadi Gunarathna Senior Software Engineer, WSO2, Inc.; http://wso2.com http://wso2 Blog: http://hi-my-world.blogspot.com/ Tel : 94 11 214 5345 Fax :94 11 2145300 http://lalajisureshika.blogspot.com/ ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Ramith Jayasinghe Technical Lead WSO2 Inc., http://wso2.com lean.enterprise.middleware E: ram...@wso2.com P: +94 777542851 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Dimuthu Leelarathne Architect
Re: [Architecture] [Appfactory][deployment listners] Application life cycle notification architecture for a clustered enviornment
I think Paul's point is valid. And also in that case we don't have to handle the scenario that the web app is deployed in one appserver successfully and didn't in second appserver. We can let users know that its deployed correctly in this server and another message saying its not deployed successfully in this server. But somehow we need to say the server name in a abstract way like wso2 appserver 1 and wso2 appserver 2 not in this IP and that IP. Dimuthu / Anuruddha WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Mon, Jul 21, 2014 at 6:02 PM, Paul Fremantle p...@wso2.com wrote: Isn't it better to send all the messages and then keep track of who has successfully deployed or undeployed? In other words, don't we want all the information rather than just getting one server's info? Paul On 21 July 2014 12:58, Anuruddha Premalal anurud...@wso2.com wrote: Hi, *Problem:* In the current appfactory setup all the application containers (AS) notifies on application life cycle events (deployment, undeployment); this is because the deployment event listeners directly send messages to appfactory . This approach works well for a single node deployment . But it will cause unwanted noise (which will ultimately be several copies of the same message on the notification wall) in a clustered environment, also this will cause unwanted traffic towards appfactory. So it is important to limit notifications from the container level. *Solution:* Requirement is to send notifications only from a single appserver node in the cluster. For this we have to choose a single candidate from the cluster, and make him as the notifier node. Candidate selection method: This can be achieved using Stratos topology information. Topology(which is published every 60secs) have information about currently active cluster nodes. Application notifiers will subscribe to this topology topic and choose to be the notifier based on the following criteria. 1.) If the topology contains the IP of the node. Note : This is important because there might be cases where IP is not in the topology but the instance is active. 2.) If the IP is the highest IP in the available topology. Related Jira : https://wso2.org/jira/browse/APPFAC-2271 Regards, -- *Anuruddha Premalal* Software Eng. | WSO2 Inc. Mobile : +94710461070 Web site : www.regilandvalley.com Advances of technology should not leave behind the developing world ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Paul Fremantle CTO and Co-Founder, WSO2 OASIS WS-RX TC Co-chair, Apache Member UK: +44 207 096 0336 US: +1 646 595 7614 blog: http://pzf.fremantle.org twitter.com/pzfreo p...@wso2.com wso2.com Lean Enterprise Middleware Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, retransmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Unwanted application deployment notifications in AppFactory
I think this will apply to everything deployed in WSO2 servers. Currently we only have app server based app types only. So Anuruddha remember to change data service path as well (service deployment listener) and you will need to test for all app types. And Dimuthu what's happening to jaggery apps? On Jul 1, 2014 5:48 PM, Anuruddha Premalal anurud...@wso2.com wrote: Hi All, Following is the problem-solution description regards to jira APPFAC-2252 https://wso2.org/jira/browse/APPFAC-2252 *Problem :* AppServer tenant get unloaded when there is no activity for 30mins. When a user deploy an app to this unloaded tenant, it will load and deploy all previously deployed apps; current implementation use catalina LifecycleListner and it captures these redeployment events and triggers the notifications. *Solution :* Send the artifact md5sum with the notification to the Appfactory. Appfactory will validate the md5 and push the wall message accordingly. Regards, -- *Anuruddha Premalal* Software Eng. | WSO2 Inc. Mobile : +94710461070 Web site : www.regilandvalley.com Advances of technology should not leave behind the developing world ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Unwanted application deployment notifications in AppFactory
What I mentioned was last time remember jaggery app is not an single artifact. Its a folder. So how we can handle md5sum? On Jul 1, 2014 6:07 PM, Dimuthu Leelarathne dimut...@wso2.com wrote: Hi Anuraddha, Need to test with Jaggery apps as well. thanks, dimuthu On Tue, Jul 1, 2014 at 6:03 PM, Danushka Fernando danush...@wso2.com wrote: I think this will apply to everything deployed in WSO2 servers. Currently we only have app server based app types only. So Anuruddha remember to change data service path as well (service deployment listener) and you will need to test for all app types. And Dimuthu what's happening to jaggery apps? On Jul 1, 2014 5:48 PM, Anuruddha Premalal anurud...@wso2.com wrote: Hi All, Following is the problem-solution description regards to jira APPFAC-2252 https://wso2.org/jira/browse/APPFAC-2252 *Problem :* AppServer tenant get unloaded when there is no activity for 30mins. When a user deploy an app to this unloaded tenant, it will load and deploy all previously deployed apps; current implementation use catalina LifecycleListner and it captures these redeployment events and triggers the notifications. *Solution :* Send the artifact md5sum with the notification to the Appfactory. Appfactory will validate the md5 and push the wall message accordingly. Regards, -- *Anuruddha Premalal* Software Eng. | WSO2 Inc. Mobile : +94710461070 Web site : www.regilandvalley.com Advances of technology should not leave behind the developing world -- Dimuthu Leelarathne Architect Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: dimut...@wso2.com Mobile : 0773661935 Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Extensibility of JDBCAuthorizationManager.
Any Ideas on this? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Fri, May 2, 2014 at 4:02 PM, Danushka Fernando danush...@wso2.comwrote: Hi all In user management area we have made lot of stuff extensible. We can write our own user store managers, tenant managers and authorization managers. So most of the time when we write a custom one we extend form an existing one. For example We implement tenant managers extended from JDBCTenantManager user store managers extended from ReadOnlyLDAPUserStoreManager / ReadWriteLDAPUserStoreManager. Because what we want to customize might not be the whole class. It could be a one operation of the class. Like that the implementation of Authorization Manager we can extend from is JDBCAuthorizationManager. But current implementation of JDBCAuthorizationManager is not extensible due to following reasons. 1. All the object level variables are private not protected. 2. Lot of methods of the class are private. 3. SearchResult class is visible only to the particular package. If we make all necessary private things protected, then some one can extend it and write his/her own Authorization Manager. Can we update JDBCAuthorizationManager code to make it extensible. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] Extensibility of JDBCAuthorizationManager.
Hi all In user management area we have made lot of stuff extensible. We can write our own user store managers, tenant managers and authorization managers. So most of the time when we write a custom one we extend form an existing one. For example We implement tenant managers extended from JDBCTenantManager user store managers extended from ReadOnlyLDAPUserStoreManager / ReadWriteLDAPUserStoreManager. Because what we want to customize might not be the whole class. It could be a one operation of the class. Like that the implementation of Authorization Manager we can extend from is JDBCAuthorizationManager. But current implementation of JDBCAuthorizationManager is not extensible due to following reasons. 1. All the object level variables are private not protected. 2. Lot of methods of the class are private. 3. SearchResult class is visible only to the particular package. If we make all necessary private things protected, then some one can extend it and write his/her own Authorization Manager. Can we update JDBCAuthorizationManager code to make it extensible. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 Products Tenant Creation Process calls the Reset Password
Well By having custom userstores and tenant stores, someone can have shared users and someone can create tenants with an existing user. But this call breaks everything since its trying to reset the password of the given user. @Manjula : Will check about hashing. Didn't aware about that. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Mon, Mar 10, 2014 at 10:28 PM, Amila Maha Arachchi ami...@wso2.comwrote: What are the issues of having this? On Thu, Mar 6, 2014 at 9:08 AM, Danushka Fernando danush...@wso2.comwrote: Hi all I found that our tenant creation process is calling reset password call inside tenant creation process. When we call tenant creation it goes through *persistTenant* call in *TenantPersistor* class. And it calls *persistTenantInUserStore*. In the end of this call it calls for *updateTenantAdminPassword*. By the time Tenant Manager is created the tenant admin and have added the password to the LDAP. So is there a particular reason that we should do this? I cant see any reason that we call the update/reset password at this moment. So IMO we should remove this if no such reason. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 -- *Amila Maharachchi* Senior Technical Lead WSO2, Inc.; http://wso2.com Blog: http://maharachchi.blogspot.com Mobile: +94719371446 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] WSO2 Products Tenant Creation Process calls the Reset Password
Any ideas on this? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Wed, Mar 5, 2014 at 7:38 PM, Danushka Fernando danush...@wso2.comwrote: Hi all I found that our tenant creation process is calling reset password call inside tenant creation process. When we call tenant creation it goes through *persistTenant* call in *TenantPersistor* class. And it calls *persistTenantInUserStore*. In the end of this call it calls for *updateTenantAdminPassword*. By the time Tenant Manager is created the tenant admin and have added the password to the LDAP. So is there a particular reason that we should do this? I cant see any reason that we call the update/reset password at this moment. So IMO we should remove this if no such reason. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
[Architecture] WSO2 Products Tenant Creation Process calls the Reset Password
Hi all I found that our tenant creation process is calling reset password call inside tenant creation process. When we call tenant creation it goes through *persistTenant* call in *TenantPersistor* class. And it calls *persistTenantInUserStore*. In the end of this call it calls for *updateTenantAdminPassword*. By the time Tenant Manager is created the tenant admin and have added the password to the LDAP. So is there a particular reason that we should do this? I cant see any reason that we call the update/reset password at this moment. So IMO we should remove this if no such reason. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Any plans of providing app deletion feature to the AppFactory users?
Hi Ashansa Is this deleting the git repos. If we delete an app we should be able to create it in same name. I could remember that GayanD was implementing this but we encountered some issues there. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Mon, Feb 10, 2014 at 5:13 AM, Amila Maha Arachchi ami...@wso2.comwrote: If you are planning to include this by the time of 1.1.0 release, that would be enough. Just wanted to know whether you have plans on making this available for the end user. On Mon, Feb 10, 2014 at 6:26 PM, Ashansa Perera asha...@wso2.com wrote: Hi Amila, I think we have implemented most of the required functionality for this in the process of making the application creation resilient and I hope we can add this feature in an upcoming milestone considering the other priorities as well. On Mon, Feb 10, 2014 at 2:55 PM, Amila Maha Arachchi ami...@wso2.comwrote: Hi AF team, $Subject? If not, why? I know you have the backend capability. Regards, AmilaM. -- *Amila Maharachchi* Senior Technical Lead WSO2, Inc.; http://wso2.com Blog: http://maharachchi.blogspot.com Mobile: +94719371446 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Thanks Regards, Ashansa Perera Software Engineer WSO2, Inc ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Amila Maharachchi* Senior Technical Lead WSO2, Inc.; http://wso2.com Blog: http://maharachchi.blogspot.com Mobile: +94719371446 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [Appfactory] Use of existing appfactory data sources for dashboards instead of publishing everything to BAM
@Gayand : In the first discussion we had about issue tracker we considered versioning. Please contact Punnadi/Manisha/Ramith. And If you are going to take this database what happens if we change the IssueTracker itself. We need to rewrite this gadget. So for the stuff that stored outside AF we should not read databases I guess. WDYT? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Tue, Nov 12, 2013 at 3:25 PM, Gayan Dhanushka gay...@wso2.com wrote: Hi all, In the current issue tracker db we are not capturing an issue's lifecycle stage. But there is a gadget called Issues by stage. Hence that information is needed. Shall we add a new column to the ISSUE table in the Issue tracker db? Thanks. GayanD Gayan Dhanuska Software Engineer http://wso2.com/ Lean Enterprise Middleware Mobile 071 666 2327 Office Tel : 94 11 214 5345 Fax : 94 11 214 5300 Twitter : https://twitter.com/gayanlggd On Tue, Nov 12, 2013 at 10:33 AM, Gayan Dhanushka gay...@wso2.com wrote: Hi Dimuthu, Will do and rewrite the gadgets. Gayan Dhanuska Software Engineer http://wso2.com/ Lean Enterprise Middleware Mobile 071 666 2327 Office Tel : 94 11 214 5345 Fax : 94 11 214 5300 Twitter : https://twitter.com/gayanlggd On Tue, Nov 12, 2013 at 10:29 AM, Dimuthu Leelarathne dimut...@wso2.comwrote: Hi Danushka, On Tue, Nov 12, 2013 at 10:08 AM, Gayan Dhanushka gay...@wso2.comwrote: Hi Samisa, A document has to be maintained with the data and the sources that it comes from. However more questions than answers arise when thinking about what needs to be done. Yes we collect some data in appfactory, but if we take the issue tracker as an example a customer may want to add JIRA or some other issue tracking system. In that case there is no point of having gadgets for issue tracking and changing the data sources to appfactory. It will be a whole different scenario. Reading data from the appfactory registry may cause degradation of the performance in the functionalities that uses the registry resources (number of registry calls may increase since the dashboards talk to the registry as well). It is much better than running hive to calculate already existing data. If it requires we can scale horizontally. We are designed to scale out. The theory is if there is a simple way MOST of the time it is the best way. And in this case it is better because we are saving a lot of crazy computing power. Imagine AF runs for years, and we spend 2/3 hours calculating an answer we already have in a database. +1 for rewriting to retrieve the existing answers. thanks, dimuthu datafiles may become complex since it focuses on the data conversion rather than building the dataset. So this re-modelling can be a good thing or sometimes it will be better off to have the current implementation. Need to figure that out first Thanks. GayanD Gayan Dhanuska Software Engineer http://wso2.com/ Lean Enterprise Middleware Mobile 071 666 2327 Office Tel : 94 11 214 5345 Fax : 94 11 214 5300 Twitter : https://twitter.com/gayanlggd On Sun, Nov 10, 2013 at 8:28 PM, Samisa Abeysinghe sam...@wso2.comwrote: How do we keep track of what data is in BAM vs what data comes form other sources? I think it is a good idea to not replicate data, but the source of data need to be known all the time for help verify/test accuracy. Thanks, Samisa... Samisa Abeysinghe Vice President Training WSO2 Inc. http://wso2.com On Fri, Nov 8, 2013 at 2:54 PM, Gayan Dhanushka gay...@wso2.comwrote: Hi All, There are some scenarios in appfactory where the data which needs to be published to BAM is already captured by an underlying appfactory database (e.g. issue tracker). Hence there is no need of publishing them again to BAM and running a expensive hive query on top of it. But still there has to be some Some observations are as follows. 1 ) Application creation and life cycle management details are captured in the registry. But since registry resources are saved as a xml string, the conversion of the xml to json is required in the jaggery datafile. 2 ) Issue tracker has a underlying mysql database. Hence data can be directly pulled from the issue tracker database. 3 ) Builds and commits data needs to be published to BAM anyway since they are not captured by the appfactory databases. Is it good to read data directly from the registry databases? Will it cause degradation in performance of the appfactory? Is it ok to change the architecture and use underlying appfactory databases whenever possible? WDYT? Thanks GayanD. Gayan Dhanuska Software Engineer http://wso2.com/ Lean Enterprise Middleware Mobile 071 666 2327 Office Tel : 94 11 214 5345 Fax : 94 11 214 5300 Twitter : https://twitter.com/gayanlggd ___ Architecture mailing list
Re: [Architecture] Alternative to using sso-idp-config.xml
Hi +1 for Dimuthu's point. This will effect our deployments. We can't manually go somewhere and add issuers from somewhere. So (-1) for removing support for sso-idp-config.xml. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Mon, Sep 23, 2013 at 6:20 PM, Dimuthu Leelarathne dimut...@wso2.comwrote: Hi Dulanja, What about cloud deployments? Current config files enable us to puppet-ize the deployment. When you do this it will no longer be able to do the deployment. If the problem is rewriting sso-idp-config.xml each time you add a parameter, then it is the problem of the code. We can write config file parsers in a very extensible way. For example refer [1]. We rarely write our configuration parser. And if you want to specify super tenant only SPs you can add a new parameter. Since this suggestion doesn't facilitate deployments I am -1 for this. If you can provide a solution for the deployment then I'll withdraw the -1. thanks, dimuthu [1] https://svn.wso2.org/repos/wso2/scratch/appfactory/components/appfac/org.wso2.carbon.appfactory.common/1.1.0/src/main/java/org/wso2/carbon/appfactory/common/util/AppFactoryUtil.java On Mon, Sep 23, 2013 at 6:01 PM, Nuwan Bandara nu...@wso2.com wrote: great On Mon, Sep 23, 2013 at 5:57 PM, Dulanja Liyanage dula...@wso2.comwrote: Hi Nuwan, IS already has IdentitySAMLSSOConfigService for that purpose. Thanks Regards, Dulanja On Mon, Sep 23, 2013 at 5:47 PM, Nuwan Bandara nu...@wso2.com wrote: Hi Dulanja On Mon, Sep 23, 2013 at 5:43 PM, Dulanja Liyanage dula...@wso2.comwrote: Hi All, AFAIK, AF and UES products are currently using the 'sso-idp-config.xml' file to store the SAML SSO Service Provider (SP) configurations. The main purpose of that is to write SP configuration *once* and use it for all the tenants. This removes the burden of adding the *same set* of SPs for each Tenant via the IdP UI. However, the downsides of this is, when a new feature/option is added to the Identity Server's SP registration page, this file should be * also* changed and the file read logic should be modified accordingly. To avoid this, we are looking at the possibility of removing the usage of that file - allowing changes to be incorporated with minimum effort. One plausible way is to always save the tenant-shared configurations via the SP registration UI of the Super Admin. Since sso-idp-config.xml is also configured by the Super Admin, there shouldn't be any harm doing this. So, to validate the SP when a SAML request comes for a tenant user, code logic should first check tenant's own configurations in his registry, and if no relevant SP is found (by using the issuer ID), then check Super Admin's configuration from the registry for the shared SPs. But, what if Super Admin wants to maintain a set of SPs only for his users. (i.e non-shareable SPs) ? To cater this, we can introduce a new option to SP registration UI to specify whether a particular SP is shared or not. This would be the first step of improving the tenant story in SAML SSO. Appreciate your ideas on this. +1, for the idea, please provide a service to register SPs, because not always we use the mgt-console UI to register new SPs. Regards, /Nuwan Thanks Regards, Dulanja -- Dulanja Liyanage Senior Software Engineer - WSO2 Inc. M: +94776764717 -- *Thanks Regards, Nuwan Bandara Technical Lead; **WSO2 Inc. * *lean . enterprise . middleware | http://wso2.com * *blog : http://nuwanbando.com; email: nu...@wso2.com; phone: +94 11 214 5345 * http://www.nuwanbando.com/ -- Dulanja Liyanage Senior Software Engineer - WSO2 Inc. M: +94776764717 -- *Thanks Regards, Nuwan Bandara Technical Lead; **WSO2 Inc. * *lean . enterprise . middleware | http://wso2.com * *blog : http://nuwanbando.com; email: nu...@wso2.com; phone: +94 11 214 5345 * http://www.nuwanbando.com/ -- Dimuthu Leelarathne Architect Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: dimut...@wso2.com Mobile : 0773661935 Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [Dev] Caching implementation performance improvement
Hi, Just wondering about the update mechanism. What happens when original value or L2 cache value get updated? Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Wed, Aug 7, 2013 at 2:02 PM, Afkham Azeez az...@wso2.com wrote: [image: Inline image 1] On Wed, Aug 7, 2013 at 11:31 AM, Afkham Azeez az...@wso2.com wrote: While running certain scenarios during testing of the Carbon 4.2.0 packs, we saw certain performance issues when distributed Hazelcast HashMaps are used as the backing data structure. To overcome this, I have introduced the concept of an L1 local cache. It is a write through cache, where items stored in it will also get written to the distributed data structure. When there is a L1 cache miss, we will check in the L2 distributed cache to see whether the value is there. I am seeing significant performance improvement in the tenant creation scenario after this improvement. -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * http://www.apache.org/** email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * http://www.apache.org/** email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* ___ Dev mailing list d...@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev caching.png___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [Dev] Caching implementation performance improvement
I am asking about caching invalidating mechanism Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Wed, Aug 7, 2013 at 5:13 PM, Isuru Perera isu...@wso2.com wrote: On Wed, Aug 7, 2013 at 2:59 PM, Danushka Fernando danush...@wso2.comwrote: Hi, Just wondering about the update mechanism. What happens when original value or L2 cache value get updated? What do you mean by this? If I understand correctly, when you need to update the value for a key, you need to use the Caching API and use put method. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Wed, Aug 7, 2013 at 2:02 PM, Afkham Azeez az...@wso2.com wrote: [image: Inline image 1] On Wed, Aug 7, 2013 at 11:31 AM, Afkham Azeez az...@wso2.com wrote: While running certain scenarios during testing of the Carbon 4.2.0 packs, we saw certain performance issues when distributed Hazelcast HashMaps are used as the backing data structure. To overcome this, I have introduced the concept of an L1 local cache. It is a write through cache, where items stored in it will also get written to the distributed data structure. When there is a L1 cache miss, we will check in the L2 distributed cache to see whether the value is there. I am seeing significant performance improvement in the tenant creation scenario after this improvement. -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * http://www.apache.org/** email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * http://www.apache.org/** email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* ___ Dev mailing list d...@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Isuru Perera Senior Software Engineer | WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware Twitter: http://twitter.com/chrishantha | LinkedIn: http://lk.linkedin.com/in/chrishantha/ ___ Dev mailing list d...@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev caching.png___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] [Dev] Caching implementation performance improvement
Thats what my question was about. Thanks Azeez. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Wed, Aug 7, 2013 at 5:28 PM, Afkham Azeez az...@wso2.com wrote: On Wed, Aug 7, 2013 at 2:59 PM, Danushka Fernando danush...@wso2.comwrote: Hi, Just wondering about the update mechanism. What happens when original value or L2 cache value get updated? I think the question is, if the L2 (distributed) cache got updated from another node, how does it get reflected in the L1 caches of the other nodes. We register an entry listener for the L2 cache, and whenever there is a change, this gets triggered, and updates the L1 caches as well. Thanks Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Wed, Aug 7, 2013 at 2:02 PM, Afkham Azeez az...@wso2.com wrote: [image: Inline image 1] On Wed, Aug 7, 2013 at 11:31 AM, Afkham Azeez az...@wso2.com wrote: While running certain scenarios during testing of the Carbon 4.2.0 packs, we saw certain performance issues when distributed Hazelcast HashMaps are used as the backing data structure. To overcome this, I have introduced the concept of an L1 local cache. It is a write through cache, where items stored in it will also get written to the distributed data structure. When there is a L1 cache miss, we will check in the L2 distributed cache to see whether the value is there. I am seeing significant performance improvement in the tenant creation scenario after this improvement. -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * http://www.apache.org/** email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * http://www.apache.org/** email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* ___ Dev mailing list d...@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * http://www.apache.org/** email: **az...@wso2.com* az...@wso2.com* cell: +94 77 3320919 blog: **http://blog.afkham.org* http://blog.afkham.org* twitter: **http://twitter.com/afkham_azeez*http://twitter.com/afkham_azeez * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware* caching.png___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture