Re: [Architecture] [Dev] [Vote] Release of WSO2 API Manager 3.2.0 RC6

[Hasunie Adikari]

On Mon, Aug 24, 2020 at 2:25 PM Prasanna Dangalla 
>>>>>> wrote:
>>>>>>
>>>>>>> Hi All,
>>>>>>>
>>>>>>> Ran WSO2 enterprise test scenarios. No issues identified.
>>>>>>>
>>>>>>> *[+] Stable - Go ahead and release.*
>>>>>>>
>>>>>>> Thanks
>>>>>>> *Prasanna Dangalla* | Associate Technical Lead | WSO2 Inc.
>>>>>>> (m) +94 718 112 751 | (e) prasa...@wso2.com
>>>>>>>
>>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Aug 24, 2020 at 2:09 PM Sanjeewa Malalgoda <
>>>>>>> sanje...@wso2.com> wrote:
>>>>>>>
>>>>>>>> I have tested API Manager 3.2.0 against the following criterias.
>>>>>>>>
>>>>>>>>- Java Security Manager with JDK 11.0 and tested security flows.
>>>>>>>>- Developer portal and publisher standard user flows.
>>>>>>>>- Policy creation wizard and throttling capabilities.
>>>>>>>>
>>>>>>>> Found some minor issues[1,2,3] related to policy wizard and scopes.
>>>>>>>> I don't consider them as blockers.
>>>>>>>>
>>>>>>>> [1] https://github.com/wso2/product-apim/issues/9172
>>>>>>>> [2] https://github.com/wso2/product-apim/issues/9173
>>>>>>>> [3] https://github.com/wso2/product-apim/issues/9174
>>>>>>>>
>>>>>>>> *[+] Stable - Go ahead and release.*
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> sanjeewa.
>>>>>>>>
>>>>>>>> On Sat, Aug 22, 2020 at 12:06 AM Arshardh Ifthikar <
>>>>>>>> arsha...@wso2.com> wrote:
>>>>>>>>
>>>>>>>>> Hi All,
>>>>>>>>>
>>>>>>>>> We are pleased to announce the sixth release candidate of WSO2 API
>>>>>>>>> Manager 3.2.0.
>>>>>>>>>
>>>>>>>>> This release fixes the following issues.
>>>>>>>>>
>>>>>>>>>- Fixes : product-apim
>>>>>>>>>
>>>>>>>>> <https://github.com/wso2/product-apim/issues?q=is%3Aissue+is%3Aclosed+closed%3A2020-03-20..2020-08-20>
>>>>>>>>>- Fixes : analytics-apim
>>>>>>>>><https://github.com/wso2/analytics-apim/milestone/28?closed=1>
>>>>>>>>>
>>>>>>>>> Source and distribution,
>>>>>>>>> Runtime :
>>>>>>>>> https://github.com/wso2/product-apim/releases/tag/v3.2.0-rc6
>>>>>>>>> Analytics :
>>>>>>>>> https://github.com/wso2/analytics-apim/releases/tag/v3.2.0-rc3
>>>>>>>>>
>>>>>>>>> Documentation : https://apim.docs.wso2.com/en/3.2.0/
>>>>>>>>> Migration docs :
>>>>>>>>> https://apim.docs.wso2.com/en/3.2.0/install-and-setup/upgrading-wso2-api-manager/upgrading-process/
>>>>>>>>>
>>>>>>>>> Please download, test the product and vote.
>>>>>>>>>
>>>>>>>>> [+] Stable - go ahead and release
>>>>>>>>> [-] Broken - do not release (explain why)
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> WSO2 API Manager Team
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> *Arshardh Ifthikar*
>>>>>>>>> Senior Software Engineer | WSO2 Inc.
>>>>>>>>>
>>>>>>>>> Email: arsha...@wso2.com
>>>>>>>>> Mobile: +94777218551
>>>>>>>>> Web: http://wso2.com
>>>>>>>>>
>>>>>>>>> <http://wso2.com/signature>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Sanjeewa Malalgoda*
>>>>>>>> Software Architect | Associate Director, Engineering - WSO2 Inc.
>>>>>>>> (m) +94 712933253 | (e) sanje...@wso2.com | (b) Blogger
>>>>>>>> <http://sanjeewamalalgoda.blogspot.com>, Medium
>>>>>>>> <https://medium.com/@sanjeewa190>
>>>>>>>>
>>>>>>>> GET INTEGRATION AGILE <https://wso2.com/signature>
>>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>> ___
>>>>>>>> Dev mailing list
>>>>>>>> d...@wso2.org
>>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>>
>>>>>>> ___
>>>>>>> Dev mailing list
>>>>>>> d...@wso2.org
>>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> *Krishan Wijesena*
>>>>>> Senior Software Engineer | WSO2
>>>>>>
>>>>>> Email : krish...@wso2.com
>>>>>> Mobile : +94776219923
>>>>>> WSO2 Inc : http://wso2.com
>>>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>>> ___
>>>>>> Dev mailing list
>>>>>> d...@wso2.org
>>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Mushthaq Rumy
>>>>> *Associate Technical Lead*
>>>>> Mobile : +94 (0) 779 492140
>>>>> Email : musht...@wso2.com
>>>>> WSO2, Inc.; http://wso2.com/
>>>>> lean . enterprise . middleware.
>>>>>
>>>>> <http://wso2.com/signature>
>>>>> ___
>>>>> Dev mailing list
>>>>> d...@wso2.org
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>
>>>>
>>>> --
>>>> *Chashika Weerathunga* | Software Engineer | WSO2 Inc.
>>>> (m) +94713731206 | Email: chash...@wso2.com
>>>> [image: http://wso2.com]
>>>> <http://wso2.com>
>>>> ___
>>>> Dev mailing list
>>>> d...@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>
>>>
>>> --
>>> *Vithursa Mahendrarajah* | Senior Software Engineer | WSO2 Inc
>>> (m) +94 766 695 643 | (e) vithu...@wso2.com
>>>
>>> * <http://wso2.com/signature>[image: https://wso2.com/signature]
>>> <https://wso2.com/signature>*
>>> ___
>>> Dev mailing list
>>> d...@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>
>
> --
> *Shehani Rathnayake* | Software Engineer | WSO2 Inc.
> <http://wso2.com/>
> (m) +94713490439 | (E) sheha...@wso2.com
>
> <https://wso2.com/signature>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>


-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] [APIM] Introduce Lerna to share the front end components with in multiple features(store, publisher, admin portal)

[Hasunie Adikari]

Hi All,


We have been maintaining different web apps which use the same styles, UI
components and various utilities etc. Actually, we can manage these things
in below ways.

 1.)  Duplicating the things in web apps.

 2.)  Creating a single repository with all those.


Above both ways are a little cumbersome to manage in terms of unit testing,
version maintenance. It slows down development as well. But currently, most
of the good open-source projects rely on Lerna [1]. It allows effectively
to share the front end components across

the various projects. It is a convenient way to maintain sharable code
pieces without the overhead of many repositories. If we do an improvement
in one single unit it will reflect in the other web apps.

Furthermore, an obvious drawback of having all our packages in one
repository is having to go into each package and npm install. This would
quickly become unmanageable and time-consuming. Lerna has various built-in
commands to ease the drawbacks and bootstrap(command) is one of them.
Simply run the (Lerna bootstrap) command at the top level and Lerna will
automatically install the required dependencies for each package as well as
resolving internal dependencies by creating symlinks. It gives a
significant benefit like reducing the disk space by reusing the node
modules.


I have been using the Lerna to share the store's react components in the
publisher feature. This Doc [2] describes how it works. This guild will
help to configure reusable components in the admin portal and endpoint
registry feature.

At the first phase of this attempt, we reuse the existing store components
(ex: tryout controller, swagger UI etc..) as reusable components. But we
identified some issues in this approach. We should improve our UI
components which can be reusable in other apps to be more generic so that
it will be easy to reuse without extra work. I would like to suggest some
improvements for the next steps to overcome some issues while I was
configuring the Lerna to the apimgt features.


1. Create a separate package and keep all the reusable components. Then we
can share that package with other projects.

2. Currently, Lerna bootstrap command creates a symlink for the reusable
component's source code. We should improve it to create a symlink for the
built-in component rather than the source code.



[1]. https://github.com/lerna/lerna
[2].
https://docs.google.com/document/d/15eVUGG4JG8iKqePAvmsUFVXO8N1Fydp1CCZl_J8h8EQ/edit?usp=sharing
[3]. Git issue - https://github.com/wso2/product-apim/issues/8128

Regards,
Hasunie


-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [APIM] Tryout console for the API Publisher

[Hasunie Adikari]

Hi Kasun,

On Wed, Apr 22, 2020 at 9:17 AM Kasun Thennakoon  wrote:

> Hi Hasunie,
>
> Out of the above three suggestions, I'm +1 to the 1st approach you have
> suggested, Where
>
>
>- Combination of *prototype *state and *enableStore=true*(API artifact
>property) will depict the *testing* state
>- *enableStore *property will control the visibility in the developer
>portal when the API is in prototyped state
>- this state and API filed update will happen only if they attempt to
>test the API
>- Testing will be allowed only in Created and Prototyped state, If in
>the created state change the LC to prototype and update the API field, If
>already in prototype update only the *enableStore *field
>
>
>  As usual, he/she has to demote to the created state and initialize the
>> test.
>
>
> In the above case, where API is already in Published state and API creator
> wants to test the API, I think we should allow the action from the API
> testing page with the user's consent(I:e show a warning saying, API will be
> unpublished from the gateway/devportal , Do you like to continue ?)
>
>
> another point is, since we are adding a new field to API RXT we need to
> consider how to migrate APIs from previous versions.
>
   We have a way to update the RXT field at runtime. For example [1]. We
did this for all newly added RXT fields.

[1] https://github.com/wso2/product-apim/issues/3525

>
> @Sanjeewa Malalgoda  , @Nuwan Dias 
> please give your opinion on this
>
> Thanks
> ~KasunTe
>
>
>
> On Tue, Apr 21, 2020 at 4:17 PM Hasunie Adikari  wrote:
>
>>
>>  Hi All,
>>
>> We have been working on a testing console for the API Publisher. The main
>>> intention of this feature is that the developer(creator, publisher) can
>>> make sure that the API is working as expected by performing functional
>>> tests before publishing to the dev portal.
>>> For example, test the mediation policies, check whether the API response
>>> comes from the expected back end, test the request parameters are compliant
>>> with the defined schema.
>>>
>>> By considering the functionalities, we decided to re-use the prototype
>>> life-cycle state. In fact, if a developer triggers a test, the particular
>>> API is deployed as a prototype and in addition to that, a new RXT field(
>>> *enableStore*)  is set to false so that the specific testing API is
>>> restricted to the dev portal. Afterwards, if the API is either published or
>>> deployed as a prototype, the *enableStore *should be set to true.
>>> The APIsGet query should be changed as below.
>>>
>>> name=*=true=(PUBLISHED OR PROTOTYPED)
>>>
>>> Furthermore, another concern is the lifecycle state that will show in
>>> the publisher lifecycle state diagram. So we came up with two approaches to
>>> show the state.
>>>
>>
>> Moreover, if an API is in a published state, we planned to restrict the
>> testing capability. As usual, he/she has to demote to the created state and
>> initialize the test.
>> Highly appreciate your insights on the following 2 approaches.
>>
>>>
>>> 1.i) Keep two subtypes of the prototype state like *prototype*
>>> and *prototype(testing)*. If it's a normal prototype(visible to store),
>>> it will be shown as a prototype. If the enableStore property is set to
>>> false and lcstate is a prototype, the state should be changed as the
>>> prototype(testing). The below diagram depicts the flow.
>>>
>>
>>
>>
>>>  ii) Moreover, we can internally deploy the API as a prototype
>>> without intentionally saying this API is deployed as a prototype and keep
>>> the same state as created. Even though the lifecycle shows the API is in a
>>> created state, the synapse artefacts are created. This might  be an issue
>>> as we can't clearly define our statuses.
>>>
>>>
>>>
>>>
>>>
>>> [image: console.png]
>>>
>>> 2.  Create a pop-up window to carry on the tests functionalities. When a
>>> developer clicks on the testing pop up window, the API is deployed as a
>>> prototype and all the other details are hidden until the developer closes
>>> the window by finishing the testing phase. Once he/she closes the window,
>>> API should be automatically demoted to the created state and developer
>>> should be able to carry on his/her tasks without affecting the user
>>> experience.
>>> If we go ahead with this approach, we have to hand

Re: [Architecture] [APIM] Tryout console for the API Publisher

[Hasunie Adikari]

 Hi All,

We have been working on a testing console for the API Publisher. The main
> intention of this feature is that the developer(creator, publisher) can
> make sure that the API is working as expected by performing functional
> tests before publishing to the dev portal.
> For example, test the mediation policies, check whether the API response
> comes from the expected back end, test the request parameters are compliant
> with the defined schema.
>
> By considering the functionalities, we decided to re-use the prototype
> life-cycle state. In fact, if a developer triggers a test, the particular
> API is deployed as a prototype and in addition to that, a new RXT field(
> *enableStore*)  is set to false so that the specific testing API is
> restricted to the dev portal. Afterwards, if the API is either published or
> deployed as a prototype, the *enableStore *should be set to true.
> The APIsGet query should be changed as below.
>
> name=*=true=(PUBLISHED OR PROTOTYPED)
>
> Furthermore, another concern is the lifecycle state that will show in the
> publisher lifecycle state diagram. So we came up with two approaches to
> show the state.
>

Moreover, if an API is in a published state, we planned to restrict the
testing capability. As usual, he/she has to demote to the created state and
initialize the test.
Highly appreciate your insights on the following 2 approaches.

>
> 1.i) Keep two subtypes of the prototype state like *prototype*
> and *prototype(testing)*. If it's a normal prototype(visible to store),
> it will be shown as a prototype. If the enableStore property is set to
> false and lcstate is a prototype, the state should be changed as the
> prototype(testing). The below diagram depicts the flow.
>



>  ii) Moreover, we can internally deploy the API as a prototype
> without intentionally saying this API is deployed as a prototype and keep
> the same state as created. Even though the lifecycle shows the API is in a
> created state, the synapse artefacts are created. This might  be an issue
> as we can't clearly define our statuses.
>
>
>
>
>
> [image: console.png]
>
> 2.  Create a pop-up window to carry on the tests functionalities. When a
> developer clicks on the testing pop up window, the API is deployed as a
> prototype and all the other details are hidden until the developer closes
> the window by finishing the testing phase. Once he/she closes the window,
> API should be automatically demoted to the created state and developer
> should be able to carry on his/her tasks without affecting the user
> experience.
> If we go ahead with this approach, we have to handle the clearing the
> artefacts with pinpoint accuracy otherwise it might lead to several issues
> at prod environments.
>
> If we can go with 1 i) approach, it would make a minor effect on the basic
> flow. Highly appreciate your suggestions and concerns regarding this.
>
>
> Regards,
> Hasunie
>
>
>
>
>
>
> --
> *Hasunie Adikari*
> Associate Technical Lead
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
> blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
> Mobile:+94713095876
>
>

-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] [APIM] Tryout console for the API Publisher

[Hasunie Adikari]

Hi all,

We have been working on a testing console for the API Publisher. The main
intention of this feature is that the developer(creator, publisher) can
make sure that the API is working as expected by performing functional
tests before publishing to the dev portal.
For example, test the mediation policies, check whether the API response
comes from the expected back end, test the request parameters are compliant
with the defined schema.

By considering the functionalities, we decided to re-use the prototype
life-cycle state. In fact, if a developer triggers a test, the particular
API is deployed as a prototype and in addition to that, a new RXT field(
*enableStore*)  is set to false so that the specific testing API is
restricted to the dev portal. Afterwards, if the API is either published or
deployed as a prototype, the *enableStore *should be set to true.
The APIsGet query should be changed as below.

name=*=true=(PUBLISHED OR PROTOTYPED)

Furthermore, another concern is the lifecycle state that will show in the
publisher lifecycle state diagram. So we came up with two approaches to
show the state.

1.i) Keep two subtypes of the prototype state like *prototype* and
*prototype(testing)*. If it's a normal prototype(visible to store), it will
be shown as a prototype. If the enableStore property is set to false and
lcstate is a prototype, the state should be changed as the
prototype(testing). The below diagram depicts the flow.
 ii) Moreover, we can internally deploy the API as a prototype
without intentionally saying this API is deployed as a prototype and keep
the same state as created. Even though the lifecycle shows the API is in a
created state, the synapse artefacts are created. This might  be an issue
as we can't clearly define our statuses.





[image: console.png]

2.  Create a pop-up window to carry on the tests functionalities. When a
developer clicks on the testing pop up window, the API is deployed as a
prototype and all the other details are hidden until the developer closes
the window by finishing the testing phase. Once he/she closes the window,
API should be automatically demoted to the created state and developer
should be able to carry on his/her tasks without affecting the user
experience.
If we go ahead with this approach, we have to handle the clearing the
artefacts with pinpoint accuracy otherwise it might lead to several issues
at prod environments.

If we can go with 1 i) approach, it would make a minor effect on the basic
flow. Highly appreciate your suggestions and concerns regarding this.


Regards,
Hasunie






-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] WSO2 API Microgateway 3.1.0-Beta Released!

[Hasunie Adikari]

Download
wso2am-micro-gw-3.1.0-beta


What's new in 3.1.0-Beta
*New Features*
New features


*Improvements*
Improvements


*Bug fixes*
Fixed Issues

Known Issues
*Open issues*
Open Issues
Try
it

https://github.com/wso2/product-microgateway#microgateway-quick-start
Documentation

https://docs.wso2.com/display/MG310/
How You Can Contribute

   -

   *Reporting Issues*
   We encourage you to report issues, documentation faults, and feature
   requests regarding WSO2 API Microgateway through the Github Issues
   .
   -

   *Contributing Code*
   Read through project Contribution Guidelines
   
to
   learn how to contribute with code.
   -

   *Mailing Lists*
   Join our mailing list and receive updates on product development.
   Developer List: d...@wso2.org
   -

   *User Forum*
   Go through the StackOverflow
   
   -

   *Slack channels*
   Join us via our wso2-apim.slack.com for even better communication. You
   can talk to our developers directly regarding any issues, concerns about
   the product. We encourage you to start discussions or join any ongoing
   discussions with the team, via our slack channels.
   - Discussions about developments: Dev Channel
   
   - New releases: Release Announcement Channel
   


*--WSO2 API Manager Team--*
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] WSO2 API Microgateway 3.1.0-Alpha Released!

[Hasunie Adikari]

Download
wso2am-micro-gw-3.1.0-alpha
<https://github.com/wso2/product-microgateway/releases/tag/v3.1.0-alpha>

Bug Fixes and Improvements in 3.1.0-Alpha

Fixed Issues
<https://github.com/wso2/product-microgateway/issues?utf8=%E2%9C%93=is%3Aissue+milestone%3A3.1.0-alpha+>
Known Issues

Open Issues
<https://github.com/wso2/product-microgateway/issues?q=is%3Aopen+is%3Aissue>
Try it

https://github.com/wso2/product-microgateway#microgateway-quick-start
Documentation

https://docs.wso2.com/display/MG310/
How You Can Contribute

   -

   *Reporting Issues*
   We encourage you to report issues, documentation faults, and feature
   requests regarding WSO2 API Microgateway through the Github Issues
   <https://github.com/wso2/product-microgateway/issues>.
   -

   *Contributing Code*
   Read through project Contribution Guidelines
   <https://github.com/wso2/product-microgateway/blob/master/CONTRIBUTING.md>
to
   learn how to contribute with code.
   -

   *Mailing Lists*
   Join our mailing list and receive updates on product development.
   Developer List: d...@wso2.org
   -

   *User Forum*
   Go through the StackOverflow
   <https://stackoverflow.com/questions/tagged/wso2-mgw>
   -

   *Slack channels*
   Join us via our wso2-apim.slack.com for even better communication. You
   can talk to our developers directly regarding any issues, concerns about
   the product. We encourage you to start discussions or join any ongoing
   discussions with the team, via our slack channels.
 - Discussions about developments: Dev Channel
   <https://wso2-apim.slack.com/messages/microgateway>
 - New releases: Release Announcement Channel
   <https://wso2-apim.slack.com/messages/releases>

*--WSO2 API Manager Team--*





*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Revamping validator filter in API Microgateway

[Hasunie Adikari]

Hi All,

Right now we maintain massive ballerina code for the schema validation
logic but it is cumbersome. We face some readability and performance issues
with the existing code. Hence we decided to take advantage of the ballerina
interop and wrap the java codes to a ballerina function. So the new
approach is to create two functions for the request validation and response
validation in the validation filter and call the ballerina method which
wraps the java logic.

Moreover, we have to face a blocking issue by keeping the swagger content
in the .bal files. Hence from this release, we use the ballerina resources/
folder which contains the swagger files of the MG project that will be
available at runtime.

Regards,
Hasunie


On Sun, Oct 6, 2019 at 8:20 AM Praminda Jayawardana 
wrote:

> +1
>
> - This makes the maintainability of validation feature easy.
> - We've evaluated everit library before to validate the earlier
> configuration model of MGW and got acceptable results.
>
>
> On Thu, Oct 3, 2019 at 7:29 PM Rajith Roshan  wrote:
>
>> I think using a common library would make both synapse and micro gateways
>> behaves the same way when validating the schemas. Maintaining our own
>> library would become difficult as open API spec add more and more
>> validations(with newer versions) , we will have to keep track of it and
>> include those into the feature. Using a library(under continuous
>> development), would make this easier as we only have to update the library
>> version.
>>
>> Thanks!
>> Rajith
>>
>> On Thu, Oct 3, 2019 at 7:21 PM Hasunie Adikari  wrote:
>>
>>> Hi All,
>>>
>>> I have been working on JBallerina upgrade for the schema validator
>>> filter which validates the request/response payloads against the schema in
>>> the swagger file. Significant changes have been introduced with the b7
>>> release and thus we need to revamp the feature accordingly. This is an
>>> arduous task provided that the validation logic has been implemented by
>>> ourselves and not using a third-party library. The validation logic in a
>>> sense, it includes a blend of tasks as below.
>>>
>>> 1. Primitive type validation
>>>
>>> 2. Custom type validation
>>>
>>> 3. Minimum, Maximum length of the integer and query parameters
>>>
>>> 4. Required field validation
>>>
>>> 5. Consider (allOf, anyOf ,oneOf) and use with a discriminator
>>>
>>> Besides the above, the feature should be compatible with both swagger
>>> versions 2 and 3. There are some drawbacks with the current implementation
>>> such as,
>>>
>>>1.
>>>
>>>Complexity - We have to put unnecessary effort to do generic JSON
>>>schema validations on our side.
>>>2.
>>>
>>>Maintainability - We can get future improvements from the library
>>>instead of writing ourselves.
>>>
>>> Hence, I would like to propose to use the third party library everit [1]
>>> which is similar to the synapse gateway and It provides the same
>>> capabilities extensively. If we go ahead with this approach, we just need
>>> to provide the payload and relevant schema model to the validate function
>>> of the library. WDYT?
>>>
>>> [1] https://github.com/everit-org/json-schema
>>>
>>> Regards,
>>> Hasunie
>>>
>>>
>>>
>>> --
>>> *Hasunie Adikari*
>>> Associate Technical Lead
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>> blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
>>> Mobile:+94713095876
>>>
>>>
>>
>> --
>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>>
>> <https://wso2.com/signature>
>>
>
>
> --
>
> *Praminda Jayawardana* | Senior Software Engineer | WSO2 Inc.
> (m) +94 (0) 716 590918 | (e) prami...@wso2.com
> GET INTEGRATION AGILE
> Integration Agility for Digitally Driven Business
>


-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] WSO2 API Microgateway 3.1.0-M2 Released!

[Hasunie Adikari]

Download
wso2am-micro-gw-3.1.0-m2
<https://github.com/wso2/product-microgateway/releases/tag/v3.1.0-m2>
Bug Fixes and Improvements in 3.1.0-M2

Fixed Issues
<https://github.com/wso2/product-microgateway/issues?utf8=%E2%9C%93=is%3Aissue+milestone%3A3.1.0-m2>
Known Issues

Open Issues
<https://github.com/wso2/product-microgateway/issues?q=is%3Aopen+is%3Aissue>
Try it

https://github.com/wso2/product-microgateway#microgateway-quick-start
Documentation

https://docs.wso2.com/display/MG310/
How You Can Contribute

   -

   *Reporting Issues*
   We encourage you to report issues, documentation faults, and feature
   requests regarding WSO2 API Microgateway through the Github Issues
   <https://github.com/wso2/product-microgateway/issues>.
   -

   *Contributing Code*
   Read through project Contribution Guidelines
   <https://github.com/wso2/product-microgateway/blob/master/CONTRIBUTING.md>
to
   learn how to contribute with code.
   -

   *Mailing Lists*
   Join our mailing list and receive updates on product development.
   Developer List: d...@wso2.org

*--WSO2 API Manager Team--*

-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release of WSO2 API Manager 3.0.0 RC3

[Hasunie Adikari]

Hi,

I have tested the following

- Micro-gw API import and label import.
- Micro-gw analytics.
- API request/response validator.
- Self signup.
- Scope test.
- API invocation and analytics.
- Tested API manager scenarios in both super tenant and tenant.

No blockers found. Hence, [+] Stable - go ahead and release.

Regards,
Hasunie

On Fri, Oct 25, 2019 at 2:52 PM Nalaka Senarathna  wrote:

> Hi All,
> Tested the followings.
> - Token cleanup
> - Caching
> - API /API product invocation and visibility
> - SDK feature
> - Pass end-user attributes to backend using JWT
> - Alert subscription
> - Basic flows in oracle and db2
>
> Stable and go ahead and release.
> Thanks & Regards.
> Nalaka
>
>
> On Fri, Oct 25, 2019 at 2:44 PM Hasunie Adikari  wrote:
>
>> Hi,
>>
>> I have tested the following
>>
>> - Micro-gw API import and label import.
>> - Micro-gw analytics.
>> - API request/response validator.
>> - Self signup.
>> - Scope test.
>> - API invocation and analytics.
>> - Tested API manager scenarios in both super tenant and tenant.
>>
>> Regards,
>> Hasunie
>>
>>
>> On Fri, Oct 25, 2019 at 1:23 PM Dushan Silva  wrote:
>>
>>> Hi,
>>> I have tested the following
>>> Authorization code grant type,
>>> JWT grant type,
>>> NTLM grant type,
>>> Password grant type,
>>> Client credentials grant type,
>>>
>>> Provisioning Out-of-Band OAuth Clients
>>> Application group sharing
>>> self registration
>>>
>>> No blockers found. +1 to go ahead and release.
>>>
>>>
>>>
>>> On Fri, Oct 25, 2019 at 12:20 PM Chamin Dias  wrote:
>>>
>>>> Hi,
>>>>
>>>> Tested the following scenarios in both the super tenant and tenant.
>>>> - API keys for securing APIs
>>>> - Localization / internationalisation
>>>> - Monetization (with in-built implementation)
>>>>
>>>> No blockers found. Hence, [+] Stable: go ahead and release.
>>>>
>>>> Thanks.
>>>>
>>>> On Fri, Oct 25, 2019 at 11:28 AM Mushthaq Rumy 
>>>> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> Hi All,
>>>>>
>>>>> Tested the following scenarios in both super tenant and tenant.
>>>>> - API Creation, Publishing, Subscribing and invocation of APIs
>>>>> - Tested Publisher Access Control
>>>>> - Tested Store Visibility
>>>>> - Identity management features such as self sign up, password reset,
>>>>> password policy, account locking.
>>>>>
>>>>> No blockers found. Hence, [+] Stable - go ahead and release.
>>>>>
>>>>> Thanks & Regards,
>>>>> Mushthaq
>>>>>
>>>>> On Fri, Oct 25, 2019 at 3:52 AM Samitha Chathuranga 
>>>>> wrote:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> We are pleased to announce the second release candidate of WSO2 API
>>>>>> Manager 3.0.0.
>>>>>>
>>>>>> This release fixes the following issues.
>>>>>>
>>>>>>- Fixes : product-apim
>>>>>>
>>>>>> <https://github.com/wso2/product-apim/issues?utf8=%E2%9C%93=is%3Aissue+is%3Aclosed+closed%3A2018-09-16..2019-10-24>
>>>>>>- Fixes : carbon-apimgt
>>>>>>
>>>>>> <https://github.com/wso2/carbon-apimgt/issues?utf8=%E2%9C%93=is%3Aissue+is%3Aclosed+closed%3A2018-09-16..2019-10-24+>
>>>>>>- Fixes : analytics-apim
>>>>>>
>>>>>> <https://github.com/wso2/analytics-apim/issues?utf8=%E2%9C%93=is%3Aissue+is%3Aclosed+closed%3A2018-09-16..2019-10-24>
>>>>>>
>>>>>> Source and distribution,
>>>>>> Runtime :
>>>>>> https://github.com/wso2/product-apim/releases/tag/v3.0.0-rc3
>>>>>> Analytics :
>>>>>> https://github.com/wso2/analytics-apim/releases/tag/v3.0.0-rc3
>>>>>> APIM Tooling :
>>>>>> https://github.com/wso2/product-apim-tooling/releases/tag/v3.0.0-rc
>>>>>>
>>>>>> Please download, test the product and vote.
>>>>>>
>>>>>> [+] Stable - go ahead and release
>>>>>> [-] Broken - do not release (explain why)
>>&g

Re: [Architecture] [Dev] [VOTE] Release of WSO2 API Manager 3.0.0 RC3

[Hasunie Adikari]

Hi,

I have tested the following

- Micro-gw API import and label import.
- Micro-gw analytics.
- API request/response validator.
- Self signup.
- Scope test.
- API invocation and analytics.
- Tested API manager scenarios in both super tenant and tenant.

Regards,
Hasunie


On Fri, Oct 25, 2019 at 1:23 PM Dushan Silva  wrote:

> Hi,
> I have tested the following
> Authorization code grant type,
> JWT grant type,
> NTLM grant type,
> Password grant type,
> Client credentials grant type,
>
> Provisioning Out-of-Band OAuth Clients
> Application group sharing
> self registration
>
> No blockers found. +1 to go ahead and release.
>
>
>
> On Fri, Oct 25, 2019 at 12:20 PM Chamin Dias  wrote:
>
>> Hi,
>>
>> Tested the following scenarios in both the super tenant and tenant.
>> - API keys for securing APIs
>> - Localization / internationalisation
>> - Monetization (with in-built implementation)
>>
>> No blockers found. Hence, [+] Stable: go ahead and release.
>>
>> Thanks.
>>
>> On Fri, Oct 25, 2019 at 11:28 AM Mushthaq Rumy  wrote:
>>
>>> Hi All,
>>>
>>> Hi All,
>>>
>>> Tested the following scenarios in both super tenant and tenant.
>>> - API Creation, Publishing, Subscribing and invocation of APIs
>>> - Tested Publisher Access Control
>>> - Tested Store Visibility
>>> - Identity management features such as self sign up, password reset,
>>> password policy, account locking.
>>>
>>> No blockers found. Hence, [+] Stable - go ahead and release.
>>>
>>> Thanks & Regards,
>>> Mushthaq
>>>
>>> On Fri, Oct 25, 2019 at 3:52 AM Samitha Chathuranga 
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> We are pleased to announce the second release candidate of WSO2 API
>>>> Manager 3.0.0.
>>>>
>>>> This release fixes the following issues.
>>>>
>>>>- Fixes : product-apim
>>>>
>>>> <https://github.com/wso2/product-apim/issues?utf8=%E2%9C%93=is%3Aissue+is%3Aclosed+closed%3A2018-09-16..2019-10-24>
>>>>- Fixes : carbon-apimgt
>>>>
>>>> <https://github.com/wso2/carbon-apimgt/issues?utf8=%E2%9C%93=is%3Aissue+is%3Aclosed+closed%3A2018-09-16..2019-10-24+>
>>>>- Fixes : analytics-apim
>>>>
>>>> <https://github.com/wso2/analytics-apim/issues?utf8=%E2%9C%93=is%3Aissue+is%3Aclosed+closed%3A2018-09-16..2019-10-24>
>>>>
>>>> Source and distribution,
>>>> Runtime :
>>>> https://github.com/wso2/product-apim/releases/tag/v3.0.0-rc3
>>>> Analytics :
>>>> https://github.com/wso2/analytics-apim/releases/tag/v3.0.0-rc3
>>>> APIM Tooling :
>>>> https://github.com/wso2/product-apim-tooling/releases/tag/v3.0.0-rc
>>>>
>>>> Please download, test the product and vote.
>>>>
>>>> [+] Stable - go ahead and release
>>>> [-] Broken - do not release (explain why)
>>>>
>>>> Thanks,
>>>> WSO2 API Manager Team
>>>>
>>>>
>>>> --
>>>> *Samitha Chathuranga*
>>>> *Senior Software Engineer*, *WSO2 Inc.*
>>>> lean.enterprise.middleware
>>>> Mobile: +94715123761
>>>>
>>>> [image: http://wso2.com/signature] <http://wso2.com/signature>
>>>>
>>>
>>>
>>> --
>>> Mushthaq Rumy
>>> *Senior Software Engineer*
>>> Mobile : +94 (0) 779 492140
>>> Email : musht...@wso2.com
>>> WSO2, Inc.; http://wso2.com/
>>> lean . enterprise . middleware.
>>>
>>> <http://wso2.com/signature>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>
>>
>> --
>> Chamin Dias
>> Mobile : 0716097455
>> Email : cham...@wso2.com
>> LinkedIn : https://www.linkedin.com/in/chamindias
>>
>> ___
>> Dev mailing list
>> d...@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
> Best Regards
> Dushan Silva
> Software Engineer
>
> *WSO2, Inc. *
>
> lean . enterprise . middleware
> Mob: +94 774 979042
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>


-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Creating a Policy Hub for the Microgateway

[Hasunie Adikari]

When working with a microservice architecture, developers create many
policies to support their applications. These developer teams are often
distributed across multiple locations. It is essential to have a
centralized hub to share and collaborate on these policies. As of my point
of view, it's essential to set up a team-wide policy hab.
How could we plan to maintain a policy hub? Is it a developer-centric hub
or else do we need to maintain common policy hub in  API microgateway.?

Regards,
Hasunie

On Sat, Oct 12, 2019 at 9:13 PM Prasadi Ranasinghe 
wrote:

> Hi Dushan,
>
> Let me further clarify the description on " Creating a Policy Hub for the
> Microgateway ".
> Here, Interceptors ( i.e. request interceptors and response interceptors )
> which we add to the Interceptors Folder in a Microgateway project, are
> regarded as policies.
> Moreover, developers will only be able to pull policies from the policy
> repository to the toolkit.
>
> Thanks.
>
>
> On Sat, Oct 12, 2019 at 12:16 AM Dushan Silva  wrote:
>
>> HI Prasadi,
>> Few questions,
>> 1. When we say policies here i assume we are talking about the throttling
>> policies which we define in policy.yml?
>> 2. Will the developers be able upload the policies directly from the
>> toolkit ? or will they only be able to pull policies from the toolkit
>>
>> On Fri, Oct 11, 2019 at 10:40 AM Prasadi Ranasinghe 
>> wrote:
>>
>>> Hi All,
>>>
>>> This is regarding the project which I will be working on. The objective
>>> of this project is to create a developer community around the microgateway.
>>> The problem of interest is that nowadays inconvenience is caused to
>>> developers when they are working with the microgateway and that they have
>>> to write policies according their requirements, but in that case there is a
>>> tendency of need of similar policies (i.e. Policy reuse).
>>> As the solution in this project a policy repository will be built, so
>>> that  there will be a capability on the Microgateway toolkit which allows
>>> the developers to share and to reuse policies from the hub.
>>> Also as the deliverables a Policy Hub will be created. It is a web site
>>> to search, upload, list policies from the Policy Repository. Along with
>>> this email, I have attached the pdf document which contains the design
>>> diagram relevant to the project.
>>>
>>> Thanks and regards,
>>> Prasadhi Ranasinghe.
>>>
>>> --
>>>
>>> *Prasadhi Ranasinghe * | Intern Engineering | WSO2 Inc.
>>>
>>> +94770834441 | prasad...@wso2.com
>>>
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>
>>
>> --
>> Best Regards
>> Dushan Silva
>> Software Engineer
>>
>> *WSO2, Inc. *
>>
>> lean . enterprise . middleware
>> Mob: +94 774 979042
>>
>
>
> --
>
> *Prasadhi Ranasinghe * | Intern Engineering | WSO2 Inc.
>
> +94770834441 | prasad...@wso2.com
>
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>


-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] Revamping validator filter in API Microgateway

[Hasunie Adikari]

Hi All,

I have been working on JBallerina upgrade for the schema validator filter
which validates the request/response payloads against the schema in the
swagger file. Significant changes have been introduced with the b7 release
and thus we need to revamp the feature accordingly. This is an arduous task
provided that the validation logic has been implemented by ourselves and
not using a third-party library. The validation logic in a sense, it
includes a blend of tasks as below.

1. Primitive type validation

2. Custom type validation

3. Minimum, Maximum length of the integer and query parameters

4. Required field validation

5. Consider (allOf, anyOf ,oneOf) and use with a discriminator

Besides the above, the feature should be compatible with both swagger
versions 2 and 3. There are some drawbacks with the current implementation
such as,

   1.

   Complexity - We have to put unnecessary effort to do generic JSON schema
   validations on our side.
   2.

   Maintainability - We can get future improvements from the library
   instead of writing ourselves.

Hence, I would like to propose to use the third party library everit [1]
which is similar to the synapse gateway and It provides the same
capabilities extensively. If we go ahead with this approach, we just need
to provide the payload and relevant schema model to the validate function
of the library. WDYT?

[1] https://github.com/everit-org/json-schema

Regards,
Hasunie



-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] Basic Authentication and Introspect endpoint support in WSO2 API Microgateway

[Hasunie Adikari]

Hi All,

I have been working on the basic authentication support in WSO2 API
microgateway. We already have the config based authentication support. A
user should be benefited the basic authentication against the user store
configured in a key manager. Hence, we planned to
engage LDAP/AD based on basic authentication. Actually, the microgateway
can implicitly get that comfort from the Ballerina. We just need to give
the LDAP configs in micro-gw.conf to make the connection to a particular
user store(LDAP/AD).

Furthermore, we should have a clear differentiation from the configs in
micro gw.conf for Config and LDAP basic authentication. Hence we planned to
separate the configs as shown below.

[basicAuthenticationConfig]
   userStoretype = "config"
   #userStoretype = "ldap"

Apart from that, there is a problem where someone uses an external identity
provider to authenticate the user except the APIM KM. Let's take an example
like customer knows only the wso2 API Microgateway and they have their own
identity provider. At that point, we should have a proper way to support
introspect endpoint in order to authenticate the request. It seems like we
will have the introspect endpoint support through the upcoming ballerina
1.0 release. We just need to initialize the inboundAuth2provider[1] as a
BearerAuthHandler. Please find a sample code snippet to elaborate the
initialization.

oauth2:IntrospectionServerConfig introspectionServerConfig = {
url: "https://localhost:20102/oauth2/token/introspect;,
clientConfig: {
auth: {
authHandler: basicAuthHandler
}
}
};
oauth2:InboundOAuth2Provider oauth2Provider21 =
new(introspectionServerConfig);
http:BearerAuthHandler oauth2Handler21 = new(oauth2Provider21);

With the introspect endpoint support, new config entry should be introduced
in micro-gw.conf to differentiate the WSO2 KM and an external introspect
endpoint as shown below.
[keyManager]
type="wso2"
   #type="other"

[1]
https://github.com/ballerina-platform/ballerina-lang/blob/master/stdlib/oauth2/src/main/ballerina/src/oauth2/inbound_oauth2_provider.bal



Regards,
Hasunie




-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] Fwd: Updated invitation: [Design-review] Basic authentication support in API Micr... @ Tue Jul 30, 2019 1pm - 2pm (IST) (APIM Team)

[Hasunie Adikari]

+ architecture

-- Forwarded message -
From: Hasunie Adikari 
Date: Tue, Jul 30, 2019 at 3:16 PM
Subject: Re: Updated invitation: [Design-review] Basic authentication
support in API Micr... @ Tue Jul 30, 2019 1pm - 2pm (IST) (APIM Team)
To: APIM Team 
Cc: Nuwan Dias , Rajith Roshan , Chamod
Samarajeewa , Praminda Jayawardana ,
Viraj Gamage , Dushan Silva , Pubudu
Gunatilaka 


Please find the meeting notes.

1. Besides the config based authentication, we are about to support the
LDAP/AD user store based authentication. Hence separate the approaches
through the micro-gw.conf as shown below.
   [basicAuthenticationConfig]
   userStoretype = "config"
   #userStoretype = "ldap"

2. Discussed a way we support third-party identity providers. It is a
competitive feature, hence prioritized it and planned to engage a handler
to cater to the requirement.

3. New config entry should be introduced to differentiate the WSO2 KM and
an external introspect endpoint as shown below.
[keyManager]
type="wso2"
   #type="other"

Regards,
Hasunie

On Tue, Jul 30, 2019 at 10:54 AM Hasunie Adikari  wrote:

> *This event has been changed.*
> more details »
> <https://www.google.com/calendar/event?action=VIEW=MThncGc0NHE0Y2h1azJrcHY1bzB2cTNuN3IgYXBpbS1ncm91cEB3c28yLmNvbQ=MTYjaGFzdW5pZUB3c28yLmNvbWNjNGI4YTNkMTY1YTJkYTY2ZGE4MWZhZjkwNDA3MWI4Y2NhN2RhZmI=Asia%2FColombo=en=0>
> [Design-review] Basic authentication support in API Microgateway
>
> *When*
> *Changed: *Tue Jul 30, 2019 1pm – 2pm India Standard Time - Colombo
> *Where*
> *Changed: *LK 6th Floor Meeting Room - Dijkstra Ext:1005650 (map
> <https://www.google.com/maps/search/LK+6th+Floor+Meeting+Room+-+Dijkstra+Ext:1005650?hl=en>
> )
> *Calendar*
> APIM Team
> *Who*
> •
> Hasunie Adikari - organizer
> •
> Nuwan Dias
> •
> Rajith Roshan
> •
> Viraj Gamage
> •
> Chamod Samarajeewa
> •
> prami...@wso2.com
> •
> APIM Team
> •
> Pubudu Gunatilaka
> •
> Dushan Silva
> I have been working on basic authentication support in WSO2 API
> microgateway. We already have implemented the config based authentication
> approach. The user should be benefited the basic authentication against the
> user store configured in the key manager.
>
>
> Points to be discussed :
>
> 1.) When we inject the LDAP user store with ballerina handlers, eventually
> the micro-gw directly contacts the LDAP and authenticate the request.
> Need to make sure the approach because most of the time, gateway won't
> share user stores.
>
> 2.) What would be the scenario like someone use an external identity
> provider to authenticate the requests?
>
> Going (apim-gr...@wso2.com)?   *Yes
> <https://www.google.com/calendar/event?action=RESPOND=MThncGc0NHE0Y2h1azJrcHY1bzB2cTNuN3IgYXBpbS1ncm91cEB3c28yLmNvbQ=1=MTYjaGFzdW5pZUB3c28yLmNvbWNjNGI4YTNkMTY1YTJkYTY2ZGE4MWZhZjkwNDA3MWI4Y2NhN2RhZmI=Asia%2FColombo=en=0>
> - Maybe
> <https://www.google.com/calendar/event?action=RESPOND=MThncGc0NHE0Y2h1azJrcHY1bzB2cTNuN3IgYXBpbS1ncm91cEB3c28yLmNvbQ=3=MTYjaGFzdW5pZUB3c28yLmNvbWNjNGI4YTNkMTY1YTJkYTY2ZGE4MWZhZjkwNDA3MWI4Y2NhN2RhZmI=Asia%2FColombo=en=0>
> - No
> <https://www.google.com/calendar/event?action=RESPOND=MThncGc0NHE0Y2h1azJrcHY1bzB2cTNuN3IgYXBpbS1ncm91cEB3c28yLmNvbQ=2=MTYjaGFzdW5pZUB3c28yLmNvbWNjNGI4YTNkMTY1YTJkYTY2ZGE4MWZhZjkwNDA3MWI4Y2NhN2RhZmI=Asia%2FColombo=en=0>*
> more options »
> <https://www.google.com/calendar/event?action=VIEW=MThncGc0NHE0Y2h1azJrcHY1bzB2cTNuN3IgYXBpbS1ncm91cEB3c28yLmNvbQ=MTYjaGFzdW5pZUB3c28yLmNvbWNjNGI4YTNkMTY1YTJkYTY2ZGE4MWZhZjkwNDA3MWI4Y2NhN2RhZmI=Asia%2FColombo=en=0>
>
> Invitation from Google Calendar <https://www.google.com/calendar/>
>
> You are receiving this courtesy email at the account apim-gr...@wso2.com
> because you are an attendee of this event.
>
> To stop receiving future updates for this event, decline this event.
> Alternatively you can sign up for a Google account at
> https://www.google.com/calendar/ and control your notification settings
> for your entire calendar.
>
> Forwarding this invitation could allow any recipient to send a response to
> the organizer and be added to the guest list, or invite others regardless
> of their own invitation status, or to modify your RSVP. Learn More
> <https://support.google.com/calendar/answer/37135#forwarding>.
>


-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876



-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [DEV] [VOTE] Release WSO2 API Microgateway 3.0.1 RC3

[Hasunie Adikari]

Tested the following scenarios.

- etcd support
- API level/resource level throttling for open API based API
- Application level throttling for imported APIs
- Override endpoint URLs
- Mutual SSL

No blockers found.
*[+] Stable - Go ahead and release*

Regards,
Hasunie


On Mon, Jun 10, 2019 at 5:57 PM Malintha Amarasinghe 
wrote:

> Tested:
> - Importing APIs with scopes
> - basic CORS support
>
> No blockers found.
> *[+] Stable - Go ahead and release.*
>
>
> On Mon, Jun 10, 2019 at 5:51 PM Menaka Jayawardena 
> wrote:
>
>> Tested following.
>> - Basic flow with JWT token
>> - Resource level throttling
>> - Request/ Response intercepting.
>>
>> No blockers found.
>> *[+] Stable - Go ahead and release*
>>
>> On Mon, Jun 10, 2019 at 4:26 PM Praminda Jayawardana 
>> wrote:
>>
>>> Tested followings,
>>>
>>>- Basic flow with import APIs
>>>- Basic Auth
>>>- Analytics file writing/ uploading/ APIM Dashboard visibility
>>>
>>> No blockers found.
>>> *[+] Stable - Go ahead and release*
>>>
>>> Thanks,
>>> Praminda
>>>
>>> On Mon, Jun 10, 2019 at 2:01 PM Rajith Roshan  wrote:
>>>
>>>> Tested the following scenarios.
>>>>
>>>>
>>>>- Basic throttling
>>>>- Custom application throttling for open API based api and imported
>>>>APIs
>>>>- Custom subscription throttling for imported APIs
>>>>- Global throttling
>>>>- Basic flow in dev first approach
>>>>- Load balance and fail over endpoints
>>>>
>>>> No blockers found.
>>>> *[+] Stable - Go ahead and release*
>>>>
>>>> Thanks!
>>>> Rajith
>>>>
>>>> On Sun, Jun 9, 2019 at 10:25 AM Praminda Jayawardana 
>>>> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> WSO2 Api Manager team is pleased to announce the third release
>>>>> candidate of WSO2 API Microgateway 3.0.1.
>>>>>
>>>>> The WSO2 API Microgateway is a lightweight, gateway distribution which
>>>>> can be used with single or multiple APIs.
>>>>>
>>>>> Please find the improvements and fixes related to this release in Fixed
>>>>> issues
>>>>> <https://github.com/wso2/product-microgateway/issues?utf8=%E2%9C%93=is%3Aissue+closed%3A2018-10-12..2019-06-09>
>>>>>
>>>>> Download the product from here
>>>>> <https://github.com/wso2/product-microgateway/releases/tag/v3.0.1-rc3>
>>>>>
>>>>> The Tag to be voted upon is
>>>>> https://github.com/wso2/product-microgateway/releases/tag/v3.0.1-rc3
>>>>>
>>>>> Please download, test the product and vote.
>>>>>
>>>>> *[+] Stable - Go ahead and release*
>>>>>
>>>>> *[-] Broken - Do not release *(explain why)
>>>>>
>>>>>
>>>>> Documentation: https://docs.wso2.com/display/MG301/
>>>>>
>>>>> Best Regards,
>>>>> WSO2 API Manager Team
>>>>>
>>>>
>>>>
>>>> --
>>>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>>>> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>>>>
>>>> <https://wso2.com/signature>
>>>>
>>>
>>>
>>> --
>>>
>>> *Praminda Jayawardana* | Senior Software Engineer | WSO2 Inc.
>>> (m) +94 (0) 716 590918 | (e) prami...@wso2.com
>>> GET INTEGRATION AGILE
>>> Integration Agility for Digitally Driven Business
>>> ___
>>> Dev mailing list
>>> d...@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>
>>
>> --
>>
>> *Menaka Jayawardena*
>> Senior Software Engineer | WSO2 Inc.
>> +94 71 350 5470 | +94 76 717 2511 | men...@wso2.com
>>
>> <https://wso2.com/signature>
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>
>
> --
> Malintha Amarasinghe
> *WSO2, Inc. - lean | enterprise | middleware*
> http://wso2.com/
>
> Mobile : +94 712383306
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 
*Hasunie Adikari*
Associate Technical Lead
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [DEV] [VOTE] Release WSO2 API Microgateway 3.0.0 RC1

[Hasunie Adikari]

Tested the following scenarios.

- Follow the dev first approach and build the pet-store project.

  - Override endpoint per resource.

  - API / resource level request interceptors.

  - Schema validation.

- Import API from APIM manager and tested.

[+] Stable - Go ahead and release.



Regards,

Hasunie



On Tue, May 21, 2019 at 10:02 PM Praminda Jayawardana 
wrote:

> Hi All,
>
> WSO2 Api Manager team is pleased to announce the first release candidate
> of WSO2 API Microgateway 3.0.0.
>
> The WSO2 API Microgateway is a lightweight, gateway distribution (WSO2 API
> Microgateway) which can be used with single or multiple APIs.
>
> Please find the improvements and fixes related to this release in Fixed
> issues
> <https://github.com/wso2/product-microgateway/issues?utf8=%E2%9C%93=is%3Aissue+closed%3A2018-10-12..2019-05-21>
>
> Download the product from here
> <https://github.com/wso2/product-microgateway/releases/tag/v3.0.0-rc1>
>
> The Tag to be voted upon is
> https://github.com/wso2/product-microgateway/releases/tag/v3.0.0-rc1
>
> Please download, test the product and vote.
>
> *[+] Stable - Go ahead and release*
>
> *[-] Broken - Do not release *(explain why)
>
>
> Documentation: https://docs.wso2.com/display/MG300/
>
> Best Regards,
> WSO2 API Manager Team
>


-- 
*Hasunie Adikari*
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] API schema based request/response validator for Microgateway.

[Hasunie Adikari]

I have implemented the JSON schema validator [1][2] for APIM 2.6 and
planned to release it as an update. We have provided a per API level option
to enable the schema validator at the API design phase. We keep an RXT
 field to determine if the JSON schema validation is enabled or not for a
particular API. Please find the documentation [3] of JSON schema validator
for APIM 2.6.

We have also evaluated the validator mediator to check the feasibility of
fulfilling this requirement. IMO it is extremely hard to implement a
perfect validator which validates all the resource paths against the
schemas which are defined in the swagger definition. Thus, we have
developed our own implementation using a class mediator.

@Shalika
As I have understood from the mail, you have come up with two possible
solutions to validate the request/response messages. When it comes to the
third-party library option, I have experienced some limitations with the
Everit library. However, it was the best viable option among other
libraries such as swagger inflector, Atlassian JSON schema validator, and the
java json tool schema validator. Please find the documentation for the
library evaluation [4] we did.

Your second option might be a good initiative for the future adoptions. If
we can create our own implementation, it will produce a well defined and
flexible validator rather than doing unnecessary coding in order to avoid
third-party library limitations.


[1] [Architecture] [APIM] Json Schema Validation
[2] Invitation: Design Review - Json Schema Validation
[3]
https://docs.google.com/document/d/14AYpwVtRMpe2-KbFILRqRzFA-_Gt7nlHZCCCPzs0jw0/edit?usp=sharing
[4] https://docs.google.com/document/d/1rYBXD3j_ql06ayN2G-Z_
W1liJRTOIknuCrTZqSEUyho/edit?usp=sharing

Regards,
Hasunie


On Fri, Sep 14, 2018 at 10:42 PM, Firzhan Naqash  wrote:

> Hi Shalika,
>
> This particular validation functionality has been partially implemented
> (Without UI support) across various customer implementations.
>
> However, before implementing this feature, we should be able to consider
> having options to use JSON schema validation options at the resource level
> or on a global level.
>
> I have already done a custom handler implementation for JSON validation by
> using the json*-schema-validator *library which is being used with the
> EI's Validator mediator. AFAIK Lahiru implemented a comprehensive JSON
> schema validation library.
>
> Regards,
> Firzhan
>
>
> email: firz...@wso2.com
> mobile: (+94) 77 9785674 <%28%2B94%29%2071%205247551>*|
> blog: http://firzhanblogger.blogspot.com/
> <http://firzhanblogger.blogspot.com/>  <http://suhothayan.blogspot.com/>*
> *twitter: https://twitter.com/firzhan007
> <https://twitter.com/firzhan007> | linked-in: 
> **https://www.linkedin.com/in/firzhan
> <https://www.linkedin.com/in/firzhan>*
>
>
> On Fri, Sep 14, 2018 at 9:49 AM Hasunie Adikari  wrote:
>
>> Hi Shalika,
>>
>> Could you please elaborate more on how are we planning to store the
>> swagger definition in the API Gateway runtime?
>>
>> Regards,
>> Hasunie
>>
>> On Fri, Sep 14, 2018 at 3:33 PM, Shalki Wenushika 
>> wrote:
>>
>>> Hi All,
>>>
>>> Problem
>>>
>>>
>>>-
>>>
>>>Current microgateway version does not have an approach to validate
>>>requests/responses.
>>>-
>>>
>>>Validating request/response based on a predefined API schema is
>>>helpful to ensure whether the user have sent the request
>>>according to the schema and also to ensure whether the back-end have sent
>>>the correct response to the request.
>>>
>>> Solution
>>>
>>>
>>>-
>>>
>>>Store the swagger definition within gateway runtime.
>>>-
>>>
>>>When a user sends a request to the microgateway, validate the
>>>request using the swagger file.
>>>-
>>>
>>>If valid, send the request to the back-end or otherwise send an
>>>error message to the user.
>>>-
>>>
>>>And when the back-end sends response to the request, validate the
>>>response using the swagger file.
>>>-
>>>
>>>If valid, send the response to the user or otherwise send an error
>>>message.
>>>
>>>
>>> Implementation
>>>
>>>
>>>-
>>>
>>>Two solutions exist for this problem.
>>>
>>> 01. First solution is to validate request/response using everit JSON
>>> schema validator.
>>>
>>> 02. Implemen

Re: [Architecture] API schema based request/response validator for Microgateway.

[Hasunie Adikari]

Hi Shalika,

Could you please elaborate more on how are we planning to store the swagger
definition in the API Gateway runtime?

Regards,
Hasunie

On Fri, Sep 14, 2018 at 3:33 PM, Shalki Wenushika 
wrote:

> Hi All,
>
> Problem
>
>
>-
>
>Current microgateway version does not have an approach to validate
>requests/responses.
>-
>
>Validating request/response based on a predefined API schema is
>helpful to ensure whether the user have sent the request according
>to the schema and also to ensure whether the back-end have sent the correct
>response to the request.
>
> Solution
>
>
>-
>
>Store the swagger definition within gateway runtime.
>-
>
>When a user sends a request to the microgateway, validate the
>request using the swagger file.
>-
>
>If valid, send the request to the back-end or otherwise send an error
>message to the user.
>-
>
>And when the back-end sends response to the request, validate the
>response using the swagger file.
>-
>
>If valid, send the response to the user or otherwise send an error
>message.
>
>
> Implementation
>
>
>-
>
>Two solutions exist for this problem.
>
> 01. First solution is to validate request/response using everit JSON
> schema validator.
>
> 02. Implement a request/response validator in Ballerina.
>
> For that swagger-model-validator for Node.js can be convert in to
> Ballerina.
>
>
>
> Fig 1: Validating a request
>
> Fig 2: Validating a
> response
>
>
> Thank you!
>
> --
>
> *Shalki Wenushika*
> *Software engineering Intern*
> WSO2  (University of Moratuwa)
> *mobile *: *+94 716792399* |   *email *:
> <http://c.content.wso2.com/signatures/wso2-signature-general.png>
> wenush...@wso2.com
>
>
>
>


-- 
*Hasunie Adikari*
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [APIM] Json Schema Validation

[Hasunie Adikari]

   }*
>>>>>
>>>>> *  }*
>>>>>
>>>>> *],*
>>>>>
>>>>>
>>>>>- Add a new check-box to enable the json-schema in UI in the
>>>>>publisher level.
>>>>>- If check-box enabled, at the point of generating API synapse
>>>>>configuration, we can add the schema to a local entry which the name 
>>>>> of the
>>>>>local entry will be UUID + api+ resource version.
>>>>>- We can add a property to hold the local entry name related with
>>>>>UUID and add a class mediator inside each resource definition.
>>>>>- Class mediator should make use of that property to get the schema
>>>>>
>>>>> In this situation, will there be many local entries per API? Do we
>>> have any mechanism to handle those kind of scenarios?
>>>
>>> Regards,
>>>>> Sivaramya Sivanathan
>>>>> Associate Software Engineer | WSO2
>>>>> Tel: 0770874960 <077%20087%204960>
>>>>> WSO2 Inc : http://wso2.org
>>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.org=D=1=AFQjCNE_eTDfyl2ibPcq0hcXvRDNVuQmMg>
>>>>> LinkedIn | www.linkedin.com/in/sivaramya
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> *Sanjeewa Malalgoda*
>>>> WSO2 Inc.
>>>> Mobile : +94713068779 <+94%2071%20306%208779>
>>>>
>>>> <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.
>>>> blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
>>>>
>>>>
>>>>
>>>> ___
>>>> Architecture mailing list
>>>> Architecture@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>> Chamin Dias
>>> Mobile : 0716097455
>>> Email : cham...@wso2.com
>>> LinkedIn : https://www.linkedin.com/in/chamindias
>>>
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> Megala Uthayakumar
>>
>> Senior Software Engineer
>> Mobile : 0779967122
>>
> --
> Nuwan Dias
>
> Software Architect - WSO2, Inc. http://wso2.com
> email : nuw...@wso2.com
> Phone : +94 777 775 729
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
*Hasunie Adikari*
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 IoT Server 3.2.0 RC3

[Hasunie Adikari]

Hi All,

Successfully tested the following

i.  Android BYOD Device enrollment.
ii. Android Restriction policy.
ii. Invoked operations: Ring, Device Lock, Location, Mute, Change Lock
code.

I am +1 for this release.

Regards
Hasunie


On Thu, Mar 1, 2018 at 9:48 AM, Milan Perera <mi...@wso2.com> wrote:

> Hi all,
>
> I have tested the data archival feature in MySQL 5.5, 5.6, and 5.7 and it
> works as expected.
>
> [+] Stable - Go ahead and release
>
> Regards,
>
>
> On Thu, Mar 1, 2018 at 2:40 AM, Rasika Perera <rasi...@wso2.com> wrote:
>
>> Hi Devs,
>>
>> We are pleased to announce the release candidate of WSO2 IoT Server 3.2.0
>> .
>>
>> This is the third release candidate (RC) of the WSO2 IoT Server 3.2.0
>> release.
>>
>> This release carries 275+ issue fixes [1-12] over the last GA (3.1.0)
>> release.
>>
>> Reported Issues:
>>
>>- https://github.com/wso2/product-iots/issues
>>
>> Source and distribution packages:
>>
>>- https://github.com/wso2/product-iots/releases/tag/v3.2.0-RC3
>>
>> Tag to be voted upon:
>>
>>- https://github.com/wso2/product-iots/releases/tag/v3.2.0-RC3
>>
>> Please download, test, and vote. The README file under the distribution
>> contains guide and instructions on how to try it out locally.
>>
>> [+] Stable - Go ahead and release
>> [-] Broken - Do not release (explain why)
>>
>> [1] https://github.com/wso2/product-iots/milestone/3?closed=1
>> [2] https://github.com/wso2/product-iots/milestone/4?closed=1
>> [3] https://github.com/wso2/product-iots/milestone/5?closed=1
>> [4] https://github.com/wso2/product-iots/milestone/6?closed=1
>> [5] https://github.com/wso2/product-iots/milestone/7?closed=1
>> [6] https://github.com/wso2/product-iots/milestone/11?closed=1
>> [7] https://github.com/wso2/product-iots/milestone/12?closed=1
>> [8] https://github.com/wso2/product-iots/milestone/13?closed=1
>> [9] https://github.com/wso2/product-iots/milestone/14?closed=1
>> [10] https://github.com/wso2/product-iots/milestone/18?closed=1
>> [11] https://github.com/wso2/product-iots/milestone/19?closed=1
>> [12] https://github.com/wso2/product-iots/milestone/20?closed=1
>>
>> Regards,
>> The WSO2 IoT Team.
>>
>> --
>> With Regards,
>>
>> *Rasika Perera*
>> Senior Software Engineer
>> LinkedIn: http://lk.linkedin.com/in/rasika90
>>
>> <http://wso2.com/signature>
>>
>> WSO2 Inc. www.wso2.com
>> lean.enterprise.middleware
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "WSO2 IoT Team Group" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to iot-group+unsubscr...@wso2.com.
>> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>>
>
>
>
> --
> *Milan Perera *| Senior Software Engineer
> WSO2, Inc | lean. enterprise. middleware.
> #20, Palm Grove, Colombo 03, Sri Lanka
> Mobile: +94 77 309 7088 | Work: +94 11 214 5345
> Email: mi...@wso2.com <ar...@wso2.com> | Web: www.wso2.com
> <http://lk.linkedin.com/in/milanharinduperera>
> <https://wso2.com/signature>
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Hasunie Adikari*
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [RRT] XML, JSON, Shema validation threat protectors in APIM 2.1.x

[Hasunie Adikari]

Hi all,

I encounter an issue while writing a unit test to clone the input stream. I
implemented the cloning method[1] a way that gets the input stream from the
passthrough pipe. As I discussed with the EI team, We can't mock the pipe
and also there were some obstacles for creating the pipe and I addressed
the issue in the same mail thread. So I am gonna create packeage private
clone method to continue the unit test flow.

[1] Pipe pipe = (Pipe)
axis2MC.getProperty(PassThroughConstants.PASS_THROUGH_PIPE);
BufferedInputStream bufferedInputStream = null;
Map<String, InputStream> inputStreams = null;
InputStream inputStreamSchema;
InputStream inputStreamXml;
   -
if (pipe != null) {
bufferedInputStream = new
BufferedInputStream(pipe.getInputStream());
}
if (bufferedInputStream != null) {
ByteArrayOutputStream byteArrayOutputStreamSchema = new
ByteArrayOutputStream();
byte[] buffer = new byte[1024];
int length;

while ((length = bufferedInputStream.read(buffer)) > -1) {
byteArrayOutputStreamSchema.write(buffer, 0, length);
}
byteArrayOutputStreamSchema.flush();
inputStreamMap = new HashMap<>();
inputStreamSchema = new
ByteArrayInputStream(byteArrayOutputStreamSchema.toByteArray());
inputStreamXml = new
ByteArrayInputStream(byteArrayOutputStreamSchema.toByteArray());
inputStreamSql = new
ByteArrayInputStream(byteArrayOutputStreamSchema.toByteArray());
  --
inputStreams.put("Schema", inputStreamSchema);
inputStreams.put("XML", inputStreamXml);
  ---
}

Regards
Hasunie

On Tue, Jan 9, 2018 at 11:08 PM, Hasunie Adikari <hasu...@wso2.com> wrote:

> Hi all,
>
> As I discussed with Isuru, There are some possible approaches to overcome
> the issue.
>
> 1. Create a new pass through pipe.
>- The data will be written to the pipe by a spawned thread and current
> thread will be consuming the data and continuing the message flow. We went
> through the pipe creation logic and seemed it tightly coupled with
> encoding, decoding methodologies so that it can't be
>   implemented at APIM level.
>
> 2. Change the synapse level logic to get the ByteArrayInputstream and
> write it into the response.
>- It can be but have to thoroughly go through and do it carefully
> unless the default message flow would be affected.
>
> 3. Build the message by invoking RelayUtils.buildMessage() at the
> validator mediator after successfully parsing all the validators.
> - It will be slightly affected the performance but this is the
> straightforward solution at this moment.
>
> I have improved the code by applying the 3rd option as we discussed.
> Setting the PassThroughConstants.BUFFERED_INPUT_STREAM has an effect now
> onwards since we changed a way that building the message to achieve the
> content aware behavior which seeks the
> inputream from the axis2 message context instead of the original
> inputstream.
>
>
> Regards
> Hasunie
>
>
>
> On Tue, Jan 9, 2018 at 4:41 PM, Isuru Udana <isu...@wso2.com> wrote:
>
>> Hi Hasunie,
>>
>> As we discussed, setting the PassThroughConstants.BUFFERED_INPUT_STREAM
>> has no effect on the flow in this case and Passthough Sender still seek
>> content from the original input stream which got empty due to this cloning
>> logic. That's the reason for this behaviour.
>>
>> Thanks.
>>
>>
>>
>> On Tue, Jan 9, 2018 at 11:43 AM, Hasunie Adikari <hasu...@wso2.com>
>> wrote:
>>
>>> Hi Isuru,
>>>
>>> As we discussed, I cloned the input stream by consuming the passthrough
>>> pipe as in below.
>>>
>>>
>>> if (pipe != null) {
>>> bufferedInputStream = new BufferedInputStream(pipe.getIn
>>> putStream());
>>>
>>> }
>>> ByteArrayOutputStream byteArrayOutputStream = new
>>> ByteArrayOutputStream();
>>> byte[] buffer = new byte[1024];
>>> int len;
>>> while ((len = bufferedInputStream.read(buffer)) > -1 ) {
>>> byteArrayOutputStream.write(buffer, 0, len);
>>> }
>>> byteArrayOutputStream.flush();
>>>
>>>
>>> InputStream is1 = new ByteArrayInputStream(byteArray
>>> OutputStream.toByteArray());
>>> InputStream is2 = new ByteArrayInputStream(byteArray
>>> OutputStream.toByteArray());
>>>
>>> consume the clones for the validation and set another clone as a
>>> buffereInputstream property in the axis2messagecontext.
>>

Re: [Architecture] [RRT] XML, JSON, Shema validation threat protectors in APIM 2.1.x

[Hasunie Adikari]

Hi all,

As I discussed with Isuru, There are some possible approaches to overcome
the issue.

1. Create a new pass through pipe.
   - The data will be written to the pipe by a spawned thread and current
thread will be consuming the data and continuing the message flow. We went
through the pipe creation logic and seemed it tightly coupled with
encoding, decoding methodologies so that it can't be
  implemented at APIM level.

2. Change the synapse level logic to get the ByteArrayInputstream and write
it into the response.
   - It can be but have to thoroughly go through and do it carefully unless
the default message flow would be affected.

3. Build the message by invoking RelayUtils.buildMessage() at the validator
mediator after successfully parsing all the validators.
- It will be slightly affected the performance but this is the
straightforward solution at this moment.

I have improved the code by applying the 3rd option as we discussed.
Setting the PassThroughConstants.BUFFERED_INPUT_STREAM has an effect now
onwards since we changed a way that building the message to achieve the
content aware behavior which seeks the
inputream from the axis2 message context instead of the original
inputstream.


Regards
Hasunie



On Tue, Jan 9, 2018 at 4:41 PM, Isuru Udana <isu...@wso2.com> wrote:

> Hi Hasunie,
>
> As we discussed, setting the PassThroughConstants.BUFFERED_INPUT_STREAM
> has no effect on the flow in this case and Passthough Sender still seek
> content from the original input stream which got empty due to this cloning
> logic. That's the reason for this behaviour.
>
> Thanks.
>
>
>
> On Tue, Jan 9, 2018 at 11:43 AM, Hasunie Adikari <hasu...@wso2.com> wrote:
>
>> Hi Isuru,
>>
>> As we discussed, I cloned the input stream by consuming the passthrough
>> pipe as in below.
>>
>>
>> if (pipe != null) {
>> bufferedInputStream = new BufferedInputStream(pipe.getIn
>> putStream());
>>
>> }
>> ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
>> byte[] buffer = new byte[1024];
>> int len;
>> while ((len = bufferedInputStream.read(buffer)) > -1 ) {
>> byteArrayOutputStream.write(buffer, 0, len);
>> }
>> byteArrayOutputStream.flush();
>>
>>
>> InputStream is1 = new ByteArrayInputStream(byteArray
>> OutputStream.toByteArray());
>> InputStream is2 = new ByteArrayInputStream(byteArray
>> OutputStream.toByteArray());
>>
>> consume the clones for the validation and set another clone as a
>> buffereInputstream property in the axis2messagecontext.
>>
>> BufferedInputStream bufferedInputStreamOriginal = new
>> BufferedInputStream(inputStreamOriginal);
>> axis2MC.setProperty(PassThroughConstants.BUFFERED_INPUT_STREAM,
>> bufferedInputStreamOriginal);
>>
>> I'm still getting the stream closed issue only for correct the messages
>> which have been passed through multiple validators. If the validators throw
>> an exception, the request is getting build and generate the custom response
>> as expected. It seems like we implemented a way that gets the inputstream
>> from the passthrough pipe for the content unaware flows. Unless it uses
>> to get the inputstream from the messagecontext. It was proven once I
>> attached an empty content aware mediator and test the same flow. I was
>> able to observe the expected behaviour for the same implementation with the
>> content aware mediator.
>>
>> Do we have a way to define cloned input stream as an original
>> inputstream in passthrough pipe?
>>
>>
>> Regards
>> Hasunie
>>
>>
>>
>>
>>
>>
>> On Wed, Jan 3, 2018 at 9:21 AM, Isuru Udana <isu...@wso2.com> wrote:
>>
>>> Hi Dushan,
>>>
>>> On Wed, Jan 3, 2018 at 9:06 AM, Dushan Abeyruwan <dus...@wso2.com>
>>> wrote:
>>>
>>>> Hi Hasunie,
>>>>   Current PTT design would build the message whenever if there is
>>>> content aware mediator available. However IIRC, I did this 
>>>> *message.builder.the
>>>> invoked* thing to cope with the WSO2 ELB we had (a few years ago).
>>>>
>>> No. I think it was *force.passthrough.builder *property which you
>>> introduced for ELB requirement.
>>>
>>> To be honest, that looks ugly isn it (in terms of overall picture).
>>>> Basically, what it does; even if there are content-aware mediators, the
>>>> engine would forcefully ignore that (it was ELB requirement :) ) but for
>>>> APIM I don't think that would be the same, cos we may have to deal with
>>

Re: [Architecture] [RRT] XML, JSON, Shema validation threat protectors in APIM 2.1.x

[Hasunie Adikari]

Hi Isuru,

As we discussed, I cloned the input stream by consuming the passthrough
pipe as in below.


if (pipe != null) {
bufferedInputStream = new
BufferedInputStream(pipe.getInputStream());

}
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
byte[] buffer = new byte[1024];
int len;
while ((len = bufferedInputStream.read(buffer)) > -1 ) {
byteArrayOutputStream.write(buffer, 0, len);
}
byteArrayOutputStream.flush();


InputStream is1 = new
ByteArrayInputStream(byteArrayOutputStream.toByteArray());
InputStream is2 = new
ByteArrayInputStream(byteArrayOutputStream.toByteArray());

consume the clones for the validation and set another clone as a
buffereInputstream property in the axis2messagecontext.

BufferedInputStream bufferedInputStreamOriginal = new
BufferedInputStream(inputStreamOriginal);
axis2MC.setProperty(PassThroughConstants.BUFFERED_INPUT_STREAM,
bufferedInputStreamOriginal);

I'm still getting the stream closed issue only for correct the messages
which have been passed through multiple validators. If the validators throw
an exception, the request is getting build and generate the custom response
as expected. It seems like we implemented a way that gets the inputstream
from the passthrough pipe for the content unaware flows. Unless it uses to
get the inputstream from the messagecontext. It was proven once I attached
an empty content aware mediator and test the same flow. I was able to
observe the expected behaviour for the same implementation with the content
aware mediator.

Do we have a way to define cloned input stream as an original
inputstream in passthrough pipe?


Regards
Hasunie






On Wed, Jan 3, 2018 at 9:21 AM, Isuru Udana <isu...@wso2.com> wrote:

> Hi Dushan,
>
> On Wed, Jan 3, 2018 at 9:06 AM, Dushan Abeyruwan <dus...@wso2.com> wrote:
>
>> Hi Hasunie,
>>   Current PTT design would build the message whenever if there is content
>> aware mediator available. However IIRC, I did this *message.builder.the
>> invoked* thing to cope with the WSO2 ELB we had (a few years ago).
>>
> No. I think it was *force.passthrough.builder *property which you
> introduced for ELB requirement.
>
> To be honest, that looks ugly isn it (in terms of overall picture).
>> Basically, what it does; even if there are content-aware mediators, the
>> engine would forcefully ignore that (it was ELB requirement :) ) but for
>> APIM I don't think that would be the same, cos we may have to deal with
>> many use cases sometimes of cause with content aware flows with API
>> compositions etc etc.
>>
>> So, let's think what we can do here; regex and XML threat protectors
>> equally important if security is priority thus,  we would no longer able to
>> achieve the same core basic aspect (content none awareness) because, such
>> protections required you to walk through the nodes and verify some aspects
>> (basically, you need to expand the xml node tree to get result set) in that
>> way, it is required the message to be build. Anyway, what I would think the
>> best approach here is not to change complete synapse content awareness
>> logic rather I would think you may have mediator in place but only if such
>> protection engaged that may build the message to get XML inforset (rather
>> build through root, may be you can mark this meditor as content-aware
>> false, then build if message not already build prior to process)
>>
>> IMO, lets just not complicate the what we try to build around message
>> validation. I mean if we need such protection we may need to sacrify some
>> aspects am I?
>>
>> Cheers,
>> Dushan
>>
>> On Tue, Jan 2, 2018 at 8:08 AM, Vinod Kavinda <vi...@wso2.com> wrote:
>>
>>> Hi Hasunie,
>>>
>>> This is expected since the synapse engine now expecting an already built
>>> message. If I understood your requirement correctly, one option is to use a
>>> Builder Mediator before using any content aware mediator. Even though we do
>>> not recommend the Builder mediators now, still we can use it for your
>>> specific use case. Or you have to revert the *message.builder.invoked *
>>> property to *false *again*.*
>>>
>>> Regards,
>>> Vinod
>>>
>>> On Tue, Jan 2, 2018 at 5:22 PM, Hasunie Adikari <hasu...@wso2.com>
>>> wrote:
>>>
>>>> I'm trying to combine SQL injection(Regex) threat protector with the
>>>> XML threat protector. So I created a sequence[1] with XMLthreatprotector
>>>> mediator and regex mediator consecutively and uploaded it to be able to
>>>> validate the request message through both the xml validator and regex
>>>> v

Re: [Architecture] [RRT] XML, JSON, Shema validation threat protectors in APIM 2.1.x

[Hasunie Adikari]

Hi Isuru,

Here we are trying to avoid building the message in gateway itself
since building
the entire malicious payload may lead gateway crashes. Instead of counting
limits after building the tree, We manually build the message through
third-party library and parser will keep counting nodes while parsing
object. So when the limit hit, it will terminate the process and stop
further processing. We have planned to thwart following attacks[1].Here we
provide both depth limits and schema validations.

[1]
XML Bomb
Coercive Parsing
XXE (External Entity Attacks)
Schema Poisoning
Buffer Overflows


Regards
Hasunie

On Tue, Jan 2, 2018 at 8:22 PM, Isuru Udana <isu...@wso2.com> wrote:

> Hi Hasunie,
>
> Are we gaining a significant performance improvement in this approach by
> making mediators content-unaware ?
> To perform these validations messages should be built and we are
> internally using woodstox in our builders too.
>
> At mediator level generally we shouldn't mess-up with input-streams,
> buffers and these various internal properties in Passthrough Transport.
> If it is inevitable, we need to be extra careful as these are very
> sensitive.
>
> Thanks.
>
> On Tue, Jan 2, 2018 at 5:22 PM, Hasunie Adikari <hasu...@wso2.com> wrote:
>
>> I'm trying to combine SQL injection(Regex) threat protector with the XML
>> threat protector. So I created a sequence[1] with XMLthreatprotector
>> mediator and regex mediator consecutively and uploaded it to be able to
>> validate the request message through both the xml validator and regex
>> validators. If I set the *message.builder.invoked *property to *TRUE *in xml 
>> validator
>> mediator to avoid sending the content in pass-through pipe(request
>> message) as the response, Regex mediators is getting failed. The regex
>> mediator was designed a way that the incoming messages are built in synapse
>> level and eveluate the message content at the mediator level. It seems
>> like we can't continue any mediators which are required to get the message
>> content, after we manually set the aforementioned property to true in the
>> previous mediator. If I set it to true, RelayUtill will skip building the
>> message as in here [2]. Any thoughts regarding the issue. I'm currently
>> working on the issue to be able to combine regex and XML threat protectors.
>> [2]
>>
>> if (pipe != null
>> && !Boolean.TRUE.equals(messageContext
>> 
>> .getProperty(PassThroughConstants.MESSAGE_BUILDER_INVOKED)) && forcePTBuild) 
>> {
>> InputStream in = pipe.getInputStream();
>>
>> Object http_sc = messageContext.getProperty(NhttpConstants.HTTP_SC);
>> if (http_sc != null && http_sc instanceof Integer && 
>> http_sc.equals(202)) {
>> 
>> messageContext.setProperty(PassThroughConstants.MESSAGE_BUILDER_INVOKED,
>>Boolean.TRUE);
>> return;
>> }
>>
>> builldMessage(messageContext, earlyBuild, in);
>> return;
>> }
>>
>>
>>
>> [1]
>> http://ws.apache.org/ns/synapse; name="validator">
>> > value="SQL-Injection and XML validator"/>
>> 
>> 
>>  
>> 
>>--
>>     
>> *> name="org.wso2.carbon.apimgt.gateway.mediators.XMLSchemaValidator"/>*
>> > expression="get-property('enabledCheckPathParams')"
>> value="true"/>
>> 
>> 
>>  --
>> *> name="org.wso2.carbon.apimgt.gateway.mediators.RegularExpressionProtector"/>*
>> 
>> 
>> 
>> 
>> 
>> 
>>
>> Regards
>> Hasunie
>>
>> On Fri, Dec 22, 2017 at 5:14 PM, Hasunie Adikari <hasu...@wso2.com>
>> wrote:
>>
>>> Hi all,
>>>
>>> I'm working on threat protector feature in APIM. We're actually trying
>>> to achieve here is to protect both backend resources and gateway from
>>> the XML and JSON based attacks. The Balerina based APIM 3 gateway will be
>>> protected by threat handlers. But In here
>>> APIM 2.1.x we have implemented mediators to achieve it.
>>>
>>> If we allow building the request message at the synapse level, It will
>>> definitely affect the gateway, All the request messages which go through
>>> the mediators are built since the Abstarctemediator is designed a way that
>>> the isContentAware method always returns true. So we set it to false in
>

[Architecture] [RRT] XML, JSON, Shema validation threat protectors in APIM 2.1.x

[Hasunie Adikari]

Hi all,

I'm working on threat protector feature in APIM. We're actually trying to
achieve here is to protect both backend resources and gateway from the XML
and JSON based attacks. The Balerina based APIM 3 gateway will be protected
by threat handlers. But In here
APIM 2.1.x we have implemented mediators to achieve it.

If we allow building the request message at the synapse level, It will
definitely affect the gateway, All the request messages which go through
the mediators are built since the Abstarctemediator is designed a way that
the isContentAware method always returns true. So we set it to false in
both XML and JSON validator mediators and allow to parse the XML request
via a third party StAX parser called woodstox hence it was the best option
among other StAX parsers for threat protection features. It will keep
counting the given limits and when the limit is exceeded, It will terminate
the process and throw a meaningful exception. I have created a custom
threat sequence(thrat_fault) and If a threat is detected by getting an
exception I configured to direct the response through the custom error
sequence.
I reuse the same custom sequence which was implemented for the regex threat
protector [1]

Woodstox parser covers most of the vulnerabilities as in here

*Vulnerablity:*

*xml bomb* - DTD disabling

*external entity attack* - disabling external entities.

Note :
Apart from the mediator level, The external entity reference property was
disabled from the DOM parsers at the synapse level as well.

import org.apache.xerces.impl.Constants;

private static final int ENTITY_EXPANSION_LIMIT = 0;
private static final DocumentBuilderFactory documentBuilderFactory =
   DocumentBuilderFactory.newInstance();

static {
   documentBuilderFactory.setNamespaceAware(true);
   documentBuilderFactory.setXIncludeAware(false);
   documentBuilderFactory.setExpandEntityReferences(false);

   try {
   documentBuilderFactory.setFeature(Constants.SAX_FEATURE_PREFIX +
   Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
   } catch (ParserConfigurationException e) {

*Buffer overflow attack* - by limiting the count of elements, children
and length of attributes/keys/values.

*woodstox properties:*
dtdEnabled
externalEntitiesEnabled
maxDepth
maxElementCount
maxAttributeCount
maxAttributeLength
entityExpansionLimit
maxChildrenPerElement


For thwart cohesive attacks, we use both schema validator and depth limits.
Ideally, only the woodstox validator should detect the cohesive attacks by
exceeding the defined depth limit. But the schema validator will protect
the schema poising attacks in the second step as well.

I observed an issue when It comes to combining each other(woodstox+ schema
validator). We have designed the feature in such a way that gets the
inputstream from the message context and consumes it in the woodstox
validator. but in here we have to consume the input stream again for the
schema validation just after passing through the woodstox.That was the
issue and I tried the following methodologies to resolved the issue

1. try to get the XML object from the woodstox parser to be able to avoid
using the input stream again.
2. deep clone the inputstream and use cloned input stream for the schema
validation.
3. reset, mark the buffered input stream(synapse engine also has done rest,
mark)

1st one was taken time and much complex to get the XML object since
Woodstock is based on the StAX parsers and also deep cloning was not
working properly and experienced the same issue after cloning the
inputstream. But the 3rd option makes life easy so I implemented a way that
returning the buffered input stream, after doing the rest, mark,  then It
works properly. I went through the RelayUtil message builders [2] and It
also uses the mark and reset methodology and return InputStream.


I observed another issue once the validator throws an exception, the server
hanged and didn't get any response and getting timeout issue. I was able to
figure it out and Issue occurred while trying to build the request message
in Relayutil.buildmessage().But Ideally, If we get an error we don't need
the request message anymore. As I discussed offline with the APIM team, I
used the *consumeAndDiscardMessage* method to discard the request message
from the message context and set *message.builder.invoked *property to
*TRUE. *It needs to be set to avoid sending the content in pass-through
pipe (request message) as the response.


[1]
https://docs.wso2.com/display/AM210/Regular+Expression+Threat+Protection+for+API+Gateway
[2]
https://github.com/wso2/wso2-synapse/blob/master/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/util/RelayUtils.java#L121


Regards
Hasunie


















-- 
*Hasunie Adikari*
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713095876 <+94%2071%20309%205

Re: [Architecture] [Dev] [VOTE] Release of WSO2 IoT Server 3.1.0 RC version 2

[Hasunie Adikari]

Hi all,

I have tested following scenarios for Windows 10.

1. Device enrollment.
2. Add windows operations
3. Create windows policy and apply to the device.
4. Edit Windows policy and done apply changes.
5. Create more policies and set priority and then apply to the device.
6. tested notification pane.

Found no issues.

[+]Stable - go ahead and release







On Tue, Jul 25, 2017 at 5:03 PM, Pasindu Jayaweera <pasin...@wso2.com>
wrote:

> Hi all,
> I have tested the following scenarios for Android.
>
>- Device enrollment
>- Device grouping
>- Device location
>- Device status update
>- Device search
>- Operations (Mute, Message, Ring, Enterprise-Wipe)
>- Policy (Restriction policy)
>- App install
>- Web-clip install
>
> Found no issues.
>
> [+] Stable - go ahead and release.
>
>
>
> On Mon, Jul 24, 2017 at 12:28 AM, Madhawa Perera <madha...@wso2.com>
> wrote:
>
>> Hi Devs,
>>
>> We are pleased to announce the release candidate version 2 of WSO2 IoT
>> Server 3.1.0.
>>
>> Please download, test the product and vote. Vote will be open for 72
>> hours or as needed.
>>
>> Known issues : https://github.com/wso2/produc
>> t-iots/issues?q=is%3Aopen+is%3Aissue+label%3A3.1.0-RC1
>>
>> Source and binary distribution files:
>> https://github.com/wso2/product-iots/releases/tag/v3.1.0-RC2
>>
>> The tag to be voted upon:
>> https://github.com/wso2/product-iots/tree/v3.1.0-RC2
>>
>> Please vote as follows.
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Thank you
>> Best Regards,
>> WSO2 IoT Team
>>
>> --
>> Madhawa Perera
>> *Software Engineer*
>> Mobile : +94 (0) 773655496 <+94%2077%20365%205496>
>> <%2B94%20%280%29%20773%20451194>
>> madha...@wso2.com
>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "WSO2 IoT Team Group" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to iot-group+unsubscr...@wso2.com.
>> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>>
>
>
>
> --
> *Pasindu Jayaweera*
> Software Engineer | WSO2 Inc
> Mobile: +94 718187375 <+94%2071%20818%207375>
> Blog: blog.pasindujayaweera.com
> <http://wso2.com/signature>
>
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Hasunie Adikari*
Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com | https://medium.com/@Hasunie/
Mobile:+94713350904
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [IoT] App Management of IoT Server

[Hasunie Adikari]

Hi Chatura,

Even though app manager provides both web apps and mobile apps, currently
we have only taken mobile apps to the device management side through the
app-manager.xml, what will be the actual use case of having web apps in
here. AFAIK we got some requirements to create services besides of the
mobile apps and its behavior is different from mobile apps. Even though
they also having usual apks as same as mobile apps, they are exposed as
services. We can use the web apps instead of creating mobile apps such a
kind of scenarios. Is it the real use case of in here by having option to
add webapps to the app developer or otherwise do we give this option under
the mobile apps as usual.

Regards
Hasunie

On Wed, Apr 19, 2017 at 11:02 AM, Ayyoob Hamza <ayy...@wso2.com> wrote:

> Hi Chathura,
>
>
>>>>
> I have a doubt looking at the above diagram on why we have webapps as part
> of the app management. Since we are focusing on app managment capabilies to
> the device types, shouldnt it only be device types.
>
> 3. App types are plugable to the app management core.
>>>>
>>> Are we making the app type to be a seperate entity or is this just a
> one-to-one map between device types ?.
>
> Thanks,
> Ayyoob
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
*Hasunie Adikari*
Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com
Mobile:+94713350904
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 Enterprise Mobility Manager 2.2.0 RC2

[Hasunie Adikari]

Hi All,

I have tested following scenarios.

1. Windows Device enrollment.
2. Add windows operations
3. Create windows policy and apply to the device.
4. Edit Windows policy and done apply changes.
5. Create more policies and set priority and then apply to the device.
6. tested notification pane.

[+] - stable - go ahead and release.

Thanks
Hasunie

On Thu, Dec 1, 2016 at 10:41 AM, Geeth Munasinghe <ge...@wso2.com> wrote:

> Hi all,
>
> Tested following scenarios.
>
>
>1. Android device enrollment.
>2. User and role creation and assigning permission.
>3. Sending email with user invite.
>4. Create/Edit policy
>5. Applying policy to device.
>6. Reapplying changed policy.
>7. Add few operations.
>
> [+] - Stable - go ahead and release.
>
> Thanks
> Geeth
>
> On Thu, Dec 1, 2016 at 10:26 AM, Inosh Perera <ino...@wso2.com> wrote:
>
>> Hi all,
>>
>> I have tested FCM together with Android enrollment and operation sending,
>> functionality works well.
>>
>> [+] Stable - go ahead and release
>>
>> Regards,
>> Inosh
>>
>> On Wed, Nov 30, 2016 at 3:55 PM, Charitha Goonetilleke <
>> charit...@wso2.com> wrote:
>>
>>> Hi All,
>>>
>>> I have enrolled Android device and tested basic functionality.
>>>
>>> [+] Stable - go ahead and release
>>>
>>> Thanks & Regards,
>>> /charithag
>>>
>>> On Tue, Nov 29, 2016 at 9:50 PM, Harshan Liyanage <hars...@wso2.com>
>>> wrote:
>>>
>>>> Hi Devs,
>>>>
>>>> This is the release candidate of WSO2 Enterprise Mobility Manager 2.2.
>>>> 0.
>>>>
>>>> Please download EMM 2.2.0 RC2 and test the functionality and vote.
>>>> Vote will be open for 72 hours or as needed.
>>>> Know issues: https://wso2.org/jira/issues/?filter=13384
>>>> Fixes provided : https://wso2.org/jira/issues/?filter=13582
>>>> <https://wso2.org/jira/issues/?filter=13582>
>>>>
>>>> Source & binary distribution files:
>>>> https://github.com/wso2/product-emm/releases/tag/v2.2.0-RC2
>>>>
>>>> The tag to be voted upon:
>>>> https://github.com/wso2/product-emm/tree/release-2.2.0-RC2
>>>>
>>>>
>>>> [+] Stable - go ahead and release
>>>> [-]  Broken - do not release (explain why)
>>>>
>>>> Thanks and Regards,
>>>>
>>>>
>>>> Harshan Liyanage
>>>> EMM/IoT TG
>>>> Mobile: *+94765672894*
>>>> Email: hars...@wso2.com
>>>> Blog : http://harshanliyanage.blogspot.com/
>>>> *WSO2, Inc. :** wso2.com <http://wso2.com/>*
>>>> lean.enterprise.middleware.
>>>>
>>>> ___
>>>> Architecture mailing list
>>>> Architecture@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>> *Charitha Goonetilleke*
>>> Software Engineer
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: +94 77 751 3669 <%2B94777513669>
>>> Twitter:@CharithaWs <https://twitter.com/CharithaWs>, fb: charithag
>>> <https://www.facebook.com/charithag>, linkedin: charithag
>>> <http://www.linkedin.com/in/charithag>
>>>
>>> <http://wso2.com/signature>
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> Inosh Perera
>> Senior Software Engineer, WSO2 Inc.
>> Tel: 077813 7285, 0785293686
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
>
> *G. K. S. Munasinghe*
> *Senior Software Engineer,*
> *WSO2, Inc. http://wso2.com <http://wso2.com/> *
> *lean.enterprise.middleware.*
>
> email: ge...@wso2.com
> phone:(+94) 777911226 <+94%2077%20791%201226>
>
> <http://wso2.com/signature>
>
> ___
> Dev mailing list
> d...@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Hasunie Adikari*
Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com
Mobile:+94713350904
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] EMM 2.1.0 DAS integration and Device Monitoring

[Hasunie Adikari]

When managing devices, administrator must be notified of events occurring
on the user's devices that reduce the effectiveness and efficiency of the
tasks performed by a device, so that He can take immediate action and
correct it.
For example, if a cooperate application is utilizing a high CPU or memory
percentage, admin can stop that application from running or un-install and
re-install the application again on the user's device. Like wise those
type of events are published in DAS Server.

On Thu, Jul 21, 2016 at 6:10 PM, Chamara Ariyarathne <chama...@wso2.com>
wrote:

>
>
> On Thu, Jul 21, 2016 at 6:05 PM, Hasunie Adikari <hasu...@wso2.com> wrote:
>
>> Hi Chamara,
>>
>> Publishing events[1] and Device Monitoring [2] are not related each other.
>> Since Android agent is capable of sending out critical events to WSO2 DAS
>> server,
>>
>
> What is the usage of this in  a real world scenario?
>
>
>
>> There are some configurations to enable in EMM server to publish events
>> in DAS Server. Here [1] Managing Event publishing
>> provides those configurations.
>> [1]
>> https://docs.wso2.com/display/EMM210/Managing+Event+Publishing+with+WSO2+Data+Analytics+Server
>> [2]
>> https://docs.wso2.com/display/EMM210/Monitoring+Devices+via+the+Dashboard
>>
>>
>>
>> On Thu, Jul 21, 2016 at 5:25 PM, Chamara Ariyarathne <chama...@wso2.com>
>> wrote:
>>
>>> Hi all,
>>>
>>> How does the EMM DAS Integration [1] and Device Monitoring [2] relate to
>>> each other?
>>>
>>> Are we using the Stream definitions defined in DAS in [2] in the EMM
>>> dashboard in [1]. If so I cannot see the exact mapping of what goes into
>>> DAS and what is available in EMM Dashboard side.
>>>
>>> [1]
>>> https://docs.wso2.com/display/EMM210/Managing+Event+Publishing+with+WSO2+Data+Analytics+Server
>>> [2]
>>> https://docs.wso2.com/display/EMM210/Monitoring+Devices+via+the+Dashboard
>>>
>>> --
>>> *Chamara Ariyarathne*
>>> Associate Technical Lead - QA
>>> WSO2 Inc; http://www.wso2.com/
>>> Mobile; *+94772786766 <%2B94772786766>*
>>>
>>> ___
>>> Dev mailing list
>>> d...@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> *Hasunie Adikari*
>> Software Engineer
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>> blog http://hasuniea.blogspot.com
>> Mobile:+94713350904
>>
>
>
>
> --
> *Chamara Ariyarathne*
> Associate Technical Lead - QA
> WSO2 Inc; http://www.wso2.com/
> Mobile; *+94772786766 <%2B94772786766>*
>



-- 
*Hasunie Adikari*
Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com
Mobile:+94713350904
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [CDMF] [EMM 2.1.0] Basic Use-cases for Dashboard Analytics Feature

[Hasunie Adikari]

Hi Dilan,

It should be add app related analytics like

1. Blacklisted app count
2. Recently updated app count
3. Recommended app count
4. Total device count not having latest app version.
5. App usage based on the platform, platform version
6. Most frequently used applications.
7. Application crash scenarios.


On Tue, Mar 29, 2016 at 6:47 PM, Dilan Udara Ariyaratne <dil...@wso2.com>
wrote:

> Hi Geeth,
>
> Currently there is a plan to show device counts based on user defined
> custom groups in EMM snapshot dashboard.
> This is in addition to the platform based and ownership based default
> grouping of devices.
>
> However, we may have to postpone plans on showing device counts based on
> "INACTIVE", "BLOCKED" and "UNREACHABLE" states as
> back-end support for maintaining such states are not yet available.
>
> Regards,
> Dilan.
>
>
>
>
>
> *Dilan U. Ariyaratne*
> Software Engineer
> WSO2 Inc. <http://wso2.com/>
> Mobile: +94766405580 <%2B94766405580>
> lean . enterprise . middleware
>
>
> On Fri, Feb 12, 2016 at 10:27 AM, Geeth Munasinghe <ge...@wso2.com> wrote:
>
>> Hi Dilan,
>>
>> We may have to include the following too.
>>
>>1. Device count by groups,
>>2. Device groups
>>3. Active/Inactive devices
>>4. Blocked/Removed devices
>>5. Unreachable devices
>>6. Number of enrolled devices within give time frame (new devices
>>added)
>>
>> Thanks
>> Geeth
>>
>>
>> *G. K. S. Munasinghe*
>> *Senior Software Engineer,*
>> *WSO2, Inc. http://wso2.com <http://wso2.com/> *
>> *lean.enterprise.middleware.*
>>
>> email: ge...@wso2.com
>> phone:(+94) 777911226
>>
>> On Fri, Feb 12, 2016 at 10:17 AM, Dilan Udara Ariyaratne <dil...@wso2.com
>> > wrote:
>>
>>> Hi All,
>>>
>>> For the upcoming EMM 2.1.0 release, we have identified following basic
>>> use-cases for
>>> the Dashboard Analytics Feature with respect to devices.
>>>
>>> [1] Device count by Platform
>>> [2] Device count by Ownership (BYOD, COPE)
>>> [3] Device count by Security Concerns
>>>  - unmanaged (Meaning no policies currently assigned to the device)
>>>  - non-compliant (Meaning a policy has been already assigned, but
>>> its rules have been maliciously overridden by some other third party)
>>>  - no passcode
>>>  - no encryption
>>> [4] Last Seen Overview - Devices seen in last 8 hours
>>>  Last Seen Breakdown - Devices seen by dates (0-5, 5-15, 15-30, >30)
>>> [5] Total enrollments, Re-enrollments & Unenrollments
>>> [6] Devices based on location
>>>  - Divisional map with Device counts
>>>  - ability to zoom in for each division which will show device
>>> location with tags
>>>  - ability to click on each tag and go to individual device details
>>>
>>> The dashboard will allow an EMM portal administrator to quickly navigate
>>> from the overall view to a device listing view and then
>>> zoom into an individual device to view device specific details.
>>>
>>> WDYT? Any valuable suggestion is highly appreciated.
>>>
>>> Thanks.
>>>
>>> *Dilan U. Ariyaratne*
>>> Software Engineer
>>> WSO2 Inc. <http://wso2.com/>
>>> Mobile: +94725197942
>>> lean . enterprise . middleware
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
*Hasunie Adikari*
Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com
Mobile:+94715139495
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [EMM]Support for Windows Phones

[Hasunie Adikari]

:493005100592800/LocURI/Source
Cred
Meta
Type xmlns=’syncml:metinf’syncml:auth-basic/Type
Format xmlns='syncml:metinf'b64/Format
/Meta
DataQnJ1Y2UyOk9oQmVoYXZl/Data
!-- base64 formatting of “userid:password” --
/Cred
/SyncHdr
SyncBody
...
/SyncBody
/SyncML

Now server can authenticate user by using md5 hash which is in the data tag.
Note:That value is generate from the device by using response security
token which is provided with in the MS-WSTEP.

Server response

SyncML xmlns='SYNCML:SYNCML1.2'
SyncHdr
VerDTD1.2/VerDTD
VerProtoDM/1.2/VerProto
SessionID1/SessionID
MsgID2/MsgID
TargetLocURIIMEI:493005100592800/LocURI/Target
SourceLocURIhttp://www.syncml.org/mgmt-server/LocURI/Source
/SyncHdr
SyncBody
Status
CmdID1/CmdID
MsgRef2/MsgRef
CmdRef0/CmdRef
CmdSyncHdr/Cmd
TargetRefhttp://www.syncml.org/mgmt-server/TargetRef
SourceRefIMEI:493005100592800/SourceRef
Data212/Data !-- Authenticated for session --
/Status
...
/SyncBody
/SyncML

In windows scenario,After this initial authentication completed,device send
next message with challenge tag.It contains nonce.
*Client request*

SyncBody
Status
CmdID1/CmdID
MsgRef1/MsgRef
CmdRef0/CmdRef
CmdSyncHdr/Cmd
Chal
Meta
Format xmlns=syncml:metinfb64/Format
Type xmlns=syncml:metinfsyncml:auth-md5/Type
NextNonce
xmlns=syncml:metinf8mbuo826FKbvgnASnKnkSGhTQa4tlnuE9pYW1LDEbEc=/NextNonce
/Meta
/Chal
Data212/Data
/Status
..
SyncBody

Server Responce



​

On Tue, Aug 11, 2015 at 1:55 PM, Hasunie Adikari hasu...@wso2.com wrote:

 Hi all,
 I have already developed windows phone enrollment process as my fast track
 training project.and now I have to implement phone management client part
 which  periodically synchronizes with the management server to check for
 updates and apply the latest policies set by IT.and push notification
 service.Below I briefly describe the project.

 *Description*

 Windows phone’s built in management component can communicate with
 Management Server.There are two parts to the Windows Phone 8.1 management
 component:

-

The enrollment client, which enrolls and configures the phone to
communicate with the enterprise management server.



-

The phone management client, which periodically synchronizes with the
management server to check for updates and apply the latest policies set by
IT.and push notification service.


 *Enrollment Client*
 Overview of the windows mobile device enrollment process.
 *Windows phone -*there is company App(Workplace)
 *Proxy* -apache2 server configure as a Proxy server
 *WAB *  -Web Authentication Broker,Windows Phone 8.1 adds
 the support of a Federated as supported AuthPolicy value. When
 authentication policy is set to be Federated, Web Authentication Broker
 (WAB) will be leveraged by the enrollment client
to get a security token.
 *MDM*  -Mobile device management third party server.


 [image: MyWindows Phone.png]
   * Requirement Task*
   1.Configure the device Environment so that device can securely
 communicate with Mobile management server.
   2.Provide Configurable Service and policy end points from the
 Discovery web service.
   3.Generate binary security token value for the specific user and
 persist.
   4.Persist Device Information and Enroll Device
 *Sub task*  4.1 :Handle WSTEP endpoint's Client response
 message
4.2  :Check the syncml message comes from the
 device as a response
4.3  :Use Syncml engine for generate syncml
 payloads and parse them.
4.4  :Authenticate Syncml Messages.


   *Requirement Task 1:*
   Configure Apache2 as a Proxy server.
   *Problem:*

- Proxy configurations are changed according to the apache server
version and operating system.
- Rewrite engine rules and reverse proxy rules are invoked in
separately.
- Apache2 SSL configurations are essential for the discovery end point.

   *Solution:*
   Detail description about the configuration.Click here
 https://docs.google.com/document/d/1es2U5BPjmxWhjYw5ekULpkMCYS_TWf_FIPhyCsDdBJ4/edit

   * Requirement Task 2:*
*Problem*
Mobile device client get the Enrollment policy URL and Enrollment
 service URL from the Discovery service(above no4 line in the diagram).The
 automatic discovery service constructs a URI that uses this host name by
 appending the sub domain
   “EnterpriseEnrollment” to the domain of the email address, and by
 appending the path “/EnrollmentServer/Discovery.svc”. For example, if the
 email address is “ad...@wso2.com”, the resulting URI for first Get
 request would be:

 https://EnterpriseEnrollment.wso2.com/EnrollmentServer/Discovery.svc
   *Solution

Re: [Architecture] [EMM]Support for Windows Phones

[Hasunie Adikari]

Hi,
Windows phone user authentication process

In windows scenario,After this initial authentication completed,device send
next message with challenge tag.It contains nonce.
*Client request*

SyncBody
Status
CmdID1/CmdID
MsgRef1/MsgRef
CmdRef0/CmdRef
CmdSyncHdr/Cmd
Chal
Meta
Format xmlns=syncml:metinfb64/Format
Type xmlns=syncml:metinfsyncml:auth-md5/Type
NextNonce
xmlns=syncml:metinf8mbuo826FKbvgnASnKnkSGhTQa4tlnuE9pYW1LDEbEc=/NextNonce
/Meta
/Chal
Data212/Data
/Status
..
SyncBody

Server Responce
If a request includes credentials and the response code to the request is
200, the same credential must be sent within the next request. If the Chal
element is included and the MD5 authentication is required, a new digest is
created by using the next nonce via Chal element for next request.

Cred
Meta
Format xmlns=syncml:metinfb64/Format
Type xmlns=syncml:metinfsyncml:auth-md5/Type
/Meta
Data
md5(b64(username:password):8mbuo826FKbvgnASnKnkSGhTQa4tlnuE9pYW1LDEbEc=
)/Data
 /Cred

then device can clearly identify who is the user.


On Mon, Aug 24, 2015 at 12:18 PM, Hasunie Adikari hasu...@wso2.com wrote:

 Hi,
 I have to re implement the syncml engine to continue syncml message
 flow,because after completed the certificate process,Windows phone
 initially starts syncml message flow.


 *Syncml*The OMA Device Management Protocol allows management commands to
 be executed on nodes. It uses a package format similar to SyncML
 Synchronization Protocol [SYNCPRO] and SyncML Representation Protocol
 [REPPRO].Each node MUST be addressed by a unique full device URI. URIs MUST
 follow requirements specified in UniformResource Identifiers (URI)
 [RFC2396] with the restrictions as specified in OMA Device Management Tree
 and Descriptions.In OMA DM Protocol, the target and source of a command are
 identified by the Target and Source elements respectively.
 Target refers to the recipient, and Source refers to the originator.

 SyncML Components:
 • SyncML is a specification that contains the following main components:
 • An XML-based representation protocol
 • A synchronization protocol and a device management protocol
 • Transport bindings for the protocol

 *Syncml Message format*

 SyncML
 SyncHdr
 VerDTD1.1/VerDTD
 VerProtoSyncML/1.1/VerProto
 SessionID1/SessionID
 MsgID2/MsgID
 TargetLocURIIMEI:493005100592800/LocURI/Target
 SourceLocURIhttp://www.syncml.org/sync-server/LocURI/Source
 /SyncHdr
 SyncBody
 
 /SyncBody
 /SyncML

 The document consists of a header, specified by the SyncHdr element type,
 and a body, specified by the SyncBody element type. The SyncML header
 specifies routing and versioning information about the SyncML Message. The
 SyncML body is a container for one or more SyncML Commands. The SyncML
 Commands are specified by individual element types. The SyncML Commands act
 as containers for other element types that describe the specifics of the
 SyncML command, including any data or meta-information.


 *Security-Syncml*
 An objective of SyncML is to provide a framework for secure operation.
 SyncML itself does not define any new security schemes. Instead, it
 provides the framework to challenge authentication, authentication,
 authorization and inclusion of encrypted data in a SyncML Package. In
 addition, the originator and recipient MAY use the security mechanisms of
 the underlying transport to authenticate each other and to provide a secure
 transport for the exchange of SyncML Packages. SyncML can be used by an
 originator to encapsulate authentication information in the Cred element
 type.

 *Authorization*
 The Cred element MUST be included in requests (message or command)which
 are sent after receiving the 401 or 407 responses if the request is
 repeated. In addition, it can be sent in the first request from a device if
 the authentication is mandated through pre-configuration. The content of
 the Cred element is specified in [DMREPPRO]. The authentication type is
 dependent on the challenge.

 *Application layer authentication*
 The authentication on the application layer is accomplished by using the
 Cred element in SyncHdr and the Status command associated with SyncHdr.
 Within the Status command, the challenge for the authentication is carried
 as defined earlier. The authentication can happen both directions, i.e.,
 the client can authenticate itself to the server and the server can
 authenticate itself to the client.

 Example
 User (Device)send initial request without credentials
 SyncML xmlns='SYNCML:SYNCML1.2'
 SyncHdr
 VerDTD1.2/VerDTD
 VerProtoDM/1.2/VerProto
 SessionID1/SessionID
 MsgID1/MsgID
 TargetLocURIhttp://www.syncml.org/mgmt-server/LocURI/Target
 SourceLocURIIMEI

[Architecture] [EMM]Support for Windows Phones

[Hasunie Adikari]

 it
  if  needed, sends the PKCS#10 requests to the CA, processes the
response from the CA,constructs an OMA Client Provisioning XML format, and
returns it in the RequestSecurityTokenResponse(RSTR)

  *Authenticate user request*
 WSTEP,SOAP header contains Binary security token as above XCEP
request.At that point I used apache cfx method to read SOAP
header.Resultant Apache.cfx.Header type object list contains the Header xml
child elements.It will easier to extract
 child   element binary security token under parent security by using
DOM parser.Then authenticate user request.

  *Create Bootstrap XML file*
 OMA DM(Object Mobile alliance Device Management) specifications define
how a management session is established and maintained. However, in order
for a device to be able to initiate a management session it must be
provisioned with OMA DM
 settings. Bootstrap is a process of provisioning the DM client to a
state where it is able to initiate a management session to a new DM server.
Bootstrap can move a device from an un-provisioned, empty state, to a state
where it is able to initiate a
 management session to a DM server. DM clients that have already been
bootstrapped can be further bootstrapped to enable the device to initiate a
management session to new DM servers.

 the xml file should contain Root certificate,User Signed
certificate,Device manager client configurations and An enterprise
application token and an enterprise app download link to allow the
enrollment client to download a Company Hub or enterprise app
 at   the end of enrollment.Last information is optional.Both Device
and Server must be authenticated.Those credentials are configured in the
Bootstrap file.

 Sub Task 4.2:
 *Syncml protocol*: An XML-based representation protocol which is for
data  synchronization and device management.This link provide more details
about the syncml.Click here
http://wacha.ch/wiki/_media/projects:syncml_sync_protocol_v11_20020215.pdf

After completed the WSTEP,device send initial Syncml message to the
syncml service endpoint which is  provided in the bootstrap xml.There are
two parts in the syncml message.SyncHeader and syncBody.First initial
syncml message contains client’s
credentials in the CRED tag in the SyncHeader.
example:
 Cred

   Meta

   Format xmlns=syncml:metinfb64/Format

   Type xmlns=syncml:metinfsyncml:auth-md5/Type

   /Meta

   DataFy80ofqnfKLFLWD+rzm9tQ==/Data

  /Cred


Search Note : CRED data tag
According to the OMA DM Security specification.The digest supplied in
the Cred element is computed as follows:
Let H = the MD5 Hashing function.
Let Digest = the output of the MD5 Hashing function.
Let B64 = the base64 encoding function.
Digest = H(B64(H(username:password)):nonce)
these data is related with the client credentials of the bootstrap
xml.Then MDM server syncml service endpoint authenticate Device
request.Task 3 also completed by identifying specific user from persist
data.


Sub Task:4.3:
Re implement the syncml engine according to the syncml message chain.



Sub Task 4.4:authenticate device client using cred data which is
calculated by using client credentials in the bootstrap xml file.MDM server
respond to the device using server credentials in the Bootstrap xml file.


For more details Click here
https://docs.google.com/document/d/1tyI2K_uzMq8cvrU8OhReRXKYg2fr0hEVqgm437nYt6E/edit
















-- 
*Hasunie Adikari*
Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
blog http://hasuniea.blogspot.com
Mobile:+94715139495
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture