Re: [Dev] [Architecture] [C5] MSF4J Interceptors need to be configurable.

2016-12-07 Thread Ishara Cooray 
>
> Hi Thilina,
>
> And also if there are multiple interceptors and one interceptor returns
> false from its' preCaall then the invocation chain will not continue
> further.
>
> So Is this implies if preCall returns 'true' then the invocation chain
> will continue further?
>

Yes

I was thinking to return 'true' if particular auth header type(Basic,
Bearer) is not found in an interceptor, so that it will check the other
available interceptors.
But i guess this approach may also fail if the request header type is not
provided may be by mistake.
Because all the interceptors will return true and will it be taken as a
valid authorization?


Thanks & Regards,
Ishara Cooray
Senior Software Engineer
Mobile : +9477 262 9512
WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

On Wed, Dec 7, 2016 at 5:25 PM, Afkham Azeez  wrote:

>
>
> On Wed, Dec 7, 2016 at 5:17 PM, Ishara Cooray  wrote:
>
>> Hi Thilina,
>>
>> And also if there are multiple interceptors and one interceptor returns
>> false from its' preCaall then the invocation chain will not continue
>> further.
>>
>> So Is this implies if preCall returns 'true' then the invocation chain
>> will continue further?
>>
>
> Yes
>
>
>> If that is the case we can return true in our overridden preCall method
>> so that it goes to next Interceptor.
>>
>>
>> Thanks & Regards,
>> Ishara Cooray
>> Senior Software Engineer
>> Mobile : +9477 262 9512 <077%20262%209512>
>> WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>> On Wed, Dec 7, 2016 at 2:33 PM, Afkham Azeez  wrote:
>>
>>> How about supporting JAXRS filters?
>>>
>>> On Wed, Dec 7, 2016 at 12:52 PM, Thusitha Thilina Dayaratne <
>>> thusit...@wso2.com> wrote:
>>>
 Hi Ishara,

 As you have mentioned, with the current architecture we can't set the
 specific interceptor for a particular service but rather to all services in
 the registry. And also if there are multiple interceptors and one
 interceptor returns false from its' preCaall then the invocation chain will
 not continue further.

 IMHO we have few options

- We can implement a way to register specific interceptors to
specific services
- We can support JAX-RS Filters
- We can provide a way to skip some interceptors for specific
services

 @Azeez WDYT?

 Thanks
 Thusitha


 On Wed, Dec 7, 2016 at 10:56 AM, Ishara Cooray 
 wrote:

> HI,
>
> We are using MSF4J interceptor for securing REST APIs in API Manager.
> [1] As for now Interceptor registration happens at the class level
> @Component annotation as below.
>
> @Component(
> name = "org.wso2.carbon.apimgt.rest.a
> pi.common.interceptors.OAUTH2SecurityInterceptor",
> service = Interceptor.class,
> immediate = true
> )
> The limitations here are
>
>1. it is not possible to have more than one interceptor that will
>dynamically pick when an api call is received(Because the order 
> matters and
>we are not certain which interceptor will take into effect ).
>2. We cannot explicitly configure to use Custom interceptors
>because of the above[1] reason.
>
> Do we have any plans for these limitations?
>
> Thanks & Regards,
> Ishara Cooray
> Senior Software Engineer
> Mobile : +9477 262 9512 <+94%2077%20262%209512>
> WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 Thusitha Dayaratne
 Software Engineer
 WSO2 Inc. - lean . enterprise . middleware |  wso2.com

 Mobile  +94712756809 <071%20275%206809>
 Blog  alokayasoya.blogspot.com
 Abouthttp://about.me/thusithathilina
 


 ___
 Architecture mailing list
 architect...@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


>>>
>>>
>>> --
>>> *Afkham Azeez*
>>> Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com
>>> Member; Apache Software Foundation; http://www.apache.org/
>>> * *
>>> *email: **az...@wso2.com* 
>>> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: *
>>> *http://blog.afkham.org* 
>>> *twitter: **http://twitter.com/afkham_azeez*
>>> 
>>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>>> *
>>>
>>> *Lean . Enterprise . Middleware*
>>>
>>
>>
>
>
> --
> *Afkham Azeez*
> Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * *
> *email: **az...@wso2.com* 
> * cell: +9

Re: [Dev] Warnings about source encoding has not been set

2016-12-07 Thread Niranjan Karunanandham 
Hi Maduranga,

IMO we can fix it at the carbon-parent pom. Can you create a git issue for
this in Carbon-parent repo?

Regards,
Nira

On Thu, Dec 1, 2016 at 9:37 AM, Maduranga Siriwardena 
wrote:

> Hi,
>
> Below warnings can be observed while building the components.
>
> [WARNING] Using platform encoding (UTF-8 actually) to copy filtered
> resources, i.e. build is platform dependent!
> [WARNING] File encoding has not been set, using platform encoding UTF-8,
> i.e. build is platform dependent!
>
> This can be fixed by adding below property the project parent pom.
>
> UTF-8
>
> Do we need to fix this warning, or is it okay to ignore it?
>
> Thanks,
> --
> Maduranga Siriwardena
> Software Engineer
> WSO2 Inc; http://wso2.com/
>
> Email: madura...@wso2.com
> Mobile: +94718990591 <+94%2071%20899%200591>
> Blog: http://madurangasblogs.blogspot.com/
> 
>



-- 


*Niranjan Karunanandham*
Associate Technical Lead - WSO2 Inc.
WSO2 Inc.: http://www.wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Warnings about source encoding has not been set

2016-12-07 Thread Maduranga Siriwardena 
Hi Niranjan,

Sure, I'll create a git issue and send a PR.

Thanks,
Maduranga.

On Thu, Dec 8, 2016 at 9:26 AM, Niranjan Karunanandham 
wrote:

> Hi Maduranga,
>
> IMO we can fix it at the carbon-parent pom. Can you create a git issue for
> this in Carbon-parent repo?
>
> Regards,
> Nira
>
> On Thu, Dec 1, 2016 at 9:37 AM, Maduranga Siriwardena 
> wrote:
>
>> Hi,
>>
>> Below warnings can be observed while building the components.
>>
>> [WARNING] Using platform encoding (UTF-8 actually) to copy filtered
>> resources, i.e. build is platform dependent!
>> [WARNING] File encoding has not been set, using platform encoding UTF-8,
>> i.e. build is platform dependent!
>>
>> This can be fixed by adding below property the project parent pom.
>>
>> UTF-8
>>
>> Do we need to fix this warning, or is it okay to ignore it?
>>
>> Thanks,
>> --
>> Maduranga Siriwardena
>> Software Engineer
>> WSO2 Inc; http://wso2.com/
>>
>> Email: madura...@wso2.com
>> Mobile: +94718990591 <+94%2071%20899%200591>
>> Blog: http://madurangasblogs.blogspot.com/
>> 
>>
>
>
>
> --
>
>
> *Niranjan Karunanandham*
> Associate Technical Lead - WSO2 Inc.
> WSO2 Inc.: http://www.wso2.com
>
>


-- 
Maduranga Siriwardena
Software Engineer
WSO2 Inc; http://wso2.com/

Email: madura...@wso2.com
Mobile: +94718990591
Blog: http://madurangasblogs.blogspot.com/

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Warnings about source encoding has not been set

2016-12-07 Thread Niranjan Karunanandham 
Thanks Maduranga.

On Thu, Dec 8, 2016 at 9:31 AM, Maduranga Siriwardena 
wrote:

> Hi Niranjan,
>
> Sure, I'll create a git issue and send a PR.
>
> Thanks,
> Maduranga.
>
> On Thu, Dec 8, 2016 at 9:26 AM, Niranjan Karunanandham 
> wrote:
>
>> Hi Maduranga,
>>
>> IMO we can fix it at the carbon-parent pom. Can you create a git issue
>> for this in Carbon-parent repo?
>>
>> Regards,
>> Nira
>>
>> On Thu, Dec 1, 2016 at 9:37 AM, Maduranga Siriwardena > > wrote:
>>
>>> Hi,
>>>
>>> Below warnings can be observed while building the components.
>>>
>>> [WARNING] Using platform encoding (UTF-8 actually) to copy filtered
>>> resources, i.e. build is platform dependent!
>>> [WARNING] File encoding has not been set, using platform encoding UTF-8,
>>> i.e. build is platform dependent!
>>>
>>> This can be fixed by adding below property the project parent pom.
>>>
>>> UTF-8
>>>
>>> Do we need to fix this warning, or is it okay to ignore it?
>>>
>>> Thanks,
>>> --
>>> Maduranga Siriwardena
>>> Software Engineer
>>> WSO2 Inc; http://wso2.com/
>>>
>>> Email: madura...@wso2.com
>>> Mobile: +94718990591 <+94%2071%20899%200591>
>>> Blog: http://madurangasblogs.blogspot.com/
>>> 
>>>
>>
>>
>>
>> --
>>
>>
>> *Niranjan Karunanandham*
>> Associate Technical Lead - WSO2 Inc.
>> WSO2 Inc.: http://www.wso2.com
>>
>>
>
>
> --
> Maduranga Siriwardena
> Software Engineer
> WSO2 Inc; http://wso2.com/
>
> Email: madura...@wso2.com
> Mobile: +94718990591 <+94%2071%20899%200591>
> Blog: http://madurangasblogs.blogspot.com/
> 
>



-- 


*Niranjan Karunanandham*
Associate Technical Lead - WSO2 Inc.
WSO2 Inc.: http://www.wso2.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 Committers += Kanapriya Kuleswararajan

2016-12-07 Thread Menaka Jayawardena 
Congratulations Kanapriya!

Best Regards,
Menaka

On Tue, Dec 6, 2016 at 4:08 PM, Biruntha Gnaneswaran 
wrote:

> Congratulations Kanapriya
>
> Biruntha
>
> Associate Software Engineer
> WSO2
> Email : birun...@wso2.com
> Linkedin : https://lk.linkedin.com/in/biruntha
> Mobile : +94773718986 <+94%2077%20371%208986>
>
> On Tue, Dec 6, 2016 at 3:49 PM, Yashothara Shanmugarajah <
> yashoth...@wso2.com> wrote:
>
>> Congratulations Kanapriya :)
>>
>> Best Regards,
>> Yashothara.S
>> Software Engineer
>> WSO2
>> http://wso2.com
>> https://wso2.com/signature
>> 
>>
>> On Tue, Dec 6, 2016 at 3:44 PM, Thanuja Uruththirakodeeswaran <
>> thanu...@wso2.com> wrote:
>>
>>> Congratulations Kanapriya :)
>>>
>>> On Tue, Dec 6, 2016 at 3:22 PM, Malaka Silva  wrote:
>>>
 Hi Devs,

 Its my pleasure to welcome Kanapriya Kuleswararajan as a WSO2
 Committer.

 She has been working with the WSO2 Platform Extensions Team for a while
 and has contributed to  ESB and IS product extensions,

 Kanapriya, welcome aboard and keep up the good work.

 Best Regards,

 Malaka Silva
 Senior Technical Lead
 M: +94 777 219 791 <+94%2077%20721%209791>
 Tel : 94 11 214 5345
 Fax :94 11 2145300
 Skype : malaka.sampath.silva
 LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
 Blog : http://mrmalakasilva.blogspot.com/

 WSO2, Inc.
 lean . enterprise . middleware
 https://wso2.com/signature
 http://www.wso2.com/about/team/malaka-silva/
 
 https://store.wso2.com/store/

 Don't make Trees rare, we should keep them with care

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Thanuja Uruththirakodeeswaran
>>> Software Engineer
>>> WSO2 Inc.;http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: +94 774363167 <+94%2077%20436%203167>
>>>
>>> 
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Menaka Jayawardena*
*Software Engineer - WSO2 Inc*
*Tel : 071 350 5470/ 071 885 1183*
*LinkedIn: https://lk.linkedin.com/in/menakajayawardena
*
*Blog: https://menakamadushanka.wordpress.com/
*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [C5] MSF4J Interceptors need to be configurable.

2016-12-07 Thread Maduranga Siriwardena 
On Wed, Dec 7, 2016 at 12:52 PM, Thusitha Thilina Dayaratne <
thusit...@wso2.com> wrote:

> Hi Ishara,
>
> As you have mentioned, with the current architecture we can't set the
> specific interceptor for a particular service but rather to all services in
> the registry. And also if there are multiple interceptors and one
> interceptor returns false from its' preCaall then the invocation chain will
> not continue further.
>
> IMHO we have few options
>
>- We can implement a way to register specific interceptors to specific
>services
>- We can support JAX-RS Filters
>- We can provide a way to skip some interceptors for specific services
>
> In IS also we have this requirement to engage some interceptors for a set
of msf4j services and skip for others. For now the requirement is to enable
authentication for a set of endpoints and skip for others.
So we greatly appreciate if you can support this feature in the next
release.

Thanks,
Maduranga.


> @Azeez WDYT?
>
> Thanks
> Thusitha
>
>
> On Wed, Dec 7, 2016 at 10:56 AM, Ishara Cooray  wrote:
>
>> HI,
>>
>> We are using MSF4J interceptor for securing REST APIs in API Manager. [1]
>> As for now Interceptor registration happens at the class level @Component
>> annotation as below.
>>
>> @Component(
>> name = "org.wso2.carbon.apimgt.rest.a
>> pi.common.interceptors.OAUTH2SecurityInterceptor",
>> service = Interceptor.class,
>> immediate = true
>> )
>> The limitations here are
>>
>>1. it is not possible to have more than one interceptor that will
>>dynamically pick when an api call is received(Because the order matters 
>> and
>>we are not certain which interceptor will take into effect ).
>>2. We cannot explicitly configure to use Custom interceptors because
>>of the above[1] reason.
>>
>> Do we have any plans for these limitations?
>>
>> Thanks & Regards,
>> Ishara Cooray
>> Senior Software Engineer
>> Mobile : +9477 262 9512 <+94%2077%20262%209512>
>> WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thusitha Dayaratne
> Software Engineer
> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>
> Mobile  +94712756809 <+94%2071%20275%206809>
> Blog  alokayasoya.blogspot.com
> Abouthttp://about.me/thusithathilina
> 
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Maduranga Siriwardena
Software Engineer
WSO2 Inc; http://wso2.com/

Email: madura...@wso2.com
Mobile: +94718990591
Blog: http://madurangasblogs.blogspot.com/

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [C5] MSF4J Interceptors need to be configurable.

2016-12-07 Thread Afkham Azeez 
On Wed, Dec 7, 2016 at 5:17 PM, Ishara Cooray  wrote:

> Hi Thilina,
>
> And also if there are multiple interceptors and one interceptor returns
> false from its' preCaall then the invocation chain will not continue
> further.
>
> So Is this implies if preCall returns 'true' then the invocation chain
> will continue further?
>

Yes


> If that is the case we can return true in our overridden preCall method so
> that it goes to next Interceptor.
>
>
> Thanks & Regards,
> Ishara Cooray
> Senior Software Engineer
> Mobile : +9477 262 9512 <077%20262%209512>
> WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> On Wed, Dec 7, 2016 at 2:33 PM, Afkham Azeez  wrote:
>
>> How about supporting JAXRS filters?
>>
>> On Wed, Dec 7, 2016 at 12:52 PM, Thusitha Thilina Dayaratne <
>> thusit...@wso2.com> wrote:
>>
>>> Hi Ishara,
>>>
>>> As you have mentioned, with the current architecture we can't set the
>>> specific interceptor for a particular service but rather to all services in
>>> the registry. And also if there are multiple interceptors and one
>>> interceptor returns false from its' preCaall then the invocation chain will
>>> not continue further.
>>>
>>> IMHO we have few options
>>>
>>>- We can implement a way to register specific interceptors to
>>>specific services
>>>- We can support JAX-RS Filters
>>>- We can provide a way to skip some interceptors for specific
>>>services
>>>
>>> @Azeez WDYT?
>>>
>>> Thanks
>>> Thusitha
>>>
>>>
>>> On Wed, Dec 7, 2016 at 10:56 AM, Ishara Cooray  wrote:
>>>
 HI,

 We are using MSF4J interceptor for securing REST APIs in API Manager.
 [1] As for now Interceptor registration happens at the class level
 @Component annotation as below.

 @Component(
 name = "org.wso2.carbon.apimgt.rest.a
 pi.common.interceptors.OAUTH2SecurityInterceptor",
 service = Interceptor.class,
 immediate = true
 )
 The limitations here are

1. it is not possible to have more than one interceptor that will
dynamically pick when an api call is received(Because the order matters 
 and
we are not certain which interceptor will take into effect ).
2. We cannot explicitly configure to use Custom interceptors
because of the above[1] reason.

 Do we have any plans for these limitations?

 Thanks & Regards,
 Ishara Cooray
 Senior Software Engineer
 Mobile : +9477 262 9512 <+94%2077%20262%209512>
 WSO2, Inc. | http://wso2.com/
 Lean . Enterprise . Middleware


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> Thusitha Dayaratne
>>> Software Engineer
>>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>>
>>> Mobile  +94712756809 <071%20275%206809>
>>> Blog  alokayasoya.blogspot.com
>>> Abouthttp://about.me/thusithathilina
>>> 
>>>
>>>
>>> ___
>>> Architecture mailing list
>>> architect...@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> *Afkham Azeez*
>> Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com
>> Member; Apache Software Foundation; http://www.apache.org/
>> * *
>> *email: **az...@wso2.com* 
>> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: *
>> *http://blog.afkham.org* 
>> *twitter: **http://twitter.com/afkham_azeez*
>> 
>> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
>> *
>>
>> *Lean . Enterprise . Middleware*
>>
>
>


-- 
*Afkham Azeez*
Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com
Member; Apache Software Foundation; http://www.apache.org/
* *
*email: **az...@wso2.com* 
* cell: +94 77 3320919blog: **http://blog.afkham.org*

*twitter: **http://twitter.com/afkham_azeez*

*linked-in: **http://lk.linkedin.com/in/afkhamazeez
*

*Lean . Enterprise . Middleware*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [C5] MSF4J Interceptors need to be configurable.

2016-12-07 Thread Ishara Cooray 
Hi Thilina,

And also if there are multiple interceptors and one interceptor returns
false from its' preCaall then the invocation chain will not continue
further.

So Is this implies if preCall returns 'true' then the invocation chain will
continue further?
If that is the case we can return true in our overridden preCall method so
that it goes to next Interceptor.


Thanks & Regards,
Ishara Cooray
Senior Software Engineer
Mobile : +9477 262 9512
WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

On Wed, Dec 7, 2016 at 2:33 PM, Afkham Azeez  wrote:

> How about supporting JAXRS filters?
>
> On Wed, Dec 7, 2016 at 12:52 PM, Thusitha Thilina Dayaratne <
> thusit...@wso2.com> wrote:
>
>> Hi Ishara,
>>
>> As you have mentioned, with the current architecture we can't set the
>> specific interceptor for a particular service but rather to all services in
>> the registry. And also if there are multiple interceptors and one
>> interceptor returns false from its' preCaall then the invocation chain will
>> not continue further.
>>
>> IMHO we have few options
>>
>>- We can implement a way to register specific interceptors to
>>specific services
>>- We can support JAX-RS Filters
>>- We can provide a way to skip some interceptors for specific services
>>
>> @Azeez WDYT?
>>
>> Thanks
>> Thusitha
>>
>>
>> On Wed, Dec 7, 2016 at 10:56 AM, Ishara Cooray  wrote:
>>
>>> HI,
>>>
>>> We are using MSF4J interceptor for securing REST APIs in API Manager.
>>> [1] As for now Interceptor registration happens at the class level
>>> @Component annotation as below.
>>>
>>> @Component(
>>> name = "org.wso2.carbon.apimgt.rest.a
>>> pi.common.interceptors.OAUTH2SecurityInterceptor",
>>> service = Interceptor.class,
>>> immediate = true
>>> )
>>> The limitations here are
>>>
>>>1. it is not possible to have more than one interceptor that will
>>>dynamically pick when an api call is received(Because the order matters 
>>> and
>>>we are not certain which interceptor will take into effect ).
>>>2. We cannot explicitly configure to use Custom interceptors because
>>>of the above[1] reason.
>>>
>>> Do we have any plans for these limitations?
>>>
>>> Thanks & Regards,
>>> Ishara Cooray
>>> Senior Software Engineer
>>> Mobile : +9477 262 9512 <+94%2077%20262%209512>
>>> WSO2, Inc. | http://wso2.com/
>>> Lean . Enterprise . Middleware
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Thusitha Dayaratne
>> Software Engineer
>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>
>> Mobile  +94712756809 <071%20275%206809>
>> Blog  alokayasoya.blogspot.com
>> Abouthttp://about.me/thusithathilina
>> 
>>
>>
>> ___
>> Architecture mailing list
>> architect...@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> *Afkham Azeez*
> Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com
> Member; Apache Software Foundation; http://www.apache.org/
> * *
> *email: **az...@wso2.com* 
> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: *
> *http://blog.afkham.org* 
> *twitter: **http://twitter.com/afkham_azeez*
> 
> *linked-in: **http://lk.linkedin.com/in/afkhamazeez
> *
>
> *Lean . Enterprise . Middleware*
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] WSO2 IS 5.3.0-Alpha2 : Not Able to authenticate users coming from External LDAP user store

2016-12-07 Thread Hanen Ben Rhouma 
Both tweaks didn't change anything. Do I have to modify claim-config.xml ?
Do you have a working example with OpenLDAP default schemas ?

Regards,
Hanen



On Wed, Dec 7, 2016 at 11:55 AM, Hanen Ben Rhouma 
wrote:

> Both tweaks didn't change anything. Do I have to modify claim-config.xml ?
> Do you have a working example with OpenLDAP default schemas ?
>
> Regards,
> Hanen
>
> On Tue, Dec 6, 2016 at 3:54 PM, Danushka Fernando 
> wrote:
>
>> My guess is that you are using default ldap config which we use
>> wso2Person type objects and your ldap doesn't have that type defined. So
>> please try changing that to inetOrgPerson in user-mgt.cml
>>
>> Thanks & Regards
>> Danushka Fernando
>> Senior Software Engineer
>> WSO2 inc. http://wso2.com/
>> Mobile : +94716332729 <+94%2071%20633%202729>
>>
>> On Tue, Dec 6, 2016 at 7:18 PM, Hanen Ben Rhouma 
>> wrote:
>>
>>> Hello,
>>>
>>> I'm facing an issue while trying to authenticate external users (coming
>>> from an external OpenLDAP user store) through WSO2 IS. There are missing
>>> claims that are required and even through I commented all what my LDAP
>>> doesn't provide in  claim-config.xml I'm still not able to authenticate
>>> users:
>>>
>>> [2016-12-06 13:32:39,159] DEBUG {org.wso2.carbon.user.core.lda
>>> p.ReadOnlyLDAPUserStoreManager} -  User: admin exist: true
>>> [2016-12-06 13:32:39,161] DEBUG {org.wso2.carbon.user.core.lda
>>> p.ReadWriteLDAPUserStoreManager} -  Replace escape characters
>>> configured to: true
>>> [2016-12-06 13:32:39,161] DEBUG {org.wso2.carbon.user.core.lda
>>> p.ReadWriteLDAPUserStoreManager} -  Replace escape characters
>>> configured to: true
>>> [2016-12-06 13:32:39,204] DEBUG {org.wso2.carbon.user.core.lda
>>> p.ReadWriteLDAPUserStoreManager} -  One or more attributes you are
>>> trying to add/update are not supported by underlying LDAP for user : admin
>>> javax.naming.directory.InvalidAttributeIdentifierException: [LDAP:
>>> error code 17 - failedLoginAttempts: attribute type undefined]; remaining
>>> name 'cn=admin'
>>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
>>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
>>> at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1408)
>>> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttribu
>>> tes(ComponentDirContext.java:257)
>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAt
>>> tributes(PartialCompositeDirContext.java:167)
>>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAt
>>> tributes(PartialCompositeDirContext.java:156)
>>> at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
>>> .doSetUserClaimValues(ReadWriteLDAPUserStoreManager.java:917)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.se
>>> tUserClaimValues(AbstractUserStoreManager.java:1211)
>>> at org.wso2.carbon.identity.governance.store.UserStoreBasedIden
>>> tityDataStore.store(UserStoreBasedIdentityDataStore.java:72)
>>> at org.wso2.carbon.identity.governance.listener.IdentityStoreEv
>>> entListener.doPreSetUserClaimValues(IdentityStoreEventListener.java:110)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.se
>>> tUserClaimValues(AbstractUserStoreManager.java:1205)
>>> at org.wso2.carbon.identity.handler.event.account.lock.AccountL
>>> ockHandler.handlePostAuthentication(AccountLockHandler.java:221)
>>> at org.wso2.carbon.identity.handler.event.account.lock.AccountL
>>> ockHandler.handleEvent(AccountLockHandler.java:141)
>>> at org.wso2.carbon.identity.event.services.IdentityEventService
>>> Impl.handleEvent(IdentityEventServiceImpl.java:56)
>>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>>> tListener.handleEvent(IdentityMgtEventListener.java:595)
>>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>>> tListener.handleEvent(IdentityMgtEventListener.java:547)
>>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>>> tListener.doPostAuthenticate(IdentityMgtEventListener.java:101)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.au
>>> thenticateInternal(AbstractUserStoreManager.java:558)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.ac
>>> cess$100(AbstractUserStoreManager.java:71)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$4.
>>> run(AbstractUserStoreManager.java:466)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$4.
>>> run(AbstractUserStoreManager.java:463)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.au
>>> thenticate(AbstractUserStoreManager.java:463)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$3.
>>> run(AbstractUserStoreManager.java:451)
>>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$3.
>>> run(AbstractUserStoreManager.java:442)
>>> at java.security.AccessController.doP

Re: [Dev] WSO2 IS 5.3.0-Alpha2 : Not Able to authenticate users coming from External LDAP user store

2016-12-07 Thread Hanen Ben Rhouma 
Both tweaks didn't change anything. Do I have to modify claim-config.xml ?
Do you have a working example with OpenLDAP default schemas ?

Regards,
Hanen

On Tue, Dec 6, 2016 at 3:54 PM, Danushka Fernando 
wrote:

> My guess is that you are using default ldap config which we use wso2Person
> type objects and your ldap doesn't have that type defined. So please try
> changing that to inetOrgPerson in user-mgt.cml
>
> Thanks & Regards
> Danushka Fernando
> Senior Software Engineer
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729 <+94%2071%20633%202729>
>
> On Tue, Dec 6, 2016 at 7:18 PM, Hanen Ben Rhouma 
> wrote:
>
>> Hello,
>>
>> I'm facing an issue while trying to authenticate external users (coming
>> from an external OpenLDAP user store) through WSO2 IS. There are missing
>> claims that are required and even through I commented all what my LDAP
>> doesn't provide in  claim-config.xml I'm still not able to authenticate
>> users:
>>
>> [2016-12-06 13:32:39,159] DEBUG {org.wso2.carbon.user.core.lda
>> p.ReadOnlyLDAPUserStoreManager} -  User: admin exist: true
>> [2016-12-06 13:32:39,161] DEBUG {org.wso2.carbon.user.core.lda
>> p.ReadWriteLDAPUserStoreManager} -  Replace escape characters configured
>> to: true
>> [2016-12-06 13:32:39,161] DEBUG {org.wso2.carbon.user.core.lda
>> p.ReadWriteLDAPUserStoreManager} -  Replace escape characters configured
>> to: true
>> [2016-12-06 13:32:39,204] DEBUG {org.wso2.carbon.user.core.lda
>> p.ReadWriteLDAPUserStoreManager} -  One or more attributes you are
>> trying to add/update are not supported by underlying LDAP for user : admin
>> javax.naming.directory.InvalidAttributeIdentifierException: [LDAP: error
>> code 17 - failedLoginAttempts: attribute type undefined]; remaining name
>> 'cn=admin'
>> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3205)
>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3082)
>> at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2888)
>> at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1408)
>> at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttribu
>> tes(ComponentDirContext.java:257)
>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAt
>> tributes(PartialCompositeDirContext.java:167)
>> at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAt
>> tributes(PartialCompositeDirContext.java:156)
>> at org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager
>> .doSetUserClaimValues(ReadWriteLDAPUserStoreManager.java:917)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.se
>> tUserClaimValues(AbstractUserStoreManager.java:1211)
>> at org.wso2.carbon.identity.governance.store.UserStoreBasedIden
>> tityDataStore.store(UserStoreBasedIdentityDataStore.java:72)
>> at org.wso2.carbon.identity.governance.listener.IdentityStoreEv
>> entListener.doPreSetUserClaimValues(IdentityStoreEventListener.java:110)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.se
>> tUserClaimValues(AbstractUserStoreManager.java:1205)
>> at org.wso2.carbon.identity.handler.event.account.lock.AccountL
>> ockHandler.handlePostAuthentication(AccountLockHandler.java:221)
>> at org.wso2.carbon.identity.handler.event.account.lock.AccountL
>> ockHandler.handleEvent(AccountLockHandler.java:141)
>> at org.wso2.carbon.identity.event.services.IdentityEventService
>> Impl.handleEvent(IdentityEventServiceImpl.java:56)
>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>> tListener.handleEvent(IdentityMgtEventListener.java:595)
>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>> tListener.handleEvent(IdentityMgtEventListener.java:547)
>> at org.wso2.carbon.identity.governance.listener.IdentityMgtEven
>> tListener.doPostAuthenticate(IdentityMgtEventListener.java:101)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.au
>> thenticateInternal(AbstractUserStoreManager.java:558)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.ac
>> cess$100(AbstractUserStoreManager.java:71)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$4.
>> run(AbstractUserStoreManager.java:466)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$4.
>> run(AbstractUserStoreManager.java:463)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.au
>> thenticate(AbstractUserStoreManager.java:463)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$3.
>> run(AbstractUserStoreManager.java:451)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager$3.
>> run(AbstractUserStoreManager.java:442)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at org.wso2.carbon.user.core.common.AbstractUserStoreManager.au
>> thenticate(AbstractUserStoreManager.java:442)
>> at org.wso2.carbon.core.services.authentication.AuthenticationA
>> dmin.login(AuthenticationAdmin.java:100)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Met

[Dev] [APIM] User Creation Tasks are not visible in Admin dashboard when Email username is enabled

2016-12-07 Thread Sumedha Kodithuwakku 
Hi APIM team,

I have enabled email username for APIM 2.0.0 and tried self signup feature
which requires admin approval. While doing that, noticed that user creation
approval tasks are not visible in Admin dashboard when logged in as admin
of that particular tenant.

The reason is, there is a validation to check whether the tasks are owned
by the logged in user, and in that method Email username case has not been
handled properly (see below, line #125 to #134).

var actualOwner=response.*::taskAbstract.*::actualOwner;

var store = jagg.module("manager").getAPIStoreObj();
var isEmailLoginEnabled=store.isEnableEmailUsername();
*if(!isEmailLoginEnabled && (username.indexOf("@") != -1)){*
*username=username.split("@")[0];*
*}*

if(username==actualOwner){
return true;
}


Here the actualOwner is a tenant aware and the logged in username is having
the full qualified username. Hence when email is enabled, above split will
not happen and the check will fail.

This can be fixed by using;

var MultitenantUtils = Packages.org.wso2.carbon.utils.multitenancy.
MultitenantUtils;
username = MultitenantUtils.getTenantAwareUsername(username);


I have created a JIRA for this [1]. Can we please get this fixed in next
release.

[1] https://wso2.org/jira/browse/APIMANAGER-5520

Thanks
SumedhaS


-- 
*Sumedha Kodithuwakku*
Senior Software Engineer
WSO2 Inc. : http://wso2.com
lean . enterprise . middleware

Mobile: +94 71 808 1124 <+94%2071%20808%201124>
Blog: http://sumedhask.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [Architecture] [C5] MSF4J Interceptors need to be configurable.

2016-12-07 Thread Afkham Azeez 
How about supporting JAXRS filters?

On Wed, Dec 7, 2016 at 12:52 PM, Thusitha Thilina Dayaratne <
thusit...@wso2.com> wrote:

> Hi Ishara,
>
> As you have mentioned, with the current architecture we can't set the
> specific interceptor for a particular service but rather to all services in
> the registry. And also if there are multiple interceptors and one
> interceptor returns false from its' preCaall then the invocation chain will
> not continue further.
>
> IMHO we have few options
>
>- We can implement a way to register specific interceptors to specific
>services
>- We can support JAX-RS Filters
>- We can provide a way to skip some interceptors for specific services
>
> @Azeez WDYT?
>
> Thanks
> Thusitha
>
>
> On Wed, Dec 7, 2016 at 10:56 AM, Ishara Cooray  wrote:
>
>> HI,
>>
>> We are using MSF4J interceptor for securing REST APIs in API Manager. [1]
>> As for now Interceptor registration happens at the class level @Component
>> annotation as below.
>>
>> @Component(
>> name = "org.wso2.carbon.apimgt.rest.a
>> pi.common.interceptors.OAUTH2SecurityInterceptor",
>> service = Interceptor.class,
>> immediate = true
>> )
>> The limitations here are
>>
>>1. it is not possible to have more than one interceptor that will
>>dynamically pick when an api call is received(Because the order matters 
>> and
>>we are not certain which interceptor will take into effect ).
>>2. We cannot explicitly configure to use Custom interceptors because
>>of the above[1] reason.
>>
>> Do we have any plans for these limitations?
>>
>> Thanks & Regards,
>> Ishara Cooray
>> Senior Software Engineer
>> Mobile : +9477 262 9512 <+94%2077%20262%209512>
>> WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Thusitha Dayaratne
> Software Engineer
> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>
> Mobile  +94712756809 <071%20275%206809>
> Blog  alokayasoya.blogspot.com
> Abouthttp://about.me/thusithathilina
> 
>
>
> ___
> Architecture mailing list
> architect...@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
*Afkham Azeez*
Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com
Member; Apache Software Foundation; http://www.apache.org/
* *
*email: **az...@wso2.com* 
* cell: +94 77 3320919blog: **http://blog.afkham.org*

*twitter: **http://twitter.com/afkham_azeez*

*linked-in: **http://lk.linkedin.com/in/afkhamazeez
*

*Lean . Enterprise . Middleware*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev