Re: [Architecture] WSO2 App Server / ESB and websockets

[Ajanthan Balachandran]

Hi,
We are shipping Websocket samples(java) with wso2 as 5.1.0 please have a
look at [0] and [1].
Hope this will help you.
Thanks

[0]
http://svn.wso2.org/repos/wso2/carbon/platform/branches/4.1.0/products/as/5.1.0/modules/samples/common/webapp/src/main/java/websocket/
[1]
http://svn.wso2.org/repos/wso2/carbon/platform/branches/4.1.0/products/as/5.1.0/modules/samples/common/webapp/src/main/resources/websocket/
On Thu, May 30, 2013 at 7:04 AM, Nuwan Bandara nu...@wso2.com wrote:

 Hi,

 App Server is on top of Tomcat 7.0.4 + which supports websockets, if not
 jaggery you can write it in java, and the docs are at [1] from tomcat

 Regards,
 /Nuwan

 [1] http://tomcat.apache.org/tomcat-7.0-doc/web-socket-howto.html



 On Thu, May 30, 2013 at 3:55 AM, Mike Stoddart sto...@gmail.com wrote:

 Could you? :)

 On 2013-05-29, at 3:26 PM, Paul Fremantle p...@wso2.com wrote:

 Mike

 You can do it in Java as well as Jaggery. Not sure if we've documented
 that yet :-)

 Paul


 On 29 May 2013 20:25, Mike Stoddart sto...@gmail.com wrote:

 Thanks Paul. So it's not possible to run a Java based websocket server
 using the App Server or API Manager? Only Jaggery?


 On Wed, May 29, 2013 at 3:19 PM, Paul Fremantle p...@wso2.com wrote:

 Hi

 Yes we support websockets in Jaggery in the App Server now. The ESB is
 adding support for websockets, but doesn't yet have it.

 Paul


 On 29 May 2013 20:18, Mike Stoddart sto...@gmail.com wrote:

 I realise this may not be the right place to ask this question but it
 is architecture related so I hope you'll forgive me!

 I'm prototyping a new solution using WSO2 and one requirement I have
 is to provide real-time data updates to web users over a websocket. Our
 current solution uses websockets but I'm trying to use WSO2 to rewrite 
 from
 the ground up.

 Someone mentioned on Stackoverflow that one could use a class
 mediator, but my understanding is that the mediator is uni-directional and
 not flexible enough. Though mediators are for the ESB, which doesn't
 actually solve the problem of allowing a websocket connection.

 I have a custom Java application that runs on a server, which stores
 data in an in-memory Hazelcast grid. I need to serve this data to web
 clients over a websocket.

 Is there any way in WSO's API Manager or Application Server to support
 websocket connections in this manner? If not, are there any plans to
 implement this and how might it be done?

 Thanks



 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Paul Fremantle
 CTO and Co-Founder, WSO2
 OASIS WS-RX TC Co-chair, VP, Apache Synapse

 UK: +44 207 096 0336
 US: +1 646 595 7614

 blog: http://pzf.fremantle.org
 twitter.com/pzfreo
 p...@wso2.com

 wso2.com Lean Enterprise Middleware

 Disclaimer: This communication may contain privileged or other
 confidential information and is intended exclusively for the addressee/s.
 If you are not the intended recipient/s, or believe that you may have
 received this communication in error, please reply to the sender indicating
 that fact and delete the copy you received and in addition, you should not
 print, copy, retransmit, disseminate, or otherwise use the information
 contained in this communication. Internet communications cannot be
 guaranteed to be timely, secure, error or virus-free. The sender does not
 accept liability for any errors or omissions.

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Paul Fremantle
 CTO and Co-Founder, WSO2
 OASIS WS-RX TC Co-chair, VP, Apache Synapse

 UK: +44 207 096 0336
 US: +1 646 595 7614

 blog: http://pzf.fremantle.org
 twitter.com/pzfreo
 p...@wso2.com

 wso2.com Lean Enterprise Middleware

 Disclaimer: This communication may contain privileged or other
 confidential information and is intended exclusively for the addressee/s.
 If you are not the intended recipient/s, or believe that you may have
 received this communication in error, please reply to the sender indicating
 that fact and delete the copy you received and in addition, you should not
 print, copy, retransmit, disseminate, or otherwise use the information
 contained in this communication. Internet communications cannot be
 guaranteed to be timely, secure, error or virus-free. The sender does not
 accept liability for any errors or omissions.

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] Generic Resource(Registry) Management in App Factory

[Ajanthan Balachandran]

Hi All,

In App Factory, users can create resources through configure UI,put
different values for each stages(dev,qa...etc) and access those resources
in their applications through registry api.We achieved this through
registry mounting.

App Factory /_system/governance is mounted to common DB.The governance
registry of App Factory will looks like follow

/_system/governance
   |-dependencies
 -|dev
  |-foo(dev value)
 -|qa
  |-foo(qa value)
 -|stging
  |-foo(staging value)
 -|prod
 |-foo(prod value)

The governance registry of the dev app server also will be mounted to the
same common DB.In addition to that  /_system/governance/dependencies  of
the dev appserver also will be mounted to
/_system/governance/dependencies/dev of common DB.
Same mounting model will be set to all the app servers in other stages as
well.

Then programming model for accessing this resource will looks like follow.

CarbonContext cCtx = CarbonContext.getCurrentContext();
Registry registry = (Registry)
cCtx.getRegistry(RegistryType.SYSTEM_GOVERNANCE);
Resource resource = registry.get(dependencies/foo);

API Manager authorization token(API manager key) also will be managed as
above.

WDYT?
-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Issue in App subscription and Key generation with API Manager in AppFactory

[Ajanthan Balachandran]

On Fri, Jun 14, 2013 at 10:14 PM, Punnadi Gunarathna punn...@wso2.comwrote:

 Hi All,

 We have identified $subject and the scenario is as follows:

 AppOwner creates an Application called App1 in App Factory.
 He loggs-in to API Manger and subscript App1 with API1 and generate key
 pairs.
 He also invite few developers for App1.

 Based on the current implementation, any other developer who will login to
 App Factory will not be able to see the previous subscription or already
 generated keys and also since sso is enabled at API Manager front, they can
 subscribe the same application individually again with the API1 and
 generate new keys.

 But as per the requirement there should be only a single set of keys
 generated for sandbox and production separately for a particular
 application (It is true that we can regenerate keys and it is accepted).
 But with the above scenario, each person can generate different key sets
 for same application and this will be a hassle in terms of usage.

 As we discussed with Sumedha, API Manager currently does not support group
 wise key generation. Therefore we have come up with a below strategy to
 prevent each user from creating separate keys for the same application over
 and over again.

 That is, Only the AppOwner will have the privilege to subscribe to an API
 and re/generate keys with API Manager. The generated keys will be saved in
 DB and when other users (dev,qa,devops) login, they can only see the
 generated keys. We will also make SSO disabled and no buttons will be
 available in UI to go to API Manager for these user roles.

If SSO is disabled(API store) how the appowner is going to login and
subscribe to API(manually entering the credential again)?


 Feel free to share your feedback.

 --
 Thanks and Regards,

 Punnadi Gunarathna
 Senior Software Engineer, WSO2, Inc.; http://wso2.com http://wso2
 email: punn...@wso2.com lal...@wso2.com

  http://lalajisureshika.blogspot.com/

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Developer Studio 3.2.0 Beta Released !

[Ajanthan Balachandran]

On Sat, Jun 29, 2013 at 1:00 AM, Susankha Nirmala susan...@wso2.com wrote:


 Hi All,

 We have WSO2 Developer Studio 3.2.0 Beta release ready to be downloaded at
 [1]. Installed eclipse distributions available at [2]

 This release includes following bug fixes.

 *Bug Fixes*

 [TOOLS-1632] - CAR project pom contains invalid characters
 [TOOLS-1678] - Importing a Synapse Config with Main sequence triggers
 Invalid In and Out elements error in ESB Graphical Editor
 [TOOLS-1694] - AF perspective detais view not filling all the feilds
 [TOOLS-1695] - AF perspective switch link doesn't appear in dashboard in
 windows
 [TOOLS-1696] - Could not deploy BPEL projects which were developed in
 windows
 [TOOLS-1701] - AppFactory Build logs option freez the UI
 [TOOLS-1702] - AppFactory Perspective show nothing if close the login
 [TOOLS-1703] - App Development team infomation API does not work, User
 cannot see role info
 [TOOLS-1704] - If login fails to the appfactory pespective, proper error
 message should be shown to the user

 *Important*

  AppFactroy Tooling Requires Egit 2.3.1 but EGit 2.3.1 was released too
 late for Juno SR2, hence Juno SR2 contains EGit version 2.2.0. Please
 use[4] to update Egit plugin.

Can you please provide EGit update site url([4] is missing)?


 These new bundles will be packed with DevS packs from  3.2.0

 [1]-
 http://builder1.us1.wso2.org/~developerstudio/developer-studio/3.2.0/beta/wso2-developer-studio_3.2.0.zip
 [2]-
 http://builder1.us1.wso2.org/~developerstudio/developer-studio/3.2.0/beta/installed-distributions/

 Thanks and Regards,
 The WSO2 Developer Studio Team.
 --
 Susankha Nirmala
 Software Engineer
 WSO2, Inc.: http://wso2.com
 lean.enterprise.middleware
 Mobile : +94 77 593 2146

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Appfactory] Tenant Isolation for Jenkins.

[Ajanthan Balachandran]

On Fri, Jul 12, 2013 at 7:06 PM, Ramith Jayasinghe ram...@wso2.com wrote:

 Hi,
  I have been looking at possible ways to achieve the $subject.

  And here's one possible way of achieving this.

  Basis of this approach is to deploy jenkins as a web application on our
 Application Server ( -- I tested this) [1].

  There couple aspects we need to think about :
   1. Tenant Creation
   2. Authentication and authorization
   3. Building Jobs.
   4. Load balancing and HA
 *
 Tenant Creation*
  Now suppose user creates a organization/tenant xyz on Appfactory.
  Appfactory could either :
   1. Deploy jenkins onto the xyz tenant

  Or

This will work as each tenant gets its own classloader.

   2. Deploy jenkins on super tenant. With this approach we have to rename
 jenkins.war (possibly to xyz.war) to make this jenkins instance different
 from others.

This will not work as jenkins uses lot of singletons.So we need seperate
class loader for web app


  With either way each jenkins instance needs to be provided with a its own
 JENKINS_HOME.
  This can be achieved via adding a context.xml file with content similar
 to following to jenkins.war distribution ( specifically into META-INF)

 Context
   Environment name=JENKINS_HOME value=${J_HOMES}/xyz
 type=java.lang.String/
 /Context

 $J_HOMES refers to a directory in file system and supplied as a system
 variable during the server start up etc.
 'xyz' sub-directory has to be created and filled with configurations,
 plugins etc before deploying the webapp.

 Configuration that needs to go into this folder are typically related to
 maven,jdks, plugins  etc. ( can puppet be of use to automate all this?)

It is not good to have modified config for each tenants. Whenever  we need
enable failover node we need to get these modified files.But
if we have a one war file(with configs) that can be used regardless of
tenants ,then that is very scalable.I think it is possible because there is
no tenant specific configurations(the config for tenant 1 and
2 ideally same).



 *
 **Note:* I already came across an issue where content in conext.xml is
 not visible to jenkins.war when deployed onto a tenant ( maybe a bug in AS
 ?)

Did you try to set homepath as jndi variable.It seems that they are using
jndi to supply the value.We have changed the JNDI factory for AS.So we need
to
write a Servlet Context listener and set the Jenkins path as jndi value.

 *
 Authentication  Authorization*

  We could use Jenkins LDAP (may be with some modifications) plugin based
 on the requirement or we might have to change current authentication plugin
 [2] we wrote for jenkins.
  Further, I think with above approach we still can use the role strategy
 plugin [3] that's currently in use.

Jenkins going to run in carbon environment so you can get user
manager through carbon context.

 *
 Building Jobs*

 Master nodes ( - deployed on AS) should not run build jobs.
 Instead these should be delegated to a pool of jenkins slaves [4][5]. We
 need to figure out a scheme on how to do this.

 *Load balancing and HA *

 Deploying and testing jenkins on a AS cluster should be the starting point
 to figure out  this whole approach would scale.

In jenkins world we can not cluster master.We can only set up failover to
master and  offload the build to slaves.There is a one to many connection
between a master and slaves.If
one slave is assigned to a master it can not be assign to other master.As a
solution we can have pool of slaves and assign slave on demand(when ever a
build is trickered ) and return to the pool after finishing job.
Starting point may be jenkins Swarm plugin.We can't use it out of the box
but we have to modify the plugin to support the multi master shared slaves
deployment.



 [1] https://wiki.jenkins-ci.org/display/JENKINS/Tomcat
 [2]
 https://svn.wso2.org/repos/wso2/carbon/platform/branches/4.1.0/products/appfactory/1.0.0/modules/webapps/appfactory-authentication-plugin
 [3]
 https://svn.wso2.org/repos/wso2/carbon/platform/branches/4.1.0/dependencies/jenkins-ci/role-strategy-plugin/1.1.3-wso2v2
 [4] https://wiki.jenkins-ci.org/display/JENKINS/Distributed+builds
 [5]
 https://wiki.jenkins-ci.org/display/JENKINS/Distributed+builds#Distributedbuilds-RunningMultipleSlavesontheSameMachine


 --
 Ramith Jayasinghe
 Technical Lead
 WSO2 Inc., http://wso2.com
 lean.enterprise.middleware

 E: ram...@wso2.com



 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Stratos Deployment Pattern for Multi Tenanted App Factory

[Ajanthan Balachandran]

On Fri, Jul 19, 2013 at 6:28 AM, Samisa Abeysinghe sam...@wso2.com wrote:

 So, if this design is proposing the MT AF deployment, should we not look
 at the whole architecture, not just the registry separation?

When we started to look at this aspect we found that governance
registry,userstore ,billing and throttling are shared aspects in one
stratos deployment.
Hence each cloud in environment(as cloud) is considered as service by
stratos the billing and metering,it can be done per environment basis.


 Registry is an important aspect. But IMHO, there is more into it. User
 store is a good one.
 What about caching, dep-sync and concerns similar to those?

Other aspects are connected with clustering.So any way those are
seperated.(as dev cluster caching and as test cluster caching are isolated
because of different clustering domain)




 On Fri, Jul 19, 2013 at 6:22 AM, Ajanthan Balachandran 
 ajant...@wso2.comwrote:

 Yes,If you compare previous AF deployment pattern and proposed pattern
 only difference is separate governance registry per environment,We already
 have MT in runtime(Stratos) so that will not
 change with MT  AF.Only Change is previously we provided one isolated
 runtime per application.But now in MT AF all the apps in one tenant will
 share one runtime.
 Ideally we have to provide userstore per environment.That should be
 supported out of the box.But this proposes maximum shared deployment that
 can one achieve in MT AF .


  On Thu, Jul 18, 2013 at 6:35 PM, Samisa Abeysinghe sam...@wso2.comwrote:

 So what is this thread proposing? A new MT architecture or a slight
 improvement to existing preview



 On Thu, Jul 18, 2013 at 1:16 PM, Dimuthu Leelarathne 
 dimut...@wso2.comwrote:


 Hi,


 On Thu, Jul 18, 2013 at 6:46 AM, Samisa Abeysinghe sam...@wso2.comwrote:




 I am not sure if this will be right. What does this user store
 contain? Does it only allow auth to AF aspects only or does it also auth
 apps too.

 If I map this to the internal WSO2 stuff, AF development users
 internal LDAP, and apps to are authorized against the same LDAP. But those
 apps, before being hit into production are not using the the production
 LDAP rather a replica. Becuase, those developing the apps are not supposed
 to mess with the production user store.
 May be the solution is to have the AF user store to be separate form
 the Apps user store to be an IS instance plugged into AF.

 Still, for the common use case, you cannot rule out the use of a
 different user store for production AS in the production cloud. So I am
 not sure if this shared user store concept will work.


 Current afpreview implementation does not support the above deployment
 scenario but the new code will support both deployments and many deployment
 options. It is a matter of writing the BPEL right. So in the case of
 production AS having a different user store we will have to change the 
 BPEL.


 thanks,
 dimuthu




 Here we have problem because of different governance registry used
 for services in environment and Stratos controller(SC).whenever tenant is
 created in stratos controller
 in addition to userstore changes SC is adding some additional stuffs
 to governance registry(service activation details etc..).To solve this
 problem we can have additional service
 which will be do the post tenant creation activities on tenant
 creation .
 This services will be hosted in a dummy SC in each environment.This
 manager will evaluate throttling rules and update governance registry per
 environment.By doing so we can have different throtling rules per
 environment.

 Any suggestions or improvements are welcome.

 --
 ajanthan
 --
 Ajanthan Balachandiran
 Senior Software Engineer;
 Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

 email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
 blog: http://bkayts.blogspot.com/

 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --

 Thanks,
 Samisa...

 Samisa Abeysinghe
 VP Engineering
 WSO2 Inc.
 http://wso2.com
 http://wso2.org

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Dimuthu Leelarathne
  Architect  Product Lead of App Factory

 WSO2, Inc. (http://wso2.com)
 email: dimut...@wso2.com
 Mobile : 0773661935

 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --

 Thanks,
 Samisa...

 Samisa Abeysinghe
 VP Engineering
 WSO2 Inc.
 http://wso2.com
 http://wso2.org

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 ajanthan
 --
 Ajanthan

Re: [Architecture] Stratos Deployment Pattern for Multi Tenanted App Factory

[Ajanthan Balachandran]

On Fri, Jul 19, 2013 at 6:56 AM, Samisa Abeysinghe sam...@wso2.com wrote:

 But the diagram need to depict all those (if cannot be done using one,
 using multiple)

 The problem with the current one is that, it is hard to connect the dots,
 as it has only partial info.

I agree.I will send multiple diagrams(or table) to depicts how each aspects
are separated.




 On Fri, Jul 19, 2013 at 6:47 AM, Ajanthan Balachandran 
 ajant...@wso2.comwrote:




 On Fri, Jul 19, 2013 at 6:28 AM, Samisa Abeysinghe sam...@wso2.comwrote:

 So, if this design is proposing the MT AF deployment, should we not look
 at the whole architecture, not just the registry separation?

 When we started to look at this aspect we found that governance
 registry,userstore ,billing and throttling are shared aspects in one
 stratos deployment.
 Hence each cloud in environment(as cloud) is considered as service by
 stratos the billing and metering,it can be done per environment basis.


 Registry is an important aspect. But IMHO, there is more into it. User
 store is a good one.
  What about caching, dep-sync and concerns similar to those?

 Other aspects are connected with clustering.So any way those are
 seperated.(as dev cluster caching and as test cluster caching are isolated
 because of different clustering domain)




 On Fri, Jul 19, 2013 at 6:22 AM, Ajanthan Balachandran 
 ajant...@wso2.com wrote:

 Yes,If you compare previous AF deployment pattern and proposed pattern
 only difference is separate governance registry per environment,We already
 have MT in runtime(Stratos) so that will not
 change with MT  AF.Only Change is previously we provided one isolated
 runtime per application.But now in MT AF all the apps in one tenant will
 share one runtime.
 Ideally we have to provide userstore per environment.That should be
 supported out of the box.But this proposes maximum shared deployment that
 can one achieve in MT AF .


  On Thu, Jul 18, 2013 at 6:35 PM, Samisa Abeysinghe sam...@wso2.comwrote:

 So what is this thread proposing? A new MT architecture or a slight
 improvement to existing preview



 On Thu, Jul 18, 2013 at 1:16 PM, Dimuthu Leelarathne 
 dimut...@wso2.com wrote:


 Hi,


 On Thu, Jul 18, 2013 at 6:46 AM, Samisa Abeysinghe 
 sam...@wso2.comwrote:




 I am not sure if this will be right. What does this user store
 contain? Does it only allow auth to AF aspects only or does it also auth
 apps too.

 If I map this to the internal WSO2 stuff, AF development users
 internal LDAP, and apps to are authorized against the same LDAP. But 
 those
 apps, before being hit into production are not using the the production
 LDAP rather a replica. Becuase, those developing the apps are not 
 supposed
 to mess with the production user store.
 May be the solution is to have the AF user store to be separate form
 the Apps user store to be an IS instance plugged into AF.

 Still, for the common use case, you cannot rule out the use of a
 different user store for production AS in the production cloud. So I 
 am
 not sure if this shared user store concept will work.


 Current afpreview implementation does not support the above
 deployment scenario but the new code will support both deployments and 
 many
 deployment options. It is a matter of writing the BPEL right. So in the
 case of production AS having a different user store we will have to 
 change
 the BPEL.


 thanks,
 dimuthu




 Here we have problem because of different governance registry used
 for services in environment and Stratos controller(SC).whenever tenant 
 is
 created in stratos controller
 in addition to userstore changes SC is adding
 some additional stuffs to governance registry(service activation 
 details
 etc..).To solve this problem we can have additional service
 which will be do the post tenant creation activities on tenant
 creation .
 This services will be hosted in a dummy SC in each environment.This
 manager will evaluate throttling rules and update governance registry 
 per
 environment.By doing so we can have different throtling rules per
 environment.

 Any suggestions or improvements are welcome.

 --
 ajanthan
 --
 Ajanthan Balachandiran
 Senior Software Engineer;
 Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

 email: ajanthan http://goog_595075977@wso2.com; cell:
 +94775581497
 blog: http://bkayts.blogspot.com/

 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --

 Thanks,
 Samisa...

 Samisa Abeysinghe
 VP Engineering
 WSO2 Inc.
 http://wso2.com
 http://wso2.org

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Dimuthu Leelarathne
  Architect  Product Lead of App Factory

 WSO2, Inc. (http://wso2.com)
 email: dimut...@wso2.com
 Mobile : 0773661935

 Lean . Enterprise

Re: [Architecture] Multi tenanting Issue Tracker

[Ajanthan Balachandran]

On Wed, Jul 24, 2013 at 12:02 PM, Dimuthu Leelarathne dimut...@wso2.comwrote:

 Hi,

 I've been looking into the subject. Evaluated 2 projects

 Trac

I believe you mean this[0] project by Trac.

 - Very active, 13 contributors (according to ohloh) in python
 - One proecess per project. We can associate a realm to a several
 projects. It is multi-tenanted.
 - Apache license

It is not  Apache license.It is modified BSD[1]

 - Good API

By default it does not have a remote API.We have to install XMLRPC
plugin[2].It has limited methods[3] ,we may have to add additional methods.



 Bug Genie Notes (Sameera pointed this out)
 - This is multi-tenant using the means of hostnames. The methodology is to
 put host name in /etc/hosts and then in /etc/apache2/sites-enabled. So this
 solution is not very scalable. Perhaps it will scale up to hundreds.
 - MPL
 -Does not have a good API
 -Not very active, 1 contributor
 -Agile dashboards are present

 IMO trac has a more scalable MT story than Bug Genie. I am +1 for trac. So
 going forward with track would mean having a service that spawning
 processes as required and killing them after a certain idle time. I think
 that system would scale well. I assume there is a better way to do
 authentication password file - which I have been using so far.

 thanks,
 dimuthu


 --
 Dimuthu Leelarathne
 Architect  Product Lead of App Factory

 WSO2, Inc. (http://wso2.com)
 email: dimut...@wso2.com

 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


[0]http://trac.edgewall.org/
[1]http://trac.edgewall.org/wiki/TracLicense
[2]http://trac-hacks.org/wiki/XmlRpcPlugin
[3]
https://bitbucket.org/alexandrul/trac-xmlrpc-plugin/src/4bede1987d4e17ae89bfb65576a69266ad7915bb/README.wiki?at=default
-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Appfactory] Tenant Isolation in Jenkins

[Ajanthan Balachandran]

On Wed, Jul 24, 2013 at 4:34 PM, Shamika Ariyawansa sham...@wso2.comwrote:

 HI,

 As we discussed so fa,r we tried/trying following approaches for the
 $subject.

 1. Deploying Jenkins web app in AS per tenant. - Solution was not scalable
 due to the size of the Jenkins Web-app (61MB - without plugins) and its not
 practicable to deploy this as the tenant count gets increased.

If the content of the war duplicated for tenants you can put the common
libs into $CARBON_HOME/repository/components/lib(in parent classloader) and
make minimal war file that contains tenant specific stuffs.


 2. Use one Jenkins server and make it possible to make it multi-tenant
 by introducing a role-based plugin (an extension to Role-Strategy Plugin).

 Here all the tenants related jobs are stored in one space
 (no operation between tenant) and the multi-tenancy is achieved by having a
 filtering mechanism based on the logged users tenant. Problem here is
 everything will be done in one workspace so it will be difficult to manage
 when the the tenant count gets increased with the job count.

 3. Patch the Jenkins to set the JENKINS_HOME directory on the fly so
 that separate HOME directory will be used for the different tenants.

 By looking at the Jenkins code we found that the Jenkins Home is set to a
 singleton class (jenkins.model.Jenkins) and the whole system uses that
 class to obtain JENKINS HOME. As a solution we can update this class to
 return JENKINS_HOME based on logged users tenant.

 Main risk for this is that in the  in above class has a public variable to
 store the JENKINS_HOME (variable - root). Also there is also an
 encapsulated method to get this too.( getRootDir() ). We are not sure the
 how the other plugins have referred this. I am trying to do an hard-coded
 test whether this works or not?

This will not work unless you reload all the configurations from disk after
returning the JENKINS_HOME.In jenkins on start up all the config files are
loaded from disk(job configs also).We change JENKINS_HOME at the middle
 but still in the memory there are configs(job configs) from previous
JENKINS_HOME.


 WDYT?

 --
 Shamika Ariyawansa
 Senior Software Engineer

 Mob:+ 94 772929486




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] AppFactory Admin Services

[Ajanthan Balachandran]

On Wed, Aug 14, 2013 at 12:36 PM, Srinath Perera srin...@wso2.com wrote:

 Ajanthan we can fix that by extending Unified endpoints to capture that.

Yes if we want to set any SOAP header to partner service request we can set
it in bpel itself because we have partner service request as variable in
bpel.But if we want to set it in http header we need to
extent Unified endpoints.But How we are going to capture the user who
invoked the BPEL? In the Unified endpoint handler do we have access to the
information on request(which instance's partner service request and who
invoked that instance)?

 --Srinath


 On Wed, Aug 14, 2013 at 12:32 PM, Ajanthan Balachandran ajant...@wso2.com
  wrote:




 On Wed, Aug 14, 2013 at 9:26 AM, Dimuthu Leelarathne 
 dimut...@wso2.comwrote:

 Hi,

 AF BPELs are running in the super tenant space. Now the question is,
 whether BPEL should invoke admin services deployed in respective tenant
 space or super tenant space.

 Here is sample of the admin services [1] From that we can see that some
 admin services should be in super tenant space and others in respective
 tenant space.

 So now comes the question, how can a BPEL running in admin space invoke
 an admin service in tenant space?

 Here is the answer that can be seen so far.

 1 - Write the mutual auth authenticator for carbon framework. This would
 check whether the call is coming over a 2 way SSL connection and let the
 user through. The authorization happen as the real user. This is discussed
 in the mail thread titled Multi-tenant AF user model architecture@
 2 - Extend the UnifiedEndPoint handler to inject the invoking person's
 name in to a header (SOAP or HTTP)

 We can set SOAP headers in BPEL but not http headers


 And another separate point, the admin services marked in yellow should
 have an explicit permission check before performing any action to check
 whether the user has permission to do particular action for the application.

 WDYT?

 thanks,
 dimuthu




 --
 Dimuthu Leelarathne
 Architect  Product Lead of App Factory

 WSO2, Inc. (http://wso2.com)
 email: dimut...@wso2.com
 Mobile : 0773661935

 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 ajanthan
 --
 Ajanthan Balachandiran
 Senior Software Engineer;
 Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

 email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
 blog: http://bkayts.blogspot.com/


 Lean . Enterprise . Middleware




 --
 
 Srinath Perera, Ph.D.
   Director, Research, WSO2 Inc.
   Visiting Faculty, University of Moratuwa
   Member, Apache Software Foundation
   Research Scientist, Lanka Software Foundation
   Blog: http://srinathsview.blogspot.com/
   Photos: http://www.flickr.com/photos/hemapani/
Phone: 0772360902




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] [AppFactory] Isolating JNDI Resource among the Applications of a Tenant

[Ajanthan Balachandran]

Hi all,
Currently in AppFactory all the JNDI resources (Eg: Datasources) are
visible to all the applications within a tenant.By default in our
platform each tenant is getting separate subcontext with in
initialContext. Same way we can provide a subcontext per deployed
application in the application server.
In order to achieve it we have to create an application aware
InitialJNDIContextFactoryBuilder and InitialContextFactory.
The behavior of the application aware InitialJNDIContextFactoryBuilder
will be as follows.
While initializing the JNDI context first it will create a subcontext
for tenant and if the request is for an application (in such situation
there will be an application name in Carboncontext) then it will
create a subcontext for that application and return.
With this approach the JNDI resources that are created for a
tenant(Eg: Transaction Manager) will not be available for the
applications.In this case the JNDI look up of the application
subcontext will happen as follows. First it will search within
application subcontext if it not there it will look up within tenant
subcontext.
In this way if we want to provide a resource for an application then
we have to put it into the application subcontext and if the resource
meant to be shared within a tenant we have to put into tenant
subcontext.

Implementation
---
Currently in our platform InitialJNDIContextFactoryBuilder is not
configurable but  default InitialContextFactory is configurable.To
achieve this we have to make InitialJNDIContextFactoryBuilder
configurable.

Appreciate any feedback on this approach.

-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajant...@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [AppFactory] Isolating JNDI Resource among the Applications of a Tenant

[Ajanthan Balachandran]

On Tue, Nov 12, 2013 at 11:10 AM, Piyum Fernando pi...@wso2.com wrote:
 Hi Ajanthan,

 AS team also had a small internal discussion on implementing this and the
 approach is somewhat similar.
 And also there will be few changes in our JNDI implementation with C5 effort
 so better we make everything clear before start.

 Shall we have a meeting with AS+Carbon and discuss this?.
+1

 Thanks.


 On Tue, Nov 12, 2013 at 10:52 AM, Ajanthan Balachandran ajant...@wso2.com
 wrote:

 Hi all,
 Currently in AppFactory all the JNDI resources (Eg: Datasources) are
 visible to all the applications within a tenant.By default in our
 platform each tenant is getting separate subcontext with in
 initialContext. Same way we can provide a subcontext per deployed
 application in the application server.
 In order to achieve it we have to create an application aware
 InitialJNDIContextFactoryBuilder and InitialContextFactory.
 The behavior of the application aware InitialJNDIContextFactoryBuilder
 will be as follows.
 While initializing the JNDI context first it will create a subcontext
 for tenant and if the request is for an application (in such situation
 there will be an application name in Carboncontext) then it will
 create a subcontext for that application and return.
 With this approach the JNDI resources that are created for a
 tenant(Eg: Transaction Manager) will not be available for the
 applications.In this case the JNDI look up of the application
 subcontext will happen as follows. First it will search within
 application subcontext if it not there it will look up within tenant
 subcontext.
 In this way if we want to provide a resource for an application then
 we have to put it into the application subcontext and if the resource
 meant to be shared within a tenant we have to put into tenant
 subcontext.

 Implementation
 ---
 Currently in our platform InitialJNDIContextFactoryBuilder is not
 configurable but  default InitialContextFactory is configurable.To
 achieve this we have to make InitialJNDIContextFactoryBuilder
 configurable.

 Appreciate any feedback on this approach.

 --
 ajanthan
 --
 Ajanthan Balachandiran
 Senior Software Engineer;
 Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

 email: ajant...@wso2.com; cell: +94775581497
 blog: http://bkayts.blogspot.com/

 Lean . Enterprise . Middleware
 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Piyum Fernando
 Software Engineer
 WSO2 Inc.;  http://wso2.com

 Mobile: +94 77 22 93 880
 Tel:  +94 31 22 75 715

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajant...@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Appfactory][Artifact Deployment] Possible Improvements.

[Ajanthan Balachandran]

On Sun, Nov 10, 2013 at 8:32 PM, Samisa Abeysinghe sam...@wso2.com wrote:
 What are the time costs implied by these alternatives? Meaning how much time
 between user action and the time it is really ready to use.

  What are the implications on the async mode of operation? Meaning, when
 would the user be notified of the availability and how?


 Thanks,
 Samisa...


 Samisa Abeysinghe

 Vice President Training

 WSO2 Inc.
 http://wso2.com



 On Fri, Nov 8, 2013 at 11:21 AM, Ramith Jayasinghe ram...@wso2.com wrote:

 Hi,
  The way its was implemented is to clone the artifact repository ( a.k.a
 S2 Git repo) to a fixed directory (there is one for each tenant) every time
 when there is a need to deploy an artifact.

 However, suppose a situation users of a tenant trying to deploy multiple
 artifacts in parallel.
 What we observed during such scenario is that none of the artifacts get
 committed (and pushed) to git repository. This means artifact deployment
 fails for everyone of that tenant.


 The most easiest may of fixing this is
 1. atomically create an temporary directory
 2. clone the git repository onto that directory
 3. copy the new artifact to correct location ( - possibly replacing
 existing artifact with the same name)
4. Git add - git commit - git push.
5. Delete the temporary directory.

 Now this fix is already done (and some other bugs) with svn revision:
 189685 and relevant issue is https://wso2.org/jira/browse/APPFAC-1630

 HOWEVER, This will introduce a major problem because it always clones the
 entire git repository  each time an artifact is deployed. Given that in a
 real world scenario this git repository can be comparatively big ( with lots
 of artifacts already existing in the git repo).

 One possible way to fix this problem would be to serialize each deployment
 request using a queue ( which exists in Appfactory plugin we wrote for
 jenkins). and switch back to keeping a fixed location to clone the git
 repository ( - the previous scheme)
Have we checked the possibility of having multiple workspace per
requests and having Subdirectory Checkouts with git sparse-checkout?
Even implementing the server side upload api to add blobs to git
database also possible[0].

  Couple of things we need to take into account when we do this:
1. Artifacts deployed by a tenant can end up in different runtimes.
E.g. Esb artifacts goes to ESB runtime while webapps, jaxrs, goes
 to AS.

   So we need to maintain directory per runtime (or application type).
 Otherwise we will end up having web applications committed to a git
 repository meant for ESB!
 E.g. tempdir/war , tempdir/esb/, tempdir/php

   2. Code surrounding Appfactory-Plugin can needs to be
 re-factored/Improved.


   3. Re-visit the logic surrounding the way we deploy ESB artifacts to
 figure out are there any additional file types that needs to deploy (- and
 there location). Currently it assumes only xml files.

 Any thoughts?



 --
 Ramith Jayasinghe
 Technical Lead
 WSO2 Inc., http://wso2.com
 lean.enterprise.middleware

 E: ram...@wso2.com


 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[0]http://developer.github.com/v3/git/commits/#create-a-commit


-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajant...@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Database/Database user/Data base permission template Isolation in AppFactory

[Ajanthan Balachandran]

On Thu, Nov 21, 2013 at 11:02 PM, Dimuthu Leelarathne dimut...@wso2.comwrote:

 Hi Ajanthan,

 Why do we need 3 RXTs?

We need one RXT for DB,DBUser,PermissionTemplate.
Do you thing we can store all three data in one RXT(DBInfo) ?Does Greg
support storing multiple values(say arrays) ?


 thanks,
 dimuthu



 On Thu, Nov 21, 2013 at 10:49 PM, Ajanthan Balachandran ajant...@wso2.com
  wrote:

 Hi all,
 In current app factory implementation whenever a user view one
 application's Database/Database users/Database permission templates  in
 resources UI, he can see all the Databases/Database users/Data base
 permission templates from within a tenant.
 At run time database of one application cannot be accessed by other 
 applications,
 because the database user password is only known by the first
 application user.
 So here we need to only filter the  Database/Database user/Data base
 permission template in UI level. In order to filter at app factory UI level
 we need to keep mapping between the applications and Databases/Database
 users/Data base permission templates.

 Here there will be three RXTs (DB,DBUser,PermissionTemplate) to store
 the name and environment of the database,user and template.An OwnedBytype of 
 registry association will be used to associate each RXTs to
 application.

 While adding the database or user or template first we will check
 availability of the name in Storage Server(SS) side  and then only it
 will be added to RXT and SS.While listing the database,user and
 template, first the name of those resources will be retrieved from RXTs
 that have ownedBy association with the selected application and then
 displayed.When the user click on the name of the resources only more
 details will be pulled from SS.

 Appreciate any feedback or concerns on this approach.
 --
 Ajanthan Balachandiran
 Senior Software Engineer;
 Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

 email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
 blog: http://bkayts.blogspot.com/

 Lean . Enterprise . Middleware




 --
 Dimuthu Leelarathne
 Architect  Product Lead of App Factory

 WSO2, Inc. (http://wso2.com)
 email: dimut...@wso2.com
 Mobile : 0773661935

 Lean . Enterprise . Middleware




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] per-developer git repos for App Factory

[Ajanthan Balachandran]

Hi,
In Add Developer option,When the developer is invited according to diagram
AF is creating a repo.
Isn't it forging existing repo?
Thanks.


On Sun, Dec 8, 2013 at 11:15 PM, Sanjiva Weerawarana sanj...@wso2.comwrote:

 Following up on the discussion we had earlier this week, here's the thing
 I wrote up a while ago ..
 [image: Inline image 1]

 Here's the link to edit / change:


 http://www.websequencediagrams.com/?lz=dGl0bGUgQXBwIEZhY3RvcnkgR2l0IFJlcG9zCgpvcHQgQ3JlYXRlIE5ldyBBcHAKICBBcHBPd25lciAtPiBBRjoAGQhuABcKRiAtPiBHaXRibGl0ABMNcmVwbwogABMIADwFAEYHOiBIZXJlJ3MgeW91ciBhcHAAJAgARwZKZW5raW5zOiBBZGQAZQVidWlsZCB0YXNrIGZvACYLZW5kAIExBkFkZCBEZXZlbG9wZXIAgScPAA8JOiBpbnZpdGF0aW9uIHRvIGpvaW4gcHJvamVjdAogADYKAIFjCFN1cmUgAIFJGXJlcG8AgQkFZGV2AIFYDgBmCwCBWwxwcml2ADEIAIFCKWRldgCBXA8AgR0KV3JpdGVzIENvZGUAgS8QAIMGCUdpdCBQdWxsAIFQEACCCgsALBQAgikLTG9jYWwgSURFAIMABgBLH3NoAINkDgCDQglCADYHAINVBwCDEgcgQ2xvdWQ6IERlcGxveSBkAIJ6CQBXFQCDPwsAgyMKdGVzdC9kZWJ1ZwCEBQpQdWxsIFJlcXVlcwCDRRUAGwVyABcJAIU9BgCFEwoAEwwgcmVjZWl2ZWQAhXwQAIVCCVJldmkAhWkFAEYJAIYoCwCGDwlNZXJnZQCFABpOb3RpZnkgYWNjZXB0AIVTBQs=vs2010

 Sanjiva.
 --
 Sanjiva Weerawarana, Ph.D.
 Founder, Chairman  CEO; WSO2, Inc.;  http://wso2.com/
 email: sanj...@wso2.com; office: +1 650 745 4499 x5700; cell: +94 77 787
 6880 | +1 650 265 8311
 blog: http://sanjiva.weerawarana.org/
 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] per-developer git repos for App Factory

[Ajanthan Balachandran]

On Tue, Dec 10, 2013 at 6:29 AM, Shiroshica Kulatilake sh...@wso2.comwrote:

 Hi,

 So,
 when a application is created a repo is created for that application - we
 do this now

Say the created repo is https://git.cloud.wso2.com/fooTenant/fooApp.

 when a developer is invited we create a repo for him/her - we need to
 clone the application repo ?

This time we will make a server side copy of the app repository and expose
it as a  new repo(forking) say
https://git.cloud.wso2.com/fooTenant/DevName/fooApp.

 when a developer wants to code he/she will do a git pull /fetch updateand 
 work on it - meaning we use this
 repo directly - or we clone this again ?

He need to clone forged reopo(
https://git.cloud.wso2.com/fooTenant/DevName/fooApp) and push changes to same
repo.

 once done the developer will send a pull request to AF - we need to add
 this via eventing ?

Yes there should be a human task(or some kind of task) fired for app owner.

 App owner will review / merge and notify developer - need to add this - is
 this similar to github functionality ?

Forking repo into personal space is already  available gitblit but the
merging functionality is still in development stage[0]


 Thank you,
 Shiro




 On Mon, Dec 9, 2013 at 10:44 PM, Chan duli...@wso2.com wrote:

 Hi guys,
 Quick question - is this pulling by developer happening locally or is it
 cloud base?

 Cheers~


 On Mon, Dec 9, 2013 at 10:11 PM, Sanjiva Weerawarana sanj...@wso2.comwrote:

 I think the model is each developer has multiple repos .. the developer
 account will show all repos they have.


 On Mon, Dec 9, 2013 at 4:20 PM, Dimuthu Leelarathne 
 dimut...@wso2.comwrote:

 Hi,

 I think it should be as follows.

 When a person because a developer for the first time create a repo for
 him. Whenever he is invited to a project then clone the project into his
 repo.

 So basically we will have to clone the complete project to into his
 repo. This could be cloning a repo as a folder into developer's repo.

 dimuthu





 On Mon, Dec 9, 2013 at 8:32 AM, Ajanthan Balachandran 
 ajant...@wso2.com wrote:

 Hi,
 In Add Developer option,When the developer is invited according to
 diagram AF is creating a repo.
 Isn't it forging existing repo?
 Thanks.


 On Sun, Dec 8, 2013 at 11:15 PM, Sanjiva Weerawarana sanj...@wso2.com
  wrote:

 Following up on the discussion we had earlier this week, here's the
 thing I wrote up a while ago ..
 [image: Inline image 1]

 Here's the link to edit / change:


 http://www.websequencediagrams.com/?lz=dGl0bGUgQXBwIEZhY3RvcnkgR2l0IFJlcG9zCgpvcHQgQ3JlYXRlIE5ldyBBcHAKICBBcHBPd25lciAtPiBBRjoAGQhuABcKRiAtPiBHaXRibGl0ABMNcmVwbwogABMIADwFAEYHOiBIZXJlJ3MgeW91ciBhcHAAJAgARwZKZW5raW5zOiBBZGQAZQVidWlsZCB0YXNrIGZvACYLZW5kAIExBkFkZCBEZXZlbG9wZXIAgScPAA8JOiBpbnZpdGF0aW9uIHRvIGpvaW4gcHJvamVjdAogADYKAIFjCFN1cmUgAIFJGXJlcG8AgQkFZGV2AIFYDgBmCwCBWwxwcml2ADEIAIFCKWRldgCBXA8AgR0KV3JpdGVzIENvZGUAgS8QAIMGCUdpdCBQdWxsAIFQEACCCgsALBQAgikLTG9jYWwgSURFAIMABgBLH3NoAINkDgCDQglCADYHAINVBwCDEgcgQ2xvdWQ6IERlcGxveSBkAIJ6CQBXFQCDPwsAgyMKdGVzdC9kZWJ1ZwCEBQpQdWxsIFJlcXVlcwCDRRUAGwVyABcJAIU9BgCFEwoAEwwgcmVjZWl2ZWQAhXwQAIVCCVJldmkAhWkFAEYJAIYoCwCGDwlNZXJnZQCFABpOb3RpZnkgYWNjZXB0AIVTBQs=vs2010

 Sanjiva.
 --
 Sanjiva Weerawarana, Ph.D.
 Founder, Chairman  CEO; WSO2, Inc.;  http://wso2.com/
 email: sanj...@wso2.com; office: +1 650 745 4499 x5700; cell: +94 77
 787 6880 | +1 650 265 8311
 blog: http://sanjiva.weerawarana.org/
 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 ajanthan
 --
 Ajanthan Balachandiran
 Senior Software Engineer;
 Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

 email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
 blog: http://bkayts.blogspot.com/


 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Dimuthu Leelarathne
 Architect  Product Lead of App Factory

 WSO2, Inc. (http://wso2.com)
 email: dimut...@wso2.com
 Mobile : 0773661935

 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Sanjiva Weerawarana, Ph.D.
 Founder, Chairman  CEO; WSO2, Inc.;  http://wso2.com/
 email: sanj...@wso2.com; office: +1 650 745 4499 x5700; cell: +94 77
 787 6880 | +1 650 265 8311
 blog: http://sanjiva.weerawarana.org/
 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Chan (Dulitha Wijewantha)
 Software Engineer - Mobile Development
  WSO2Mobile
 Lean.Enterprise.Mobileware
  * ~Email   duli...@wso2.com duli...@wso2mobile.com

Re: [Architecture] [AppFactory] Create AppFactory applications from already existing application binaries

[Ajanthan Balachandran]

On Mon, Jan 6, 2014 at 4:43 PM, Shamika Ariyawansa sham...@wso2.com wrote:

 Hi All,

 New feature that is going to be introduced to AppFactory is creating a
 new application by uploading exiting binary file of an application. e.gWAR

 *User Scenario*

 1. User logs on to the system, goes to the application creation page.
 2. In there user provides basic information related to the application,
 such as name, key, description then he/she would be able to create the
 application by choosing one of the following options,

  a. Create the application from the scratch by selecting the repository
 type and application type which maps with existing functionality. *OR*
  b. Create the application by uploading the binary file and selecting the
 binary file type. By doing so the application will be created as non build
 -able application.

 3. In Repos and Builds page user will be able to see the
 uploaded application and he/she will be able to do following operationsfrom 
 there,
   a. Delete the existing application.
   b. Upload new version of the same application. - Provides a way to
 upload new binary file.

Re uploading should be allowed in the dev stage only. Isn't it?

   c. Test the application by deploying to Dev cloud.

 Note that for applications created like this, source repository paths,
 build options and not shown to the users.

 4. From Life Cycle Management page user will be able to Promote and Demote
 the application through different life cycles.

 *Solution*

 So far in AppFactory we maintain two logical types of application flows.
 Buildable and non-Buildable. Buildabale applications are mainly handled
 and deployed by the buildserver (Jenkins) whereas non-Buildable are
 maintained and deployed by the AppFactory itself.
 uploading existing application functionality will
 be implemented considering Non-Buildable application flow as follows.

 [image: Inline image 2]

 Further App Creation, Build and Repos and other UIs will
 be changed accordingly.


 Regards,
 --
 Shamika Ariyawansa
 Senior Software Engineer
 WSO2, Inc.; http://wso2.com

 LK -  +94 7639629 Ext 5999
 US - +1 408 754 7388 Ext 51732
 Mob:+ 94 772929486

 *twitter: 
 **https://twitter.com/Amila_Shamika*https://twitter.com/Amila_Shamika
 * linked-in: *http://www.linkedin.com/pub/dir/Shamika/Ariyawansa

 *Lean . Enterprise . Middleware*




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [App Factory] Per Developer Repos

[Ajanthan Balachandran]

The GithubRepositoryProvider that is already implemented in AF provide
API to get the Github username of the AF user and store as claim.Once
the user is invited to a project contributer/developer permission will
be added to that user provider Github for the repo using Github API.

BTW are we going to implement this feature for Github first and then
for Gitblit?

On Thu, Jan 9, 2014 at 11:54 AM, Manisha Gayathri mani...@wso2.com wrote:
 Hi Shiro,

 Github does not provide APIs to create users in github. Instead it can add
 existing github users to existing github organizations. Therefore creating
 github user ids for AF users from AF side is not possible.

 Thanks
 Manisha


 On Thu, Jan 9, 2014 at 11:44 AM, Shiroshica Kulatilake sh...@wso2.com
 wrote:

 Hi,

 In this case aren't we using Github as the tool to manage repos in AF - so
 shouldn't AF deal with creating user ids in GitHub ? This is instead of
 asking for github id's from team members ?

 Thank you,
 Shiro


 On Thu, Jan 9, 2014 at 11:22 AM, Punnadi Gunarathna punn...@wso2.com
 wrote:

 Hi All,

 While inviting developers to the newly created application, those
 developers should get added to the pull only permission team in GitHub for
 it's corresponding repository. In order to do that we will have to pass the
 correct GitHub user ids of those developers. So there is a problem which is
 we need to have the developer's GitHub user id in AF front.

 Any thoughts?


 On Wed, Jan 8, 2014 at 2:49 PM, Punnadi Gunarathna punn...@wso2.com
 wrote:




 On Wed, Jan 8, 2014 at 2:11 PM, Manisha Gayathri mani...@wso2.com
 wrote:




 On Wed, Jan 8, 2014 at 2:08 PM, Manisha Gayathri mani...@wso2.com
 wrote:




 On Wed, Jan 8, 2014 at 1:54 PM, Punnadi Gunarathna punn...@wso2.com
 wrote:

 Hi all,

 If the app owner choose the repository type as github while
 creating an application, we need to have the prerequisite [1] IMO.

 [1] All the users of this organization need to have a GitHub account.


 Yes. This is an issue. And we need to provide the proper name in the
 way it appears in the github. What happens in Github is a suggestion list
 appears when we are typing the member name.


 Moreover when the repository is created under the organization
 context, we will have to create two teams for each repository at the 
 same
 time as follows:

 1. team_appowners_appKey : Has to be created with 'push pull and
 administrative' permission. Needs to add the repository created earlier.
 2. team_developers_appKey : Has to be created with 'pull only'
 permission. Needs to add the repository created earlier.


 To add a team, it is not mandatory to add a repo AFAIK. Adding a repo
 is optional.

 Yes it is not mandatory to add a repo to a team. Also I think there has
 to be 2 teams for each repo not just one team for the whole organization.
 What we are trying to achieve here is that to give different permission
 levels for two teams for the created repo. So I believe it is needed to add
 the corresponding repo to address that matter. Please correct me if i am
 wrong.


 The team creation should happen in tenant creation time. At that point
 no repo is available. Repos are available only after the app is created.
 At that point,
 1. Tenant admin registers the tenant in github
 2. Create the team appowners and developers under that organization
 3. Create the app. Only at this time, the repo is created.


 CORRECTION
 4. After the repo is created, when allocating users to the app, we acan
 assign the repo to the team with the team ID.  (using the API call PUT
 /teams/:id/repos/:org/:repo)

 At the time of the repo creation, we can assign the repo to the team
 with the team ID.  (using the API call PUT /teams/:id/repos/:org/:repo)


 So at the time of team selection for the application we will be able
 to add them to the earlier created teams accordingly.

 WDYT?


 On Mon, Jan 6, 2014 at 11:56 AM, Janaka Ranabahu jan...@wso2.com
 wrote:

 Hi Manisha,


 On Mon, Jan 6, 2014 at 11:51 AM, Manisha Gayathri mani...@wso2.com
 wrote:

 After the offline discussion with Dimuthu, we decided to go ahead
 with the per developer repo for now. Per developer build, deploy and 
 test
 will be considered later.

 So what you are suggesting is that the developer is not allowed to
 build the project? IMO, all of develop, build, deploy and test by a
 developer comes under one user story. We should at least have a user 
 story
 for build and deployment for a developer, if we are only going to work 
 with
 repo part now.

 WDYT?

 Thanks,
 Janaka


 Thanks
 Manisha


 On Mon, Jan 6, 2014 at 11:45 AM, Manisha Gayathri
 mani...@wso2.com wrote:

 Thanks for bringing this up Janaka. Was going to address this
 separately.

 What I thought was, the ideal scenario would be, the developer
 should be able to build, deploy and test in their own isolated 
 environment.
 But this incorporates a lot of work and changes. In that case, the 
 user
 story will be like once the developer does the Pull 

Re: [Architecture] Unwanted application deployment notifications in AppFactory

[Ajanthan Balachandran]

On Tue, Jul 1, 2014 at 5:48 PM, Anuruddha Premalal anurud...@wso2.com
wrote:

 Hi All,

 Following is the problem-solution description regards to jira APPFAC-2252
 https://wso2.org/jira/browse/APPFAC-2252

 *Problem :*

 AppServer tenant get unloaded when there is no activity for 30mins. When a
 user deploy an app to this unloaded tenant, it will load and deploy all
 previously deployed apps; current implementation use catalina
 LifecycleListner and it captures these redeployment events and triggers the
 notifications.

 *Solution :*

 Send the artifact md5sum with the notification to the Appfactory.
 Appfactory will validate the md5 and push the wall message accordingly.

How about only publishing the events from a tenant after only if the tenant
is completely loaded(you can detect this status by checking
tenantConfigCtx.getProperty(MultitenantConstants.LAST_ACCESSED)[0] ).We can
filter out the deployment events that are happening due to tenant loading
using this method.



 Regards,
 --
 *Anuruddha Premalal*
 Software Eng. | WSO2 Inc.
 Mobile : +94710461070
 Web site : www.regilandvalley.com

 Advances of technology should not leave behind the developing world

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


[0]

 long lastAccessedTime
=TenantAxisUtils.getLastAccessed(tenantDomain,
ServiceHolder.getInstance()

.getConfigContextService().getServerConfigContext());


if(lastAccessedTime!=-1){
log.info([sendNotification] Tenant : +tenantDomain+ appid :
+appId+ msg : +msg);
}else {
log.info([sendNotification] ignoring..tenant is not
loaded  );
}

-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Appfactory - Support for WAR deployment for Tomcat Single tenant Cartridge

[Ajanthan Balachandran]

Hi,


On Fri, Jul 25, 2014 at 2:40 PM, Ramith Jayasinghe ram...@wso2.com wrote:

 Addition to this,
  When application is deleted Appfactory should remove the subscription
 made for this application ( a.k.a unsubscribe from the cartridge)


 On Fri, Jul 25, 2014 at 2:34 PM, Madhawa Bandara madh...@wso2.com wrote:

 User story:

 When user creates a web application (app type : war), he should be able
 to select the runtime on which he wants his application to be deployed.

 Application Creation: Steps:

 1. A user navigates to ‘Create Application’ page.

 2. Selects the application type as Web Application (app type = war).

 3. Appfactory would populate a drop down list that displays the available
 runtimes:

 WSO2 Application Server v 5.1.0

 Apache Tomcat v 7.0.54

 4. User selects ‘Apache Tomcat’ as his preferred runtime and creates the
 application

 (Appfactory will record this information for later use).


 Application Deployment:

 1. Upon the very first deployment of any application version onto a
 particular stage, Appfactory would make a subscription in Stratos, based on
 the selected runtime during the application creation (git repository
 containing the war artifact is provided during the subscription).

 Examples:

 a) A trunk version of the application is auto-built and auto-deployed
 onto the ‘Development’ stage. Before the very first deployment happens
 (after the auto build) Appfactory should make the subscription.

 b) Promotion of an application


- A developer promotes a particular version of an application from
the Development stage to the Testing stage.
- A QA Engineer clicks on the ‘Deploy’ button of that version.
- Appfactory checks whether there is a subscription available for
this application in Testing stage.
- If there is no such subscription already, then Appfactory would
make a new subscription based on the runtime selected during the
application creation.
- Appfactory would deploy the particular application version onto the
server in the Test Stage.


 2. If the runtime selected by the user is based on a single tenanted
 cartridge, Stratos will spin up a new cartridge once a subscription is
 made. If the runtime provided is a multi-tenanted cartridge, the instances
 are created  when cartridge definition is provisioned (as specified by the
 autoscaling and deployment policy).

 Here what is the strategy for spawning single tenant cartridges?Is it
cartridge per application? Or one cartridge per tenant?


 Improvements:

 User could be given the option to select the runtime per application per
 stage.

 (e.g. Apache tomcat dev/test stages , WSO2 Application server for
 Production stage)



 --
 Regards,

 *Madhawa Bandara*
 Software Engineer
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+94777487726 %2B94777487726*
 Blog* - *classdeffound.blogspot.com




 --
 Ramith Jayasinghe
 Technical Lead
 WSO2 Inc., http://wso2.com
 lean.enterprise.middleware

 E: ram...@wso2.com
 P: +94 777542851


 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Appfactory - Support for WAR deployment for Tomcat Single tenant Cartridge

[Ajanthan Balachandran]

On Fri, Jul 25, 2014 at 3:38 PM, Dimuthu Leelarathne dimut...@wso2.com
wrote:

 Hi Ajanthan,

 Please see my answers inline.


 On Fri, Jul 25, 2014 at 3:24 PM, Ajanthan Balachandran ajant...@wso2.com
 wrote:

 Hi,


 On Fri, Jul 25, 2014 at 2:40 PM, Ramith Jayasinghe ram...@wso2.com
 wrote:

 Addition to this,
  When application is deleted Appfactory should remove the subscription
 made for this application ( a.k.a unsubscribe from the cartridge)


 On Fri, Jul 25, 2014 at 2:34 PM, Madhawa Bandara madh...@wso2.com
 wrote:

 User story:

 When user creates a web application (app type : war), he should be able
 to select the runtime on which he wants his application to be deployed.

 Application Creation: Steps:

 1. A user navigates to ‘Create Application’ page.

 2. Selects the application type as Web Application (app type = war).

 3. Appfactory would populate a drop down list that displays the
 available runtimes:

 WSO2 Application Server v 5.1.0

 Apache Tomcat v 7.0.54

 4. User selects ‘Apache Tomcat’ as his preferred runtime and creates
 the application

 (Appfactory will record this information for later use).


 Application Deployment:

 1. Upon the very first deployment of any application version onto a
 particular stage, Appfactory would make a subscription in Stratos, based on
 the selected runtime during the application creation (git repository
 containing the war artifact is provided during the subscription).

 Examples:

 a) A trunk version of the application is auto-built and auto-deployed
 onto the ‘Development’ stage. Before the very first deployment happens
 (after the auto build) Appfactory should make the subscription.

 b) Promotion of an application


- A developer promotes a particular version of an application from
the Development stage to the Testing stage.
- A QA Engineer clicks on the ‘Deploy’ button of that version.
- Appfactory checks whether there is a subscription available for
this application in Testing stage.
- If there is no such subscription already, then Appfactory would
make a new subscription based on the runtime selected during the
application creation.
- Appfactory would deploy the particular application version onto
the server in the Test Stage.


 2. If the runtime selected by the user is based on a single tenanted
 cartridge, Stratos will spin up a new cartridge once a subscription is
 made. If the runtime provided is a multi-tenanted cartridge, the instances
 are created  when cartridge definition is provisioned (as specified by the
 autoscaling and deployment policy).

 Here what is the strategy for spawning single tenant cartridges?Is it
 cartridge per application? Or one cartridge per tenant?


 What about the JNDI look up isolation we have done in App Server? Is it
 portable to Tomcat?

In tomcat each web app will get their own JNDI context but the problem is
Tomcat does not allow adding/editing and deleting JNDI resource without a
redeploy.So we will not able to register datasources for web app
dynamically.We can port the same idea to tomcat ,we may need to extend
tomcat's JNDI factory and plug.


 thanks,
 dimuthu




 Improvements:

 User could be given the option to select the runtime per application
 per stage.

 (e.g. Apache tomcat dev/test stages , WSO2 Application server for
 Production stage)





 --
 Regards,

 *Madhawa Bandara*
 Software Engineer
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+94777487726 %2B94777487726*
 Blog* - *classdeffound.blogspot.com




 --
 Ramith Jayasinghe
 Technical Lead
 WSO2 Inc., http://wso2.com
 lean.enterprise.middleware

 E: ram...@wso2.com
 P: +94 777542851


 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 ajanthan
 --
 Ajanthan Balachandiran
 Senior Software Engineer;
 Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

 email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
 blog: http://bkayts.blogspot.com/

 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Dimuthu Leelarathne
 Architect  Product Lead of App Factory

 WSO2, Inc. (http://wso2.com)
 email: dimut...@wso2.com
 Mobile : 0773661935

 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman

Re: [Architecture] [App Factory] Data Model for AppFactory

[Ajanthan Balachandran]

Find the DB schema design iteration 1 with changes suggested and table for
tracking repository fork and resource isolation (specially DB,DB user and
DB permission template.).


​


On Thu, Aug 14, 2014 at 9:25 PM, Dimuthu Leelarathne dimut...@wso2.com
wrote:

 Hi,



 On Thu, Aug 14, 2014 at 9:30 AM, Gayan Dhanushka gay...@wso2.com wrote:

 Hi Ajanthan,

 What about the forrk repository related data. We have builds for forked
 repos and we used to keep them in the rxts?


 Mostly, they are all runtime data.

 thanks,
 dimuthu



 Thanks
 GayanD


 On Thu, Aug 14, 2014 at 9:13 AM, Dimuthu Leelarathne dimut...@wso2.com
 wrote:


 On 14 Aug 2014 09:00, Manisha Gayathri mani...@wso2.com wrote:
 
 
 
 
  On Thu, Aug 14, 2014 at 3:47 AM, Dimuthu Leelarathne 
 dimut...@wso2.com wrote:
 
  Hi Ajanthan and all,
 
  I see some meta data in these tables. The following are not runtime
 data, but rather meta data
 
  1 - app_owner in AF_APP
 
  Also REPO_ACCESSABILITY in AF_APP too is a meta data. That was to
 decide whether it is a forked repo/shared main repo. But I am not sure
 whether this is still being used.
  Will check and let you know

 That is not being used.  Lets scrap it.

 Tx,
 Dimuthu

 
  Following fields in AF_VERSION.
  2 - stage and promote_status - and why do we have both
  4 - auto_build
  5 - auto_deploy
 
  And also not sure what  status in AF_APP is.
 
  @Ramith - History is not runtime data. And we have to rethink about
 ETA.
 
  thanks,
  dimuthu
 
 
 
  On Wed, Aug 13, 2014 at 9:03 PM, Ajanthan Balachandran 
 ajant...@wso2.com wrote:
 
  Hi,
  We are currently storing all the runtime data such as build
 id,deployed id ..etc into App Rxt as well App version Rxt.This approach
 seems to be violating common practice(Storing metadata only into Rxt) and
 we have experienced some performance implication.
  Here now we are going to move all the non meta data to a relational
 database.Following is the initial design of the table structures.
 
 
  Any suggestions/Improvements that can we accommodate ?
  ​
 
  --
  ajanthan
  --
  Ajanthan Balachandiran
  Senior Software Engineer;
  Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/
 
  email: ajant...@wso2.com; cell: +94775581497
  blog: http://bkayts.blogspot.com/
 
  Lean . Enterprise . Middleware
 
 
 
 
  --
  Dimuthu Leelarathne
  Architect  Product Lead of App Factory
 
  WSO2, Inc. (http://wso2.com)
  email: dimut...@wso2.com
  Mobile : 0773661935
 
  Lean . Enterprise . Middleware
 
 
 
 
  --
  ~Regards
  Manisha Eleperuma
  Software Engineer
  WSO2, Inc.: http://wso2.com
  lean.enterprise.middleware
 
  blog:  http://manisha-eleperuma.blogspot.com/
  mobile:  +94 71 8279777
 




 --
 Gayan Dhanuska
 Software Engineer
 http://wso2.com/
 Lean Enterprise Middleware

 Mobile
 071 666 2327

 Office
 Tel   : 94 11 214 5345
  Fax  : 94 11 214 5300

 Twitter : https://twitter.com/gayanlggd




 --
 Dimuthu Leelarathne
 Architect  Product Lead of App Factory

 WSO2, Inc. (http://wso2.com)
 email: dimut...@wso2.com
 Mobile : 0773661935

 Lean . Enterprise . Middleware




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Cloud] Tenant deletion

[Ajanthan Balachandran]

On Thu, Aug 21, 2014 at 8:24 PM, Mahesh Chinthaka mahe...@wso2.com wrote:

 Hi Everyone,


 We are working on the Training Project -[Cloud] Tenant deletion
 code/script for cloud - https://redmine.wso2.com/issues/3121. Listed
 below the  workflow of the tenant deletion process in the App Cloud as we
 identified.

 1. Undeploy Jenkins web app from application server

 2. Delete Git repository (use gitblit api to delete repo in Git)

 3. Unsubscribe Stratos using Stratos Rest Services

 4. Check database created by RSSAdmin and delete them

 5. Perform TenantMgtAdminService deleteTenant operation

-

i. Delete Billing data
ii. Delete Tenant Registration Data (Ex. REG_CLUSTER_LOCK, REG_LOG)
iii. Delete Tenant User management data (Ex. UM_USER_PERMISSION,
UM_USER)
iv. Remove Tenant information from cache
v. Delete UM_TENANT table



 Don't you need to cleanup issue tracker?

 As per the analysis there are two solutions we have identified to
 implement this , such as BPEL and Carbon Component. We thought of going for
 a *carbon component* implementation rather than using a* BPEL* due to
 following reasons.

 1. Plugging a Carbon Component will give more extensibility to implement
 Tenant Deletion operation in future Cloud base products

 2. If we used a BPEL we will have to reconstruct at each time when we meet
 a new requirement (ex: esb cloud integration).


 Proposed Solution

Why can't you use existing TenantMgtListener and add onDelete method.It
also has ListenerOrder and every implementation should be registered as
OSGI service.


 1. Create an abstraction for delete operation

  public interface TenantDeletion{

  public void onDeletion();

 }

 2. Implement TenantDeletion for each operations

 public class JenkinsAppUndeployer implements TenantDeletion{

 public void onDeletion(){

  //Implementation of the JenkinsApp undeploy process

 }

 }

 3. Use a configuration file to maintain the execution order which help to
 dynamically add new requirement

 ExecutionOrder

class name=”org.wso2.cloud.tenant.JenkinsAppUndeployer”/class

class name=”org.wso2.cloud.tenant.GitRepoRemover”/class

class name=”org.wso2.cloud.tenant.XX”/class

 /ExecutionOrder


 We are looking for a feedback on this to move forward with selected design.

 --
 Mahesh Chinthaka
 Software Engineer , WSO2.

 Phone : (+94) 71 63 63 083
 Email : mahe...@wso2.com

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [AF] Datasources for PHP application type

[Ajanthan Balachandran]

On Fri, Aug 22, 2014 at 9:53 AM, Manjula Rathnayake manju...@wso2.com
wrote:

 Hi all,

 On Fri, Aug 22, 2014 at 8:41 AM, Dimuthu Leelarathne dimut...@wso2.com
 wrote:

 Hi Madhawa,

 Does PHP have native datasource support? For example[1]. I am -1 on doing
 it through Java. We must look at how PHP community does it. First thing is
 to see how PHP community uses databases in apps.

 If they do have a native datasource concept we have to use it. If that is
 not available second option is using variables and calling registry via
 REST APIs.

 +1, And AFAIK, web developers keep these variables in a configuration
 file. This is because they have externalized all the variables which needs
 to be replaced when they need to deploy in a new environment. If we provide
 a mechanism to upload a complete configuration instead of property by
 property, it will make the developer life easier.

Here there are some concerns,
how the user going to manage credential for calling the REST api? Are we
recommending to use config file inside source tree with encrypted password?
Then there is a problem in sharing the private key between user and the
server. Mutual ssl also has some limitation.If the user happen to know the
admin username he can set it in the header and do operation as admin.


 thank you.


 thanks,
 dimuthu

 [1] http://book.cakephp.org/2.0/en/models/datasources.html


 On Thu, Aug 21, 2014 at 7:17 PM, Manjula Rathnayake manju...@wso2.com
 wrote:

 Hi Madhawa,

 We can keep these variables(string $dsn , string $user , string
 $password) in registry and use registry rest API to get values at runtime.
 So when you promote the application to Test and Production environments,
 application will pick the environment specific values. This will not break
 PHP developer experience as well.

 thank you.


 On Thu, Aug 21, 2014 at 7:00 PM, Madhawa Bandara madh...@wso2.com
 wrote:

 Any thoughts please?


 On Tue, Aug 19, 2014 at 8:14 PM, Madhawa Bandara madh...@wso2.com
 wrote:

 Hi,

 Appfactory supports data sources to be defined and be used in the Java
 applications.

 In the process of enabling the PHP app type support in Appfactory, we
 need to allow users(i.e.developers) to create data sources in Appfactory
 and use them directly inside their PHP applications.

 PHP applications use the odbc_connect ( string $dsn , string $user ,
 string $password [, int $cursor_type ] ) to connect to a database.

 There are third party libraries that enable Java inside PHP scripts
 [1].
 An example for JNDI look-up in inside PHP is in [2].

 In order to allow data sources to be called directly from the PHP apps
 what are the preferable options available?

 You ideas are welcome.


 [1] -  http://php-java-bridge.sourceforge.net/pjb/
 [2] -
 http://php-java-bridge.sourceforge.net/pjb/examples/source.php?source=documentClient.php




 --
 Regards,

 *Madhawa Bandara*
 Software Engineer
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+94777487726 %2B94777487726*
 Blog* - *classdeffound.blogspot.com




 --
 Regards,

 *Madhawa Bandara*
 Software Engineer
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+94777487726 %2B94777487726*
 Blog* - *classdeffound.blogspot.com

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Manjula Rathnayaka
 Software Engineer
 WSO2, Inc.
 Mobile:+94 77 743 1987

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Dimuthu Leelarathne
 Architect  Product Lead of App Factory

 WSO2, Inc. (http://wso2.com)
 email: dimut...@wso2.com
 Mobile : 0773661935

 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Manjula Rathnayaka
 Software Engineer
 WSO2, Inc.
 Mobile:+94 77 743 1987

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




-- 
ajanthan
-- 
Ajanthan Balachandiran
Senior Software Engineer;
Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [AF] Datasources for PHP application type

[Ajanthan Balachandran]

On Fri, Aug 22, 2014 at 10:22 AM, Manjula Rathnayake manju...@wso2.com
wrote:

 Hi Ajanthan,

 On Fri, Aug 22, 2014 at 10:08 AM, Ajanthan Balachandran ajant...@wso2.com
  wrote:




 On Fri, Aug 22, 2014 at 9:53 AM, Manjula Rathnayake manju...@wso2.com
 wrote:

 Hi all,

 On Fri, Aug 22, 2014 at 8:41 AM, Dimuthu Leelarathne dimut...@wso2.com
 wrote:

 Hi Madhawa,

 Does PHP have native datasource support? For example[1]. I am -1 on
 doing it through Java. We must look at how PHP community does it. First
 thing is to see how PHP community uses databases in apps.

 If they do have a native datasource concept we have to use it. If that
 is not available second option is using variables and calling registry via
 REST APIs.

 +1, And AFAIK, web developers keep these variables in a configuration
 file. This is because they have externalized all the variables which needs
 to be replaced when they need to deploy in a new environment. If we provide
 a mechanism to upload a complete configuration instead of property by
 property, it will make the developer life easier.

 Here there are some concerns,
 how the user going to manage credential for calling the REST api? Are we
 recommending to use config file inside source tree with encrypted password?
 Then there is a problem in sharing the private key between user and the
 server. Mutual ssl also has some limitation.If the user happen to know the
 admin username he can set it in the header and do operation as admin.

 Good point. We have to go with OAuth based solution, This is REST API
 security. We can expose these REST API via API Manager too.

Still we need to find a way to manage the token/consumer credential.


 thank you.


 thank you.


 thanks,
 dimuthu

 [1] http://book.cakephp.org/2.0/en/models/datasources.html


 On Thu, Aug 21, 2014 at 7:17 PM, Manjula Rathnayake manju...@wso2.com
 wrote:

 Hi Madhawa,

 We can keep these variables(string $dsn , string $user , string
 $password) in registry and use registry rest API to get values at runtime.
 So when you promote the application to Test and Production environments,
 application will pick the environment specific values. This will not break
 PHP developer experience as well.

 thank you.


 On Thu, Aug 21, 2014 at 7:00 PM, Madhawa Bandara madh...@wso2.com
 wrote:

 Any thoughts please?


 On Tue, Aug 19, 2014 at 8:14 PM, Madhawa Bandara madh...@wso2.com
 wrote:

 Hi,

 Appfactory supports data sources to be defined and be used in the
 Java applications.

 In the process of enabling the PHP app type support in Appfactory,
 we need to allow users(i.e.developers) to create data sources in 
 Appfactory
 and use them directly inside their PHP applications.

 PHP applications use the odbc_connect ( string $dsn , string $user ,
 string $password [, int $cursor_type ] ) to connect to a database.

 There are third party libraries that enable Java inside PHP scripts
 [1].
 An example for JNDI look-up in inside PHP is in [2].

 In order to allow data sources to be called directly from the PHP
 apps what are the preferable options available?

 You ideas are welcome.


 [1] -  http://php-java-bridge.sourceforge.net/pjb/
 [2] -
 http://php-java-bridge.sourceforge.net/pjb/examples/source.php?source=documentClient.php




 --
 Regards,

 *Madhawa Bandara*
 Software Engineer
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+94777487726 %2B94777487726*
 Blog* - *classdeffound.blogspot.com




 --
 Regards,

 *Madhawa Bandara*
 Software Engineer
 WSO2, Inc.
 lean.enterprise.middleware

 Mobile - *+94777487726 %2B94777487726*
 Blog* - *classdeffound.blogspot.com

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Manjula Rathnayaka
 Software Engineer
 WSO2, Inc.
 Mobile:+94 77 743 1987

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Dimuthu Leelarathne
 Architect  Product Lead of App Factory

 WSO2, Inc. (http://wso2.com)
 email: dimut...@wso2.com
 Mobile : 0773661935

 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Manjula Rathnayaka
 Software Engineer
 WSO2, Inc.
 Mobile:+94 77 743 1987

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 ajanthan
 --
 Ajanthan Balachandiran
 Senior Software Engineer;
 Solutions Technologies Team ;WSO2, Inc.;  http://wso2.com/

 email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497
 blog: http://bkayts.blogspot.com/


 Lean . Enterprise . Middleware

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi

Re: [Architecture] ESB connector auto generation tool

[Ajanthan Balachandran]

What do you mean by a tool? Is it command line tool  or maven plugin or
eclipse plugin?

On Fri, Sep 9, 2016 at 2:07 AM, Rajjaz Mohammed  wrote:

>
> Hi,
>>
>> ​We have currently 150+ connectors in store
>> . Using those we can easily build
>> integration use cases with WSO2 ESB.
>>
>> However there are some apis that resides on premises and specific to some
>> users. If we need to integrate such services, we either need to manually do
>> the integration with ESB or develop a connector and use it.
>>
>> The idea of this project is to automate the development of connectors
>> that makes the integration tasks more productive.
>>
>> So we are planning to start this with soap based connectors and move to
>> rest based support later.
>>
>> For soap based connector generation we basically need to parse the wsdl
>> and generate a connector operation per soap operation.
>>
>> For that we can use WSDL4J. Using this we can get the required operations
>> and request/response messages required. Using this information we can build
>> the connector operations.(Sequence Templates)
>>
>> eg:
>> String wsdlPath = "/home/wso2/Desktop/ConnectorTest.wsdl";
>> WSDLReader reader = javax.wsdl.factory.WSDLFactory
>> .newInstance().newWSDLReader();
>> javax.wsdl.Definition defn = reader.readWSDL(wsdlPath);
>>
>> Map tmp = defn.getAllServices();
>>
>> for(javax.xml.namespace.QName  key:tmp.keySet()){
>> ServiceImpl serviceImpl = tmp.get(key);
>> Map  mPorts = serviceImpl.getPorts();
>> for(String k1:mPorts.keySet()){
>> PortImpl portImpl = mPorts.get(k1);
>> List bindingOperations =
>> portImpl.getBinding().getBindingOperations();
>> for(BindingOperationImpl bindingOperation:bindingOperations){
>> System.out.println("operation:" + bindingOperation.getName());
>> BindingInput bindingInput = bindingOperation.getBindingInput();
>> }
>> }
>> }
>> Map messages = defn.getMessages();
>> Iterator msgIterator = messages.values().iterator();
>> while (msgIterator.hasNext()){
>> Message msg = (Message)msgIterator.next();
>> if (!msg.isUndefined()) {
>>  System.out.println(msg.getQName());
>> }
>> }
>> Thoughts?
>>
>>
> Hi All,
>
> I have the plan to implement ESB connector auto-generation tool. Plase add
> if anything more to above explanation about the tool.
>
> Best Regards,
>>
>> Malaka Silva
>> Senior Technical Lead
>> M: +94 777 219 791
>> Tel : 94 11 214 5345
>> Fax :94 11 2145300
>> Skype : malaka.sampath.silva
>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
>> Blog : http://mrmalakasilva.blogspot.com/
>>
>> WSO2, Inc.
>> lean . enterprise . middleware
>> https://wso2.com/signature
>> http://www.wso2.com/about/team/malaka-silva/
>> 
>> https://store.wso2.com/store/
>>
>> Don't make Trees rare, we should keep them with care
>>
>
>
>
> --
> Thank you
> Best Regards
>
> *Rajjaz HM*
> Associate Software Engineer
> Platform Extension Team
> WSO2 Inc. 
> lean | enterprise | middleware
> Mobile | +94752833834|+94777226874
> Email   | raj...@wso2.com
> LinkedIn  | Blogger
>  | WSO2 Profile
> 
> [image: https://wso2.com/signature] 
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 

Ajanthan
Software Engineer;
WSO2, Inc.;  http://wso2.com/

email: ajanthan @wso2.com; cell: +1 425 919 8630
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Publishing APIs into APIM from Tomcat based AS 6.0

[Ajanthan Balachandran]

What is the value of using integrated API gateway  instead of the APIM
gateway ?
Is the Integrated API gateway doing more than OAuth authorization (Eg:
throttling)?

On Mon, Sep 19, 2016 at 1:47 AM, Senthalan Kanagalingam 
wrote:

> Hi Ayyoob,
>
> Thanks for your feedback.
>
> We have a working PoC[1] for API Scanner and Creator. I will go through
> this extension and try to improve my implementation.
> For the Gateway part we have planed to use tomcat valve. But we can look
> into the possible options and come with a better solution.
>
> We are using reflections[2] library to scan annotation. This library
> provide facility to scan custom annotations, param annotations and return
> type. So creating documentation can be supported.
>
> [1] https://github.com/senthalan/product-as/tree/api-everywhere-as
> [2] https://github.com/ronmamo/reflections
>
> Thanks and regards
> K.Senthalan
>
> On Thu, Sep 15, 2016 at 12:51 AM, Ayyoob Hamza  wrote:
>
>> Hi Senthalan,
>>
>> We currently have this capability in EMM/IoTS. However API creator part
>> is tightly coupled with api manager features.
>>
>> [1] API Scanner and Creator : https://github.com/wso2/carb
>> on-device-mgt/tree/master/components/apimgt-extensions/org.
>> wso2.carbon.apimgt.webapp.publisher
>> [2] Gateway: This either can use api manager gateway and do a JWT
>> validation or Use the tomcat valve and do the authorization as you
>> described - https://github.com/wso2/carbon-device-mgt/tree/master/compon
>> ents/webapp-authenticator-framework/org.wso2.carbon.
>> webapp.authenticator.framework.
>>
>> Just wanted to add some other features that we can support as a future
>> requirement is to support swagger annotation. Which is to read and publish
>> along with the api. This way we could create the documentation in store.
>>
>> Thanks,
>> Ayyoob
>>
>> *Ayyoob Hamza*
>> *Software Engineer*
>> WSO2 Inc.; http://wso2.com
>> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>>
>> On Thu, Sep 8, 2016 at 12:20 PM, Senthalan Kanagalingam <
>> sentha...@wso2.com> wrote:
>>
>>> Hi all,
>>>
>>> Publishing APIs into APIM from Tomcat based AS 6.0 - Architecture
>>>
>>> The idea of the above is to automatically create APIs from the deployed
>>> web apps in AS and publish them into the API Publisher. Publishing APIs
>>> automatically makes it easier for webapp developers on Tomcat to use APIM
>>> easier. Right now, the users has to manually create Managed APIs for their
>>> REST-ful web apps.
>>>
>>> As part of this effort, the API gateway will be included within Tomcat
>>> based AS itself. This is used to validate whether the request from that end
>>> user have permission to access that API. So the AS will have an integrated
>>> API gateway to validate.
>>>
>>> The api everywhere for AS 6.0 have 3 main components,
>>>
>>>1.
>>>
>>>API Scanner
>>>2.
>>>
>>>API Creator
>>>3.
>>>
>>>Integrated API gateway
>>>
>>>
>>> API Scanner component will scan the deployed web app and create APIs. In
>>> web app deployment time the API scanner will scan the annotations and
>>> configurations and generate APIs and API informations.
>>>
>>> API Creator will publish the APIs into API Publisher. For that user have
>>> to provide the “clientId” and “clientSecret” of OAuth 2.0. Access token
>>> will be request from the APIM Key manager. Then using that access token the
>>> generated APIs will be published into APIM. The API will be in the
>>> “CREATED” state, the webapp developers can edit and publish as their wish.
>>> API Creator will be a running on new thread to reduce the web app startup
>>> time.
>>>
>>> Integrated API gateway will intercept the request into AS. The access
>>> token of the request will be validated with APIM key manager. If the token
>>> have the right to access the web app, the request will be passed or
>>> otherwise an exception will be thrown to the end user.
>>>
>>>
>>> Until now implementation of API Scanner and API Creator are completed
>>> and working PoC is available.
>>>
>>> We have to decide which information we are going to publish into the API
>>> publisher. There are some items like tags, business information and etc
>>>  which are not compulsory when creating APIs.
>>>
>>>
>>> [image: Inline image 1]
>>>
>>> --
>>> K.Senthalan,
>>> Software Engineering Intern,
>>> WSO2 Inc.
>>> Tel: +94771877466
>>> Email: senthalank...@cse.mrt.ac.lk
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> K.Senthalan,
> Software Engineering Intern,
> WSO2 Inc.
> Tel: +94771877466
> Email: senthalank...@cse.mrt.ac.lk
>
> ___
> Architecture 

Re: [Architecture] [APIM 3.1.0] Support externalizing login/logout URLs (/authorize and /oidc/logout)

[Ajanthan Balachandran]

Hi Malintha,

Based on my understanding these configs are applicable only if WSO2 IS/KM
is configured as external IDP(If the external IDP is a 3rd party IDP,
sending authorization request with locally registered client details won't
work). It was not apparent by looking at the configuration naming. In that
case, we need to document it or else for better the config name should
reflect that fact, otherwise, it will confuse users.

Thanks,
Ajanthan.

On Mon, Jan 6, 2020 at 10:50 PM Malintha Amarasinghe 
wrote:

> Hi,
>
> Currently, we do not support $subject and we always use the local IDP as
> the login/logout URLs (/authorize and /oidc/logout). In normal cases, this
> works without issues. But when it comes to configuring federated login with
> facebook, google etc, it is required to use IS (IS as KM) as the
> intermediate IDP which has the required authenticators to support
> facebook/google logins. In those cases, we need to point the local IDP to
> the IS/KM and the IS/KM points to Facebook as a federated login. But this
> flow has unnecessary one additional hop caused by the local IDP.
>
> As a solution, we plan to support externalizing the IDP URL (used for
> /authorize and /oidc/logout).
>
> [image: image.png]
>
> The plan is to introduce new configs as below:
>
> *api-manager.xml*
>
> {% if apim.idp is defined %}
> 
> 
>
> {{apim.idp.authorize_endpoint}}
> {{apim.idp.oidc_logout_endpoint}}
>
> 
> {% endif %}
>
> *deployment.toml*
>
> #[api.idp]
> #authorize_endpoint = "https://localhost:9444/oauth2/authorize;
> #oidc_logout_endpoint = "https://localhost:9444/oidc/logout;
>
> By default, the server will use the local IDP for login/logout. Only, if
> the above URLs are configured, they will be used instead of the default
> ones.
>
> Thoughts are highly appreciated.
>
> Thanks!
> Malintha
>
> --
> Malintha Amarasinghe
> *WSO2, Inc. - lean | enterprise | middleware*
> http://wso2.com/
>
> Mobile : +94 712383306
>


-- 

Ajanthan
Senior Lead Solutions Engineer;
WSO2, Inc.;  http://wso2.com/

email: ajanthan @wso2.com; cell: +1 425 919 8630
blog: http://bkayts.blogspot.com/

Lean . Enterprise . Middleware
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [IAM] Supporting email verification when user’s email address is updated

[Ajanthan Balachandran]

Hi Johann,

I think here we are talking about two different things. Feel free to
correct me if I am wrong.

In the first case, we are trying to assert the value of the claims provided
by the user. In the case of phone number and email claims sending
verification code does make sense but to assert the first name or last name
sending verification code to email or phone doesn't give enough
assurance(usually photo ID proof is needed to verify names).

What you are talking about is getting enough assurance level for the
authenticated user by prompting 2FA to be able to update security
questions. This should be handled by auth system not the claim verification
system.

Thanks,
Ajanthan.
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture