Re: [Dev] How to set query parameters in Adaptive Authentication

[Prakhash Sivakumar]

Hi Ruwan,

On Fri, Mar 15, 2019 at 9:40 AM Ruwan Abeykoon  wrote:

> Hi Prakhash,
>
> Adding query parameters to the current request has no effect as the
> authenticator prompt is always a redirection. Adding a value into
> redirection URL most probably exposes internal private data via URL.
> However you can consider adding a cookie to the response as an
> alternative.
>

Here my use case was, when an external party redirecting to the IAM to do a
authentication with the onpromt=login value, if the user is already having
a session in the browser, user can by pass the flow by modifying the value.
So I was thinking weather we can enforce this using adaptive auth.

>
> Here can you explain what "force the re authentication" means?
>
What I mean was, even the browser already contain a session, we should be
able to enforce the authentication again

Thanks

>
> Cheers,
> Ruwan
>
> On Fri, Mar 15, 2019 at 9:11 AM Prakhash Sivakumar 
> wrote:
>
>> Hi Devs,
>>
>> I'm trying to assign a query parameter to the request during the
>> authentication flow, but I couldn't find a reference on how to do this.
>>
>> function onLoginRequest(context) {
>>  if (context.request.params.prompt != null &&
>>context.request.params.prompt[0].equals("login")) {
>>executeStep(1, {
>>  authenticationOptions: [{authenticator: 'basicauth'}]
>>}, {});
>>  } else {
>> *//assign the prompt value as login and send to the authenticator in the
>> authentication flow*
>>  }
>> }
>>
>> In the above, I need to complete the commented else part in order to
>> force the re authentication if the prompt value is missing. Is this
>> possible OOB with adaptive scripts ?
>>
>> Thanks
>> --
>> Prakhash Sivakumar
>> Senior Software Engineer | WSO2 Inc
>> Platform Security Team
>> Mobile : +94771510080
>> Blog : https://medium.com/@PrakhashS
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com  *
> *lean.enterprise.middleware.*
>
>

-- 
Prakhash Sivakumar
Senior Software Engineer | WSO2 Inc
Platform Security Team
Mobile : +94771510080
Blog : https://medium.com/@PrakhashS
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] How to set query parameters in Adaptive Authentication

[Ruwan Abeykoon]

Hi Prakhash,

Adding query parameters to the current request has no effect as the
authenticator prompt is always a redirection. Adding a value into
redirection URL most probably exposes internal private data via URL.
However you can consider adding a cookie to the response as an alternative.

Here can you explain what "force the re authentication" means?

Cheers,
Ruwan

On Fri, Mar 15, 2019 at 9:11 AM Prakhash Sivakumar 
wrote:

> Hi Devs,
>
> I'm trying to assign a query parameter to the request during the
> authentication flow, but I couldn't find a reference on how to do this.
>
> function onLoginRequest(context) {
>  if (context.request.params.prompt != null &&
>context.request.params.prompt[0].equals("login")) {
>executeStep(1, {
>  authenticationOptions: [{authenticator: 'basicauth'}]
>}, {});
>  } else {
> *//assign the prompt value as login and send to the authenticator in the
> authentication flow*
>  }
> }
>
> In the above, I need to complete the commented else part in order to force
> the re authentication if the prompt value is missing. Is this possible OOB
> with adaptive scripts ?
>
> Thanks
> --
> Prakhash Sivakumar
> Senior Software Engineer | WSO2 Inc
> Platform Security Team
> Mobile : +94771510080
> Blog : https://medium.com/@PrakhashS
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>


-- 

*Ruwan Abeykoon*
*Associate Director/Architect**,*
*WSO2, Inc. http://wso2.com  *
*lean.enterprise.middleware.*
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] How to set query parameters in Adaptive Authentication

[Prakhash Sivakumar]

Hi Devs,

I'm trying to assign a query parameter to the request during the
authentication flow, but I couldn't find a reference on how to do this.

function onLoginRequest(context) {
 if (context.request.params.prompt != null &&
   context.request.params.prompt[0].equals("login")) {
   executeStep(1, {
 authenticationOptions: [{authenticator: 'basicauth'}]
   }, {});
 } else {
*//assign the prompt value as login and send to the authenticator in the
authentication flow*
 }
}

In the above, I need to complete the commented else part in order to force
the re authentication if the prompt value is missing. Is this possible OOB
with adaptive scripts ?

Thanks
-- 
Prakhash Sivakumar
Senior Software Engineer | WSO2 Inc
Platform Security Team
Mobile : +94771510080
Blog : https://medium.com/@PrakhashS
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] sFTP error - "cannot resolve replyFile "

[Sanjay Bawri]

Hi Srivathsan,

Thanks for your response. This was resolved.

Regards,
Sanjay

On Mon, Mar 11, 2019 at 3:38 PM Srivathsan Shanmuganathan <
srivath...@wso2.com> wrote:

> [Adding dev@wso2.org]
>
> On Mon, 11 Mar 2019, 18:53 Srivathsan Shanmuganathan  wrote:
>
>> Hi Sanjay,
>> May I know which version of WSO2 EI you are using?
>> As I have checked with EI 6.4.0 it seems to be working fine. Could you
>> please double check your sftp uri pattern? (If you are using any symbols
>> you can encode them and try)
>> It would be better if you could kindly share your proxy service and the
>> full logs so that we can assist you more.
>>
>> Thanks
>>
>> Regards,
>> Srivathsan S
>>
>> On Sun, Feb 24, 2019 at 10:22 PM Sanjay Bawri 
>> wrote:
>>
>>> Hi,
>>>
>>> I have a service (pasted at the end) that writes to an sFTP server. The
>>> service is pasted below. The service works fine when writing the file from
>>> an installation of WSO2 EI on local windows machine, however, the same
>>> service when deployed to linux throws the below error:
>>>
>>> *The Error:*
>>>
>>> ERROR {org.apache.synapse.transport.vfs.VFSTransportSender} -* cannot
>>> resolve replyFile 
>>> *org.apache.commons.vfs2.provider.sftp.SftpFileProvider.doCreateFileSystem(SftpFileProvider.java:86)
>>> org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.getFileSystem(AbstractOriginatingFileProvider.java:149)
>>> org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:111)
>>> org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:81)
>>> org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:778)
>>> org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:658)
>>> org.apache.synapse.transport.vfs.VFSTransportSender.writeFile(VFSTransportSender.java:233)
>>> org.apache.synapse.transport.vfs.VFSTransportSender.sendMessage(VFSTransportSender.java:194)
>>> org.apache.axis2.transport.base.AbstractTransportSender.invoke(AbstractTransportSender.java:112)
>>> org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
>>> org.apache.axis2.description.OutOnlyAxisOperationClient.executeImpl(OutOnlyAxisOperation.java:297)
>>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
>>> org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:595)
>>> org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:85)
>>> org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:547)
>>> org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:384)
>>> org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:65)
>>> org.apache.synapse.mediators.builtin.SendMediator.mediate(SendMediator.java:121)
>>> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
>>> org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
>>> org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
>>> org.apache.synapse.mediators.MediatorWorker.run(MediatorWorker.java:80)
>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>>> java.lang.Thread.run(Thread.java:748)
>>>
>>>
>>> *The service *(there is proxy service that call the below sequence
>>> actually, but the problem is just while writing the file to sFTP server,
>>> hence pasting just the sequence code):
>>>
>>> 
>>> >> onError="fault" xmlns="http://ws.apache.org/ns/synapse;>
>>> 
>>> 
>>> >> value="true"/>
>>> 
>>>
>>> 
>>> >> expression="get-property('SYSTEM_DATE',
>>> 'yyMMdd')"
>>> name="sdDate" scope="default" />
>>> >> expression="get-property('SYSTEM_DATE',
>>> 'HHmmss')"
>>> name="sdTime" scope="default" />
>>> >> expression="fn:concat(get-property('sdDate'),
>>> '_', get-property('ssTime'),'_MyFile.txt')"
>>> name="transport.vfs.ReplyFileName"
>>> scope="transport" />
>>> >> value="text/plain"/>
>>> 
>>> >> value="text/plain"/>
>>> >> value="text/plain"/>
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>>>
>>>
>>> Any guidance is appreciated.
>>>
>>>
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>
>>

Re: [Dev] Remove unused subscription throttle policies when creating Micro gw project

[Rukshan Premathunga]

On Thu, Mar 14, 2019 at 4:24 PM Nuwan Dias  wrote:

> Just thinking out loud, is there by any chance a possibility to run just 1
> forever for any number of policies? Even if that means a redesign of the
> policies?
>
Still, we don't know the logic behind the forever syntax. If it starts a
new thread with forever we can think a way to optimize the policies. Since
the policy file is not allowed to edit, we can include it to a single
ballerina file. But not sure it will affect the performance. Because when
it runs logic sequentially, it can introduce a delay to process the events.

>
> On Thu, Mar 14, 2019 at 3:48 PM Rajith Roshan  wrote:
>
>>
>>
>> On Thu, Mar 14, 2019 at 3:21 PM Nuwan Dias  wrote:
>>
>>>
>>>
>>> On Thu, Mar 14, 2019 at 3:20 PM Rajith Roshan  wrote:
>>>


 On Thu, Mar 14, 2019 at 2:32 PM Nuwan Dias  wrote:

> What about the developer first approach? In that case we pre load the
> default policies to the gateway anyway since there is no indication of an
> API being associated to a subs throttling policy.
>
 I wonder in current implementation also how these subscription policies
 are used. Since with developer first approach any way are not using oauth2
 , I assume we are not using any of the subscription policies , @Arshardh
 Ifthikar  please correct me if I am wrong

>>>
>>> I believe we honor the tier that comes along with the JWT (if it does).
>>>
>> Yes,  For developer first approach we can ship the by default available
>> policies. In the other approach we can limit the policies we are adding to
>> micro gw. Because in APIM side there can be many subscription policies but
>> not used in APIs which is exposed via micro-gw
>>
>>>
> On Thu, Mar 14, 2019 at 2:23 PM Rajith Roshan 
> wrote:
>
>> Hi all,
>> Currently in microgateway(MGW) when we create the project directory
>> we fetch all the subscription and application policies and we generate 
>> the
>> source for each policy. In each policy there is ever running loop
>> (forever), in back ground to update the throttle counters. But the issue
>> some of the subscription policies(tiers) might not be used in any of the
>> APIS in MGW and these not used policies running in the background might 
>> be
>> consuming some CPU cycles
>>
>> So we thought of filter out the subscription policies(tiers) which
>> are attached to any of the APIs exposed via MGW.
>> For ex if API Foo is attach with policy 100PerMin and API Bar is
>> attached with policies 75PerMin and 50PerMin , then if we are only 
>> exposing
>> API "Foo" and "Bar" from MGW we will only create source files for those
>> subscription policies only, even though there are many subscription
>> policies defined in the admin portal of APIM.
>> Do you find any issues with this approach
>>
>> --
>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>>
>> 
>>
>
>
> --
> *Nuwan Dias* | Director | WSO2 Inc.
> (m) +94 777 775 729 | (e) nuw...@wso2.com
> [image: Signature.jpg]
>


 --
 *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
 (m) +94-717-064-214 |  (e) raji...@wso2.com 

 

>>>
>>>
>>> --
>>> *Nuwan Dias* | Director | WSO2 Inc.
>>> (m) +94 777 775 729 | (e) nuw...@wso2.com
>>> [image: Signature.jpg]
>>>
>>
>>
>> --
>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>>
>> 
>>
>
>
> --
> *Nuwan Dias* | Director | WSO2 Inc.
> (m) +94 777 775 729 | (e) nuw...@wso2.com
> [image: Signature.jpg]
>


-- 
Rukshan Chathuranga.
WSO2, Inc.
+94711822074
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Remove unused subscription throttle policies when creating Micro gw project

[Nuwan Dias]

Just thinking out loud, is there by any chance a possibility to run just 1
forever for any number of policies? Even if that means a redesign of the
policies?

On Thu, Mar 14, 2019 at 3:48 PM Rajith Roshan  wrote:

>
>
> On Thu, Mar 14, 2019 at 3:21 PM Nuwan Dias  wrote:
>
>>
>>
>> On Thu, Mar 14, 2019 at 3:20 PM Rajith Roshan  wrote:
>>
>>>
>>>
>>> On Thu, Mar 14, 2019 at 2:32 PM Nuwan Dias  wrote:
>>>
 What about the developer first approach? In that case we pre load the
 default policies to the gateway anyway since there is no indication of an
 API being associated to a subs throttling policy.

>>> I wonder in current implementation also how these subscription policies
>>> are used. Since with developer first approach any way are not using oauth2
>>> , I assume we are not using any of the subscription policies , @Arshardh
>>> Ifthikar  please correct me if I am wrong
>>>
>>
>> I believe we honor the tier that comes along with the JWT (if it does).
>>
> Yes,  For developer first approach we can ship the by default available
> policies. In the other approach we can limit the policies we are adding to
> micro gw. Because in APIM side there can be many subscription policies but
> not used in APIs which is exposed via micro-gw
>
>>
 On Thu, Mar 14, 2019 at 2:23 PM Rajith Roshan  wrote:

> Hi all,
> Currently in microgateway(MGW) when we create the project directory we
> fetch all the subscription and application policies and we generate the
> source for each policy. In each policy there is ever running loop
> (forever), in back ground to update the throttle counters. But the issue
> some of the subscription policies(tiers) might not be used in any of the
> APIS in MGW and these not used policies running in the background might be
> consuming some CPU cycles
>
> So we thought of filter out the subscription policies(tiers) which are
> attached to any of the APIs exposed via MGW.
> For ex if API Foo is attach with policy 100PerMin and API Bar is
> attached with policies 75PerMin and 50PerMin , then if we are only 
> exposing
> API "Foo" and "Bar" from MGW we will only create source files for those
> subscription policies only, even though there are many subscription
> policies defined in the admin portal of APIM.
> Do you find any issues with this approach
>
> --
> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>
> 
>


 --
 *Nuwan Dias* | Director | WSO2 Inc.
 (m) +94 777 775 729 | (e) nuw...@wso2.com
 [image: Signature.jpg]

>>>
>>>
>>> --
>>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>>> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>>>
>>> 
>>>
>>
>>
>> --
>> *Nuwan Dias* | Director | WSO2 Inc.
>> (m) +94 777 775 729 | (e) nuw...@wso2.com
>> [image: Signature.jpg]
>>
>
>
> --
> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>
> 
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Remove unused subscription throttle policies when creating Micro gw project

[Rajith Roshan]

On Thu, Mar 14, 2019 at 3:21 PM Nuwan Dias  wrote:

>
>
> On Thu, Mar 14, 2019 at 3:20 PM Rajith Roshan  wrote:
>
>>
>>
>> On Thu, Mar 14, 2019 at 2:32 PM Nuwan Dias  wrote:
>>
>>> What about the developer first approach? In that case we pre load the
>>> default policies to the gateway anyway since there is no indication of an
>>> API being associated to a subs throttling policy.
>>>
>> I wonder in current implementation also how these subscription policies
>> are used. Since with developer first approach any way are not using oauth2
>> , I assume we are not using any of the subscription policies , @Arshardh
>> Ifthikar  please correct me if I am wrong
>>
>
> I believe we honor the tier that comes along with the JWT (if it does).
>
Yes,  For developer first approach we can ship the by default available
policies. In the other approach we can limit the policies we are adding to
micro gw. Because in APIM side there can be many subscription policies but
not used in APIs which is exposed via micro-gw

>
>>> On Thu, Mar 14, 2019 at 2:23 PM Rajith Roshan  wrote:
>>>
 Hi all,
 Currently in microgateway(MGW) when we create the project directory we
 fetch all the subscription and application policies and we generate the
 source for each policy. In each policy there is ever running loop
 (forever), in back ground to update the throttle counters. But the issue
 some of the subscription policies(tiers) might not be used in any of the
 APIS in MGW and these not used policies running in the background might be
 consuming some CPU cycles

 So we thought of filter out the subscription policies(tiers) which are
 attached to any of the APIs exposed via MGW.
 For ex if API Foo is attach with policy 100PerMin and API Bar is
 attached with policies 75PerMin and 50PerMin , then if we are only exposing
 API "Foo" and "Bar" from MGW we will only create source files for those
 subscription policies only, even though there are many subscription
 policies defined in the admin portal of APIM.
 Do you find any issues with this approach

 --
 *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
 (m) +94-717-064-214 |  (e) raji...@wso2.com 

 

>>>
>>>
>>> --
>>> *Nuwan Dias* | Director | WSO2 Inc.
>>> (m) +94 777 775 729 | (e) nuw...@wso2.com
>>> [image: Signature.jpg]
>>>
>>
>>
>> --
>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>>
>> 
>>
>
>
> --
> *Nuwan Dias* | Director | WSO2 Inc.
> (m) +94 777 775 729 | (e) nuw...@wso2.com
> [image: Signature.jpg]
>


-- 
*Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
(m) +94-717-064-214 |  (e) raji...@wso2.com 


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] ISSUE with load on analytics worker

[Bernard Paris]

We have 2 remote ESB EI 6.4.0 instances in a cluster sending datas to analytics 
worker.
Here is what I can reproduce

>  start Analytics worker (EI package 6.4.0) with options  -Xms6G -Xmx6G
I tested the worker with both java versions "1.8.0_162"  and Java(TM) SE 
Runtime Environment (build 1.8.0_192-ea-b02)

>  first I send some very low data trafic  to ESBs …  analytics CPU load keeps 
> very low  -> ok

> (repeat this 4 or 5 times) sending some more datas to EI-6.4.0 ESBs;  
> analytics CPU load grows to 100% when receiving datas from ESBs then go back 
> to very low when the trafic is stopped  —> pretty good

Running jstat with interval 60s:

Timestamp S0 S1 E  O  M CCSYGC YGCTFGC  
  FGCT GCT
   36.8 100.00   0.00  31.50   5.00  88.04  80.26  40.648 3 
   0.3060.955
   96.9 100.00   0.00  38.30   5.00  88.04  80.26  40.648 3 
   0.3060.955
  156.9 100.00   0.00  40.12   5.00  88.04  80.26  40.648 3 
   0.3060.955


> now sending lot of trafic to EI-6.4.0
>  analytics CPU load grows to 100%
>  works ok for some minutes
>  then problems are coming:  first, the drift connection is lost on both EI 
> ESB (the worker no more responding)

[2019-03-14 10:47:35,457] [-1] [] 
[DataBridge-ReconnectionService-pool-5-thread-1]  WARN 
{org.wso2.carbon.databridge.agent.endpoint.DataEndpointGroup} -  No receiver is 
reachable at reconnection, will try to reconnect every 30 sec
[2019-03-14 10:48:58,795] [-1] [] 
[DataBridge-tcp://10.1.3.12:7612-pool-7-thread-1] ERROR 
{org.wso2.carbon.databridge.agent.endpoint.DataEndpoint} -  Unable to send 
events to the endpoint.
org.wso2.carbon.databridge.agent.exception.DataEndpointException: Cannot send 
Events
at 
org.wso2.carbon.databridge.agent.endpoint.thrift.ThriftDataEndpoint.send(ThriftDataEndpoint.java:88)
at 
org.wso2.carbon.databridge.agent.endpoint.DataEndpoint$EventPublisher.publish(DataEndpoint.java:314)



> I stop the trafic to  EI-6.4.0, analytics CPU load  do NOT decrease anymore, 
> it stays around 100%

[cid:ACBD3C07-86BE-48B2-B648-3DAF9DB58DCF]

> ESB cannot reconnect anymore to the worker

[2019-03-14 11:14:06,337] [-1] [] 
[DataBridge-ReconnectionService-pool-5-thread-1]  WARN 
{org.wso2.carbon.databridge.agent.endpoint.DataEndpointGroup} -  No receiver is 
reachable at reconnection, will try to reconnect every 30 sec
[2019-03-14 11:14:36,384] [-1] [] 
[DataBridge-tcp://10.1.3.12:7612-pool-7-thread-1] ERROR 
{org.wso2.carbon.databridge.agent.endpoint.DataEndpoint} -  Unable to send 
events to the endpoint.
org.wso2.carbon.databridge.agent.exception.DataEndpointException: Cannot send 
Events
at 
org.wso2.carbon.databridge.agent.endpoint.thrift.ThriftDataEndpoint.send(ThriftDataEndpoint.java:88)
at 
org.wso2.carbon.databridge.agent.endpoint.DataEndpoint$EventPublisher.publish(DataEndpoint.java:314)
at 
org.wso2.carbon.databridge.agent.endpoint.DataEndpoint$EventPublisher.run(DataEndpoint.java:272)
at java.lang.Thread.run(Thread.java:748)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.thrift.transport.TTransportException: 
java.net.SocketTimeoutException: Read timed out




In this ugling state  jstat with interval 60s gives

Timestamp S0 S1 E  O  M CCSYGC YGCTFGC  
  FGCT GCT
 4837.0   0.00   9.22  10.78  45.72  88.60  80.09 27   10.479 3 
   0.306   10.785
 4897.0   0.00   9.22  37.64  45.72  88.60  80.09 27   10.479 3 
   0.306   10.785
 4957.0   0.00   9.22  59.97  45.72  88.60  80.09 27   10.479 3 
   0.306   10.785
 5017.0   0.00   9.22  85.25  45.72  88.60  80.09 27   10.479 3 
   0.306   10.785
 5077.0   9.60   0.00   9.03  47.27  88.65  80.09 28   10.728 3 
   0.306   11.034
 5137.0   9.60   0.00  32.90  47.27  88.65  80.09 28   10.728 3 
   0.306   11.034
 5197.0   9.60   0.00  55.66  47.27  88.65  80.09 28   10.728 3 
   0.306   11.034
 5257.0   9.60   0.00  76.92  47.27  88.65  80.09 28   10.728 3 
   0.306   11.034

Reading this JSTAT information I understand the GC is not working so much that 
it could explain the 100% CPU load.
The drift connections from both ESB keep lost, BUT the interface at 
https://worker_host:7443/stores/query'keeps responding (slow but it is 
responding)


Bernard


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Remove unused subscription throttle policies when creating Micro gw project

[Pubudu Gunatilaka]

On Thu, Mar 14, 2019 at 3:21 PM Nuwan Dias  wrote:

>
>
> On Thu, Mar 14, 2019 at 3:20 PM Rajith Roshan  wrote:
>
>>
>>
>> On Thu, Mar 14, 2019 at 2:32 PM Nuwan Dias  wrote:
>>
>>> What about the developer first approach? In that case we pre load the
>>> default policies to the gateway anyway since there is no indication of an
>>> API being associated to a subs throttling policy.
>>>
>> I wonder in current implementation also how these subscription policies
>> are used. Since with developer first approach any way are not using oauth2
>> , I assume we are not using any of the subscription policies , @Arshardh
>> Ifthikar  please correct me if I am wrong
>>
>
> I believe we honor the tier that comes along with the JWT (if it does).
>

I guess we can't handle any newly created tiers in this case.

-- 
*Pubudu Gunatilaka*
Committer and PMC Member - Apache Stratos
Associate Technical Lead
WSO2, Inc.: http://wso2.com
mobile : +94774078049 <%2B94772207163>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Remove unused subscription throttle policies when creating Micro gw project

[Nuwan Dias]

On Thu, Mar 14, 2019 at 3:20 PM Rajith Roshan  wrote:

>
>
> On Thu, Mar 14, 2019 at 2:32 PM Nuwan Dias  wrote:
>
>> What about the developer first approach? In that case we pre load the
>> default policies to the gateway anyway since there is no indication of an
>> API being associated to a subs throttling policy.
>>
> I wonder in current implementation also how these subscription policies
> are used. Since with developer first approach any way are not using oauth2
> , I assume we are not using any of the subscription policies , @Arshardh
> Ifthikar  please correct me if I am wrong
>

I believe we honor the tier that comes along with the JWT (if it does).

>
>> On Thu, Mar 14, 2019 at 2:23 PM Rajith Roshan  wrote:
>>
>>> Hi all,
>>> Currently in microgateway(MGW) when we create the project directory we
>>> fetch all the subscription and application policies and we generate the
>>> source for each policy. In each policy there is ever running loop
>>> (forever), in back ground to update the throttle counters. But the issue
>>> some of the subscription policies(tiers) might not be used in any of the
>>> APIS in MGW and these not used policies running in the background might be
>>> consuming some CPU cycles
>>>
>>> So we thought of filter out the subscription policies(tiers) which are
>>> attached to any of the APIs exposed via MGW.
>>> For ex if API Foo is attach with policy 100PerMin and API Bar is
>>> attached with policies 75PerMin and 50PerMin , then if we are only exposing
>>> API "Foo" and "Bar" from MGW we will only create source files for those
>>> subscription policies only, even though there are many subscription
>>> policies defined in the admin portal of APIM.
>>> Do you find any issues with this approach
>>>
>>> --
>>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>>> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>>>
>>> 
>>>
>>
>>
>> --
>> *Nuwan Dias* | Director | WSO2 Inc.
>> (m) +94 777 775 729 | (e) nuw...@wso2.com
>> [image: Signature.jpg]
>>
>
>
> --
> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>
> 
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Remove unused subscription throttle policies when creating Micro gw project

[Rajith Roshan]

On Thu, Mar 14, 2019 at 2:32 PM Nuwan Dias  wrote:

> What about the developer first approach? In that case we pre load the
> default policies to the gateway anyway since there is no indication of an
> API being associated to a subs throttling policy.
>
I wonder in current implementation also how these subscription policies are
used. Since with developer first approach any way are not using oauth2 , I
assume we are not using any of the subscription policies , @Arshardh
Ifthikar  please correct me if I am wrong

>
> On Thu, Mar 14, 2019 at 2:23 PM Rajith Roshan  wrote:
>
>> Hi all,
>> Currently in microgateway(MGW) when we create the project directory we
>> fetch all the subscription and application policies and we generate the
>> source for each policy. In each policy there is ever running loop
>> (forever), in back ground to update the throttle counters. But the issue
>> some of the subscription policies(tiers) might not be used in any of the
>> APIS in MGW and these not used policies running in the background might be
>> consuming some CPU cycles
>>
>> So we thought of filter out the subscription policies(tiers) which are
>> attached to any of the APIs exposed via MGW.
>> For ex if API Foo is attach with policy 100PerMin and API Bar is attached
>> with policies 75PerMin and 50PerMin , then if we are only exposing API
>> "Foo" and "Bar" from MGW we will only create source files for those
>> subscription policies only, even though there are many subscription
>> policies defined in the admin portal of APIM.
>> Do you find any issues with this approach
>>
>> --
>> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
>> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>>
>> 
>>
>
>
> --
> *Nuwan Dias* | Director | WSO2 Inc.
> (m) +94 777 775 729 | (e) nuw...@wso2.com
> [image: Signature.jpg]
>


-- 
*Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
(m) +94-717-064-214 |  (e) raji...@wso2.com 


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Remove unused subscription throttle policies when creating Micro gw project

[Rukshan Premathunga]

On Thu, Mar 14, 2019 at 2:23 PM Rajith Roshan  wrote:

> Hi all,
> Currently in microgateway(MGW) when we create the project directory we
> fetch all the subscription and application policies and we generate the
> source for each policy. In each policy there is ever running loop
> (forever), in back ground to update the throttle counters. But the issue
> some of the subscription policies(tiers) might not be used in any of the
> APIS in MGW and these not used policies running in the background might be
> consuming some CPU cycles
>
> So we thought of filter out the subscription policies(tiers) which are
> attached to any of the APIs exposed via MGW.
> For ex if API Foo is attach with policy 100PerMin and API Bar is attached
> with policies 75PerMin and 50PerMin , then if we are only exposing API
> "Foo" and "Bar" from MGW we will only create source files for those
> subscription policies only, even though there are many subscription
> policies defined in the admin portal of APIM.
> Do you find any issues with this approach
>
We will able to filter some subscription policies with this approach. But
it will not be possible for application policies. But in case of API is
updated and changed the subscription policies it is required to build the
MG again.

>
> --
> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>
> 
>


-- 
Rukshan Chathuranga.
WSO2, Inc.
+94711822074
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Remove unused subscription throttle policies when creating Micro gw project

[Nuwan Dias]

What about the developer first approach? In that case we pre load the
default policies to the gateway anyway since there is no indication of an
API being associated to a subs throttling policy.

On Thu, Mar 14, 2019 at 2:23 PM Rajith Roshan  wrote:

> Hi all,
> Currently in microgateway(MGW) when we create the project directory we
> fetch all the subscription and application policies and we generate the
> source for each policy. In each policy there is ever running loop
> (forever), in back ground to update the throttle counters. But the issue
> some of the subscription policies(tiers) might not be used in any of the
> APIS in MGW and these not used policies running in the background might be
> consuming some CPU cycles
>
> So we thought of filter out the subscription policies(tiers) which are
> attached to any of the APIs exposed via MGW.
> For ex if API Foo is attach with policy 100PerMin and API Bar is attached
> with policies 75PerMin and 50PerMin , then if we are only exposing API
> "Foo" and "Bar" from MGW we will only create source files for those
> subscription policies only, even though there are many subscription
> policies defined in the admin portal of APIM.
> Do you find any issues with this approach
>
> --
> *Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
> (m) +94-717-064-214 |  (e) raji...@wso2.com 
>
> 
>


-- 
*Nuwan Dias* | Director | WSO2 Inc.
(m) +94 777 775 729 | (e) nuw...@wso2.com
[image: Signature.jpg]
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Remove unused subscription throttle policies when creating Micro gw project

[Rajith Roshan]

Hi all,
Currently in microgateway(MGW) when we create the project directory we
fetch all the subscription and application policies and we generate the
source for each policy. In each policy there is ever running loop
(forever), in back ground to update the throttle counters. But the issue
some of the subscription policies(tiers) might not be used in any of the
APIS in MGW and these not used policies running in the background might be
consuming some CPU cycles

So we thought of filter out the subscription policies(tiers) which are
attached to any of the APIs exposed via MGW.
For ex if API Foo is attach with policy 100PerMin and API Bar is attached
with policies 75PerMin and 50PerMin , then if we are only exposing API
"Foo" and "Bar" from MGW we will only create source files for those
subscription policies only, even though there are many subscription
policies defined in the admin portal of APIM.
Do you find any issues with this approach

-- 
*Rajith Roshan* | Associate Technical Lead | WSO2 Inc.
(m) +94-717-064-214 |  (e) raji...@wso2.com 


___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev