Re: [Dev] Supporting OpenJDK for running WSO2 products.

[Thusitha Thilina Dayaratne]

Hi Abimaran,

AFAIK, we are supporting OpenJDK as well from C5[1] onwards.
[1] - https://docs.wso2.com/display/Carbon500/Installation+Prerequisites

Thanks


On Sat, Jul 9, 2016 at 8:46 AM, Abimaran Kugathasan 
wrote:

> Hi All,
>
>
> Why we don't recommend Open JDK?
>
> I searched, but, couldn't find a reason for that? Is that because of any
> Legal/License issues?
>
> --
> Thanks
> Abimaran Kugathasan
> Senior Software Engineer
>
> Email : abima...@wso2.com
> Mobile : +94 773922820
>
> 
> 
>   
> 
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thusitha Dayaratne
Software Engineer
WSO2 Inc. - lean . enterprise . middleware |  wso2.com

Mobile  +94712756809
Blog  alokayasoya.blogspot.com
Abouthttp://about.me/thusithathilina
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Supporting OpenJDK for running WSO2 products.

[Chanaka Cooray]

Hi Abimaran,

You can find a better answer in[1]. And in the comments of that post, they
have pointed out some of the issues they are facing with the openJDK.

[1] *http://stackoverflow.com/a/22558837
*

Thanks,
Chanaka.

On Sat, Jul 9, 2016 at 8:46 AM, Abimaran Kugathasan 
wrote:

> Hi All,
>
>
> Why we don't recommend Open JDK?
>
> I searched, but, couldn't find a reason for that? Is that because of any
> Legal/License issues?
>
> --
> Thanks
> Abimaran Kugathasan
> Senior Software Engineer
>
> Email : abima...@wso2.com
> Mobile : +94 773922820
>
> 
> 
>   
> 
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Chanaka Cooray
Software Engineer, WSO2 Inc. http://wso2.com
Email: chana...@wso2.com
Mobile: +94713149860
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Supporting OpenJDK for running WSO2 products.

[Abimaran Kugathasan]

Hi All,


Why we don't recommend Open JDK?

I searched, but, couldn't find a reason for that? Is that because of any
Legal/License issues?

-- 
Thanks
Abimaran Kugathasan
Senior Software Engineer

Email : abima...@wso2.com
Mobile : +94 773922820


  
  
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [App Cloud] "When createAppInDataBase failed, adding addAppCreationEvent also getting failed"

[Amalka Subasinghe]

Hi,

In our app creation logic, we have number of steps and when each step
failed/succeeded, we add a event to a event table.

We found a situation, where the createAppInDataBase step failed, then the
addAppCreationEvent also getting failed.
That's because, in createAppInDataBase we add application and version data
to the database and then in addAppCreationEvent we query the AC_VERSION
table to get the application version.

How we fix this issue? although the createAppInDataBase step failed,
addAppCreationEvent cannot be failed.

[1] https://wso2.org/jira/browse/APPCLOUD-206

Thanks
Amalka
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [VOTE] Release WSO2 MSF4J 2.0.0 RC1

[Thusitha Thilina Dayaratne]

Hi Devs,

This is the 1st Release Candidate of WSO2 MSF4J(Microservices Framework for
Java) 2.0.0.

Please download, test the framework and vote. Vote will be open for 72
hours or as needed.
Refer to github readmes for guides.

*​Source and binary distribution files:*
https://github.com/wso2/msf4j/releases/tag/v2.0.0-rc1

*Maven staging repository:*
http://maven.wso2.org/nexus/content/repositories/orgwso2msf4j-1000/

*The tag to be voted upon:*
https://github.com/wso2/msf4j/tree/v2.0.0-rc1



[ ] Broken - do not release (explain why)
[ ] Stable - go ahead and release

Thank you,
AS/Carbon Team

-- 
Thusitha Dayaratne
Software Engineer
WSO2 Inc. - lean . enterprise . middleware |  wso2.com

Mobile  +94712756809
Blog  alokayasoya.blogspot.com
Abouthttp://about.me/thusithathilina
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [DEV] [DAS] Navigation in Dashboards

[Chamila De Alwis]

Hi,

While woring with DAS 3.1.0-SNAPSHOT I found the below irregularity. If the
trailing slash is missing in the URL, page navigation in the dashboard
produces a 404.


   1. Create a dashboard (dashboard-1)
   2. Create several pages (page-1, page-2..)
   3. Navigate to the dashboard
(*https://localhost:9443/portal/dashboards/dashboard-1
   *) without the
   trailing slash
   4. Click on a page in the navigation tab on the left
   5. A 404 is produced with a url
*https://localhost:9443/portal/dashboards/page-1
   *

It seems the page URL is replaced up to the first index of "/".

Regards,
Chamila de Alwis
Committer and PMC Member - Apache Stratos
Software Engineer | WSO2 | +94772207163
Blog: code.chamiladealwis.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] WSO2 App Manager 1.2.0-Beta2 Released!

[Lahiru Cooray]

*WSO2 App Manager 1.2.0-Beta2 Released!*


WSO2 App Manager team is pleased to announce WSO2 App Manager 1.2.0-BETA2
release. Download distribution here
.
This release comes with following new features, improvements and bug fixes.

New Features
[APPM-1442]  - New asset type -
Sites.
[APPM-1443]  - Configurable
subscription options for Web App and Sites asset types.
[APPM-1444]  - Multiple version
support for Web App and Sites  asset types.
[APPM-1446]  - Java APIs for all
key App Manager functionalities that need to be integrated with device
management functionalities.
[APPM-1445]  - Role based
visibility control for mobile apps
[APPM-1441]  - Redesign product
REST APIs with JAX-RS implementation and secure with OAuth
[APPM-1447]  - Business Owner
concept implementation
[APPM-1493]  - Supporting custom
fields to be added in publisher UI and new REST APIs
[APPM-1492]  - One time download
link support for mobile apps
Improvements
[APPM-1437]  - Navigation
improvement to Store
[APPM-1440]  - New theme for store
UI
Tasks
[APPM-1438]  - Responsive store UI
by Boostrap3 upgrade
[APPM-1530]  - Kernal version
upgrade to 4.4.7
[SECINTDEV-48]  - Security
Scan Reports and fixes

Bug Fixes
WSO2 App Manager 1.2.0-beta2 resolved issues





Reporting Problems
Issues can be reported through public JIRA
 project assigned to WSO2 AppM.


Thanks,
App Manager team

-- 
*Lahiru Cooray*
Software Engineer
WSO2, Inc.;http://wso2.com/
lean.enterprise.middleware

Mobile: +94 715 654154
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [Architecture] WSO2 Identity Server 5.3.0 Milestone 3 Released..!!

[Thanuja Jayasinghe]

*WSO2 Identity Server 5.3.0 Milestone 3 Released..!!*


The WSO2 Identity Server team is pleased to announce the 3rd Milestone of
WSO2 Identity Server 5.3.0. You can download this distribution from
https://github.com/wso2/product-is/releases/tag/v5.3.0-m3

Following list contains all features, improvements and bug fixes available
with this milestone.
New Feature

   - [IDENTITY-2972 ] -
   Improvements to Identity Management Feature
   - [IDENTITY-3486 ] - New
   claim management feature
   - [IDENTITY-4686 ] - Consume
   the new Rest APIs in IS 5.3.0 for Identity Management scenarios in IS user
   portal
   - [IDENTITY-4756 ] -
   Implement User Self Registration Rest APIs
   - [IDENTITY-4795 ] -
   Improvements in handling incorrect login attempts

Task

   - [IDENTITY-4691 ] -
   Removing jars/wars from features in the pack
   - [IDENTITY-4692 ] - Reduce
   account-recovery webapp size

Sub-task

   - [IDENTITY-2087 ] -
   Password History
   - [IDENTITY-2979 ] - Provide
   a REST endpoint that for Identity Management operations
   - [IDENTITY-3111 ] - Resend
   email for Self Sign-Up - REST API
   - [IDENTITY-3591 ] - User
   challenge question internationalization
   - [IDENTITY-4755 ] - Block
   brute force attacks on password resets



*How To Contribute*
Your feedback are most welcome! Mailing ListsJoin our mailing list and
correspond with the developers directly.

   - Developer List : dev@wso2.org | Subscribe  | Mail
   Archive 
   - User forum : StackOverflow
   

Reporting Issues
We encourage you to report issues, improvements and feature requests
regarding WSO2 Identity Server through public WSO2 Identity Server JIRA
https://wso2.org/jira/browse/IDENTITY


~ The WSO2 Identity Server Team ~

-- 
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] "Error 403 - Forbidden" when session expires in admin console

[Ayoma Wijethunga]

Hi Team,

We identified that disabling "ValidateWhenNoSessionExists" property similar
to following can resolve original session-timeout issue raised by Hasintha.

org.owasp.csrfguard.ValidateWhenNoSessionExists = false


Please add below lines in product "distribution" pom file to correct this
behavior. This was further updated in [1] and [2] (Integration Checklist).


>
> > file="target/wso2carbon-core-${carbon.kernel.version}/repository/conf/security/Owasp.CsrfGuard.Carbon.properties"
>> token="org.owasp.csrfguard.ValidateWhenNoSessionExists = true"
>> value="org.owasp.csrfguard.ValidateWhenNoSessionExists = false"/>
>
>
[1]
https://docs.google.com/document/d/1LV23-hD7q1BjsruUdvM5dO4j7pIuUpzR_EYLmdfOo6k/edit
[2]
https://docs.google.com/document/d/1A1T-t6IjIaxunjlSyjsGuKSC-x9xl3kilNCTpZVy-EM/edit#

Thank you,
Ayoma.

On Fri, Jul 8, 2016 at 6:35 PM, Dulanja Liyanage  wrote:

>
>
> On Thu, Jul 7, 2016 at 4:53 PM, Ayoma Wijethunga  wrote:
>
>> Hi All,
>>
>> Original issue reported by Hasintha is relevant to how we handle session
>> timeout conditions with CSRFGuard filter. We are working on this and will
>> update with a resolution.
>>
>
> The reason for this behavior is there's no session-existence check prior
> to the form POST. Before CSRFGuard this was not a problem, because, upon a
> failure due to session timeout one of the following would have happened:
>
>1. in the case of an ajaxprocessor - Request would be propagated to
>the respective admin service, and upon its session non-existence exception,
>will be redirected to the login page.
>2. in the case of a non-ajaxprocessor - CarbonSecuredHttpContext will
>redirect to the login page before hitting the actual jsp/servlet.
>
> Since CSRFGuard is a filter, it intercepts before either of the above
> happen and sends a 403 forbidden - because that's what it's supposed to do.
>
> There's a platform level javascript function called sessionAwareFunction
> (in main.js) that can be used for this. Registry Browser uses that. We have
> to send the actual operation we want to do as a callback function to
> sessionAwareFunction. It will initially do a session validity check
> via /carbon/admin/jsp/session-validate.jsp and then execute what we want to
> do.
>
> We tried to come up with a centralized solution for this, but failed.
> Therefore, this need to be fixed at product-level.
>
> Please let us know if you see a better solution for this.
>
>
>> In general CSRFGuard should work without any per-page modifications,
>> since we are using JavaScript based attribute injection and header based
>> protection for AJAX requests. However, there might be special cases in
>> which these methodologies fail. Such incidences should be handled
>> case-by-case and we will be adding all the special cases we identified in
>> to the "Integration Checklist" of [1].
>>
>> We had a short offline session with Shavantha on the issue he is facing
>> and identified that there are methods that use "
>> *document.createElement('form')*" JavaScript call to build forms
>> dynamically. Since CSRFGuard JavaScript will not be able to identify such
>> forms, it is necessary to add CSRF token manually. Please see the
>> screenshot attached which is the page source of [2]. In such situations it
>> is required to use JSP Taglib to add CSRF token as an additional parameter.
>> Please follow [1] for additional details.
>>
>> We can of cause arrange quick sessions with teams to check on any
>> edge-case issues they are facing, relevant to CSRFGuard.
>>
>> [1]
>> https://docs.google.com/document/d/1LV23-hD7q1BjsruUdvM5dO4j7pIuUpzR_EYLmdfOo6k/edit#heading=h.xqvmgi6xtm6f
>> [2]
>> https://localhost:9443/t/tenant.com/carbon/user/edit-user-roles.jsp?username=ADDOMAIN%2FAdministrator699=ADDOMAIN%2FAdministrator699
>>
>> Best Regards,
>> Ayoma.
>>
>> On Thu, Jul 7, 2016 at 11:35 AM, Shavantha Weerasinghe <
>> shavan...@wso2.com> wrote:
>>
>>> [+Dulanjan]
>>>
>>> Hi All
>>>
>>> When trying to add multiple roles to a user using a feature such as *Select
>>> all from page 1 to page 3* or clicking on a pagination number the same
>>> error comes and throws an error similar to[1]
>>>
>>> [1]
>>> [2016-07-07 11:34:37,139]  WARN - JavaLogger potential cross-site
>>> request forgery (CSRF) attack thwarted (user:, ip:127.0.0.1,
>>> method:POST, uri:/t/tenant.com/carbon/user/view-roles.jsp,
>>> error:required token is missing from the request)
>>>
>>>
>>> Regards,
>>> Shavantha Weerasinghe
>>> Senior Software Engineer QA
>>> WSO2, Inc.
>>> lean.enterprise.middleware.
>>> http://wso2.com
>>> http://wso2.org
>>> Tel : 94 11 214 5345
>>> Fax :94 11 2145300
>>>
>>>
>>> On Wed, Jul 6, 2016 at 4:10 PM, Hasintha Indrajee 
>>> wrote:
>>>
 Hi all,

 When trying to perform operations through admin console, once the
 session is expired we are getting a 403 from admin console. Seems like this
 occurs due to CSRF filter blocking the 

Re: [Dev] "Error 403 - Forbidden" when session expires in admin console

[Pubudu Priyashan]

Thanks Jagath. We will test the fix once it's made available.

Cheers,
Pubudu.

On Friday, 8 July 2016, Jagath Sisirakumara Ariyarathne 
wrote:

> Hi Pubudu,
>
> On Fri, Jul 8, 2016 at 5:29 PM, Pubudu Priyashan  > wrote:
>
>> [+Senduran]
>>
>> We have found the same issue [1] in ESB wso2esb-5.0.0-pre-RC2.zip pack.
>>
>> [1] https://wso2.org/jira/browse/ESBJAVA-4741
>>
>
> This issue has been fixed by applying required filters in property file.
> We will update the JIRA.
>
> Thanks.
>
> On Fri, Jul 8, 2016 at 6:35 PM, Dulanja Liyanage  > wrote:
>
>>
>>
>> On Thu, Jul 7, 2016 at 4:53 PM, Ayoma Wijethunga > > wrote:
>>
>>> Hi All,
>>>
>>> Original issue reported by Hasintha is relevant to how we handle session
>>> timeout conditions with CSRFGuard filter. We are working on this and will
>>> update with a resolution.
>>>
>>
>> The reason for this behavior is there's no session-existence check prior
>> to the form POST. Before CSRFGuard this was not a problem, because, upon a
>> failure due to session timeout one of the following would have happened:
>>
>>1. in the case of an ajaxprocessor - Request would be propagated to
>>the respective admin service, and upon its session non-existence 
>> exception,
>>will be redirected to the login page.
>>2. in the case of a non-ajaxprocessor - CarbonSecuredHttpContext will
>>redirect to the login page before hitting the actual jsp/servlet.
>>
>> Since CSRFGuard is a filter, it intercepts before either of the above
>> happen and sends a 403 forbidden - because that's what it's supposed to do.
>>
>> There's a platform level javascript function called sessionAwareFunction
>> (in main.js) that can be used for this. Registry Browser uses that. We have
>> to send the actual operation we want to do as a callback function to
>> sessionAwareFunction. It will initially do a session validity check
>> via /carbon/admin/jsp/session-validate.jsp and then execute what we want to
>> do.
>>
>> We tried to come up with a centralized solution for this, but failed.
>> Therefore, this need to be fixed at product-level.
>>
>> Please let us know if you see a better solution for this.
>>
>>
>>> In general CSRFGuard should work without any per-page modifications,
>>> since we are using JavaScript based attribute injection and header based
>>> protection for AJAX requests. However, there might be special cases in
>>> which these methodologies fail. Such incidences should be handled
>>> case-by-case and we will be adding all the special cases we identified in
>>> to the "Integration Checklist" of [1].
>>>
>>> We had a short offline session with Shavantha on the issue he is facing
>>> and identified that there are methods that use "
>>> *document.createElement('form')*" JavaScript call to build forms
>>> dynamically. Since CSRFGuard JavaScript will not be able to identify such
>>> forms, it is necessary to add CSRF token manually. Please see the
>>> screenshot attached which is the page source of [2]. In such situations it
>>> is required to use JSP Taglib to add CSRF token as an additional parameter.
>>> Please follow [1] for additional details.
>>>
>>> We can of cause arrange quick sessions with teams to check on any
>>> edge-case issues they are facing, relevant to CSRFGuard.
>>>
>>> [1]
>>> https://docs.google.com/document/d/1LV23-hD7q1BjsruUdvM5dO4j7pIuUpzR_EYLmdfOo6k/edit#heading=h.xqvmgi6xtm6f
>>> [2]
>>> https://localhost:9443/t/tenant.com/carbon/user/edit-user-roles.jsp?username=ADDOMAIN%2FAdministrator699=ADDOMAIN%2FAdministrator699
>>>
>>> Best Regards,
>>> Ayoma.
>>>
>>> On Thu, Jul 7, 2016 at 11:35 AM, Shavantha Weerasinghe <
>>> shavan...@wso2.com >
>>> wrote:
>>>
 [+Dulanjan]

 Hi All

 When trying to add multiple roles to a user using a feature such as *Select
 all from page 1 to page 3* or clicking on a pagination number the same
 error comes and throws an error similar to[1]

 [1]
 [2016-07-07 11:34:37,139]  WARN - JavaLogger potential cross-site
 request forgery (CSRF) attack thwarted (user:, ip:127.0.0.1,
 method:POST, uri:/t/tenant.com/carbon/user/view-roles.jsp,
 error:required token is missing from the request)


 Regards,
 Shavantha Weerasinghe
 Senior Software Engineer QA
 WSO2, Inc.
 lean.enterprise.middleware.
 http://wso2.com
 http://wso2.org
 Tel : 94 11 214 5345
 Fax :94 11 2145300


 On Wed, Jul 6, 2016 at 4:10 PM, Hasintha Indrajee > wrote:

> Hi all,
>
> When trying to perform operations through admin console, once the
> session is expired we are getting a 403 from admin console. 

Re: [Dev] "Error 403 - Forbidden" when session expires in admin console

[Jagath Sisirakumara Ariyarathne]

Hi Pubudu,

On Fri, Jul 8, 2016 at 5:29 PM, Pubudu Priyashan  wrote:

> [+Senduran]
>
> We have found the same issue [1] in ESB wso2esb-5.0.0-pre-RC2.zip pack.
>
> [1] https://wso2.org/jira/browse/ESBJAVA-4741
>

This issue has been fixed by applying required filters in property file. We
will update the JIRA.

Thanks.

On Fri, Jul 8, 2016 at 6:35 PM, Dulanja Liyanage  wrote:

>
>
> On Thu, Jul 7, 2016 at 4:53 PM, Ayoma Wijethunga  wrote:
>
>> Hi All,
>>
>> Original issue reported by Hasintha is relevant to how we handle session
>> timeout conditions with CSRFGuard filter. We are working on this and will
>> update with a resolution.
>>
>
> The reason for this behavior is there's no session-existence check prior
> to the form POST. Before CSRFGuard this was not a problem, because, upon a
> failure due to session timeout one of the following would have happened:
>
>1. in the case of an ajaxprocessor - Request would be propagated to
>the respective admin service, and upon its session non-existence exception,
>will be redirected to the login page.
>2. in the case of a non-ajaxprocessor - CarbonSecuredHttpContext will
>redirect to the login page before hitting the actual jsp/servlet.
>
> Since CSRFGuard is a filter, it intercepts before either of the above
> happen and sends a 403 forbidden - because that's what it's supposed to do.
>
> There's a platform level javascript function called sessionAwareFunction
> (in main.js) that can be used for this. Registry Browser uses that. We have
> to send the actual operation we want to do as a callback function to
> sessionAwareFunction. It will initially do a session validity check
> via /carbon/admin/jsp/session-validate.jsp and then execute what we want to
> do.
>
> We tried to come up with a centralized solution for this, but failed.
> Therefore, this need to be fixed at product-level.
>
> Please let us know if you see a better solution for this.
>
>
>> In general CSRFGuard should work without any per-page modifications,
>> since we are using JavaScript based attribute injection and header based
>> protection for AJAX requests. However, there might be special cases in
>> which these methodologies fail. Such incidences should be handled
>> case-by-case and we will be adding all the special cases we identified in
>> to the "Integration Checklist" of [1].
>>
>> We had a short offline session with Shavantha on the issue he is facing
>> and identified that there are methods that use "
>> *document.createElement('form')*" JavaScript call to build forms
>> dynamically. Since CSRFGuard JavaScript will not be able to identify such
>> forms, it is necessary to add CSRF token manually. Please see the
>> screenshot attached which is the page source of [2]. In such situations it
>> is required to use JSP Taglib to add CSRF token as an additional parameter.
>> Please follow [1] for additional details.
>>
>> We can of cause arrange quick sessions with teams to check on any
>> edge-case issues they are facing, relevant to CSRFGuard.
>>
>> [1]
>> https://docs.google.com/document/d/1LV23-hD7q1BjsruUdvM5dO4j7pIuUpzR_EYLmdfOo6k/edit#heading=h.xqvmgi6xtm6f
>> [2]
>> https://localhost:9443/t/tenant.com/carbon/user/edit-user-roles.jsp?username=ADDOMAIN%2FAdministrator699=ADDOMAIN%2FAdministrator699
>>
>> Best Regards,
>> Ayoma.
>>
>> On Thu, Jul 7, 2016 at 11:35 AM, Shavantha Weerasinghe <
>> shavan...@wso2.com> wrote:
>>
>>> [+Dulanjan]
>>>
>>> Hi All
>>>
>>> When trying to add multiple roles to a user using a feature such as *Select
>>> all from page 1 to page 3* or clicking on a pagination number the same
>>> error comes and throws an error similar to[1]
>>>
>>> [1]
>>> [2016-07-07 11:34:37,139]  WARN - JavaLogger potential cross-site
>>> request forgery (CSRF) attack thwarted (user:, ip:127.0.0.1,
>>> method:POST, uri:/t/tenant.com/carbon/user/view-roles.jsp,
>>> error:required token is missing from the request)
>>>
>>>
>>> Regards,
>>> Shavantha Weerasinghe
>>> Senior Software Engineer QA
>>> WSO2, Inc.
>>> lean.enterprise.middleware.
>>> http://wso2.com
>>> http://wso2.org
>>> Tel : 94 11 214 5345
>>> Fax :94 11 2145300
>>>
>>>
>>> On Wed, Jul 6, 2016 at 4:10 PM, Hasintha Indrajee 
>>> wrote:
>>>
 Hi all,

 When trying to perform operations through admin console, once the
 session is expired we are getting a 403 from admin console. Seems like this
 occurs due to CSRF filter blocking the request since the session is no
 longer available at the server side.

 [2016-07-06 15:34:27,576]  WARN {org.owasp.csrfguard.log.JavaLogger} -
 potential cross-site request forgery (CSRF) attack thwarted
 (user:, ip:127.0.0.1, method:POST,
 uri:/carbon/userprofile/set-finish-ajaxprocessor.jsp, error:request token
 does not match session token)
 --
 Hasintha Indrajee
 WSO2, Inc.
 Mobile:+94 771892453


 

Re: [Dev] "Error 403 - Forbidden" when session expires in admin console

[Dulanja Liyanage]

On Thu, Jul 7, 2016 at 4:53 PM, Ayoma Wijethunga  wrote:

> Hi All,
>
> Original issue reported by Hasintha is relevant to how we handle session
> timeout conditions with CSRFGuard filter. We are working on this and will
> update with a resolution.
>

The reason for this behavior is there's no session-existence check prior to
the form POST. Before CSRFGuard this was not a problem, because, upon a
failure due to session timeout one of the following would have happened:

   1. in the case of an ajaxprocessor - Request would be propagated to the
   respective admin service, and upon its session non-existence exception,
   will be redirected to the login page.
   2. in the case of a non-ajaxprocessor - CarbonSecuredHttpContext will
   redirect to the login page before hitting the actual jsp/servlet.

Since CSRFGuard is a filter, it intercepts before either of the above
happen and sends a 403 forbidden - because that's what it's supposed to do.

There's a platform level javascript function called sessionAwareFunction
(in main.js) that can be used for this. Registry Browser uses that. We have
to send the actual operation we want to do as a callback function to
sessionAwareFunction. It will initially do a session validity check
via /carbon/admin/jsp/session-validate.jsp and then execute what we want to
do.

We tried to come up with a centralized solution for this, but failed.
Therefore, this need to be fixed at product-level.

Please let us know if you see a better solution for this.


> In general CSRFGuard should work without any per-page modifications, since
> we are using JavaScript based attribute injection and header based
> protection for AJAX requests. However, there might be special cases in
> which these methodologies fail. Such incidences should be handled
> case-by-case and we will be adding all the special cases we identified in
> to the "Integration Checklist" of [1].
>
> We had a short offline session with Shavantha on the issue he is facing
> and identified that there are methods that use "
> *document.createElement('form')*" JavaScript call to build forms
> dynamically. Since CSRFGuard JavaScript will not be able to identify such
> forms, it is necessary to add CSRF token manually. Please see the
> screenshot attached which is the page source of [2]. In such situations it
> is required to use JSP Taglib to add CSRF token as an additional parameter.
> Please follow [1] for additional details.
>
> We can of cause arrange quick sessions with teams to check on any
> edge-case issues they are facing, relevant to CSRFGuard.
>
> [1]
> https://docs.google.com/document/d/1LV23-hD7q1BjsruUdvM5dO4j7pIuUpzR_EYLmdfOo6k/edit#heading=h.xqvmgi6xtm6f
> [2]
> https://localhost:9443/t/tenant.com/carbon/user/edit-user-roles.jsp?username=ADDOMAIN%2FAdministrator699=ADDOMAIN%2FAdministrator699
>
> Best Regards,
> Ayoma.
>
> On Thu, Jul 7, 2016 at 11:35 AM, Shavantha Weerasinghe  > wrote:
>
>> [+Dulanjan]
>>
>> Hi All
>>
>> When trying to add multiple roles to a user using a feature such as *Select
>> all from page 1 to page 3* or clicking on a pagination number the same
>> error comes and throws an error similar to[1]
>>
>> [1]
>> [2016-07-07 11:34:37,139]  WARN - JavaLogger potential cross-site request
>> forgery (CSRF) attack thwarted (user:, ip:127.0.0.1,
>> method:POST, uri:/t/tenant.com/carbon/user/view-roles.jsp,
>> error:required token is missing from the request)
>>
>>
>> Regards,
>> Shavantha Weerasinghe
>> Senior Software Engineer QA
>> WSO2, Inc.
>> lean.enterprise.middleware.
>> http://wso2.com
>> http://wso2.org
>> Tel : 94 11 214 5345
>> Fax :94 11 2145300
>>
>>
>> On Wed, Jul 6, 2016 at 4:10 PM, Hasintha Indrajee 
>> wrote:
>>
>>> Hi all,
>>>
>>> When trying to perform operations through admin console, once the
>>> session is expired we are getting a 403 from admin console. Seems like this
>>> occurs due to CSRF filter blocking the request since the session is no
>>> longer available at the server side.
>>>
>>> [2016-07-06 15:34:27,576]  WARN {org.owasp.csrfguard.log.JavaLogger} -
>>> potential cross-site request forgery (CSRF) attack thwarted
>>> (user:, ip:127.0.0.1, method:POST,
>>> uri:/carbon/userprofile/set-finish-ajaxprocessor.jsp, error:request token
>>> does not match session token)
>>> --
>>> Hasintha Indrajee
>>> WSO2, Inc.
>>> Mobile:+94 771892453
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>
>
> --
> Ayoma Wijethunga
> Software Engineer
> Platform Security Team
> WSO2, Inc.; http://wso2.com
> lean.enterprise.middleware
>
> Mobile : +94 (0) 719428123 <+94+(0)+719428123>
> Blog : http://www.ayomaonline.com
> LinkedIn: https://www.linkedin.com/in/ayoma
>



-- 
Thanks & Regards,
Dulanja Liyanage
Lead, Platform Security Team
WSO2 Inc.
___
Dev mailing list
Dev@wso2.org

Re: [Dev] "Error 403 - Forbidden" when session expires in admin console

[Ayoma Wijethunga]

Hi Pubudu

This is only the pattern coming from kernel itself. Product level
exclusions are not there in the property file. Please check with product
team on this.

Best Regards,
Ayoma

On Fri, Jul 8, 2016 at 5:59 PM, Pubudu Priyashan  wrote:

> Hi Ayoma,
>
> I had a look at "
> repository/conf/security/Owasp.CsrfGuard.Carbon.properties" file and I
> can see the property [1] included in it. Can you please confirm that this
> is as expected? Thanks!
>
> [1] org.owasp.csrfguard.unprotected.Services=%servletContext%/services/*
>
> Cheers,
> Pubudu.
>
> Pubudu D.P
> Senior Software Engineer - QA Team | WSO2 inc.
> Mobile : +94775464547
>
> Linkedin: https://uk.linkedin.com/in/pubududp
> Medium: https://medium.com/@pubududp
>
>
> On Fri, Jul 8, 2016 at 5:50 PM, Ayoma Wijethunga  wrote:
>
>> Hi Pubudu / Senduran,
>>
>> This is not the exact same. "/carbon/proxyservices/" is one of EBS CSRF
>> exclusion patterns (referring to previous filter configuration [1]).
>>
>> As discussed with Senduran over the call we had, this pattern needs to be
>> added to OWASP CSRFGuard as a unprotected URL pattern ([2] section 6).
>>
>> Was the test performed on a pack with this configuration change? If so,
>> lets have a quick remote session to check this out.
>>
>> [1]
>> https://docs.google.com/document/d/16qTgkhOrhgH48ttnIuqEDG531cS1ouMLwqu1CtyfXLI/edit
>>
>> [2]
>> https://docs.google.com/document/d/1A1T-t6IjIaxunjlSyjsGuKSC-x9xl3kilNCTpZVy-EM/edit#
>>
>> Thank you,
>> Ayoma.
>>
>> On Fri, Jul 8, 2016 at 5:29 PM, Pubudu Priyashan 
>> wrote:
>>
>>> [+Senduran]
>>>
>>> We have found the same issue [1] in ESB wso2esb-5.0.0-pre-RC2.zip pack.
>>>
>>> [1] https://wso2.org/jira/browse/ESBJAVA-4741
>>>
>>> Pubudu D.P
>>> Senior Software Engineer - QA Team | WSO2 inc.
>>> Mobile : +94775464547
>>>
>>> Linkedin: https://uk.linkedin.com/in/pubududp
>>> Medium: https://medium.com/@pubududp
>>>
>>>
>>> On Thu, Jul 7, 2016 at 4:53 PM, Ayoma Wijethunga  wrote:
>>>
 Hi All,

 Original issue reported by Hasintha is relevant to how we handle
 session timeout conditions with CSRFGuard filter. We are working on this
 and will update with a resolution.

 In general CSRFGuard should work without any per-page modifications,
 since we are using JavaScript based attribute injection and header based
 protection for AJAX requests. However, there might be special cases in
 which these methodologies fail. Such incidences should be handled
 case-by-case and we will be adding all the special cases we identified in
 to the "Integration Checklist" of [1].

 We had a short offline session with Shavantha on the issue he is facing
 and identified that there are methods that use "
 *document.createElement('form')*" JavaScript call to build forms
 dynamically. Since CSRFGuard JavaScript will not be able to identify such
 forms, it is necessary to add CSRF token manually. Please see the
 screenshot attached which is the page source of [2]. In such situations it
 is required to use JSP Taglib to add CSRF token as an additional parameter.
 Please follow [1] for additional details.

 We can of cause arrange quick sessions with teams to check on any
 edge-case issues they are facing, relevant to CSRFGuard.

 [1]
 https://docs.google.com/document/d/1LV23-hD7q1BjsruUdvM5dO4j7pIuUpzR_EYLmdfOo6k/edit#heading=h.xqvmgi6xtm6f
 [2]
 https://localhost:9443/t/tenant.com/carbon/user/edit-user-roles.jsp?username=ADDOMAIN%2FAdministrator699=ADDOMAIN%2FAdministrator699

 Best Regards,
 Ayoma.

 On Thu, Jul 7, 2016 at 11:35 AM, Shavantha Weerasinghe <
 shavan...@wso2.com> wrote:

> [+Dulanjan]
>
> Hi All
>
> When trying to add multiple roles to a user using a feature such as 
> *Select
> all from page 1 to page 3* or clicking on a pagination number the
> same error comes and throws an error similar to[1]
>
> [1]
> [2016-07-07 11:34:37,139]  WARN - JavaLogger potential cross-site
> request forgery (CSRF) attack thwarted (user:, ip:127.0.0.1,
> method:POST, uri:/t/tenant.com/carbon/user/view-roles.jsp,
> error:required token is missing from the request)
>
>
> Regards,
> Shavantha Weerasinghe
> Senior Software Engineer QA
> WSO2, Inc.
> lean.enterprise.middleware.
> http://wso2.com
> http://wso2.org
> Tel : 94 11 214 5345
> Fax :94 11 2145300
>
>
> On Wed, Jul 6, 2016 at 4:10 PM, Hasintha Indrajee 
> wrote:
>
>> Hi all,
>>
>> When trying to perform operations through admin console, once the
>> session is expired we are getting a 403 from admin console. Seems like 
>> this
>> occurs due to CSRF filter blocking the request since the session is no
>> longer available at the server side.
>>
>> [2016-07-06 

Re: [Dev] "Error 403 - Forbidden" when session expires in admin console

[Pubudu Priyashan]

Hi Ayoma,

I had a look at "repository/conf/security/Owasp.CsrfGuard.Carbon.properties"
file and I can see the property [1] included in it. Can you please confirm
that this is as expected? Thanks!

[1] org.owasp.csrfguard.unprotected.Services=%servletContext%/services/*

Cheers,
Pubudu.

Pubudu D.P
Senior Software Engineer - QA Team | WSO2 inc.
Mobile : +94775464547

Linkedin: https://uk.linkedin.com/in/pubududp
Medium: https://medium.com/@pubududp


On Fri, Jul 8, 2016 at 5:50 PM, Ayoma Wijethunga  wrote:

> Hi Pubudu / Senduran,
>
> This is not the exact same. "/carbon/proxyservices/" is one of EBS CSRF
> exclusion patterns (referring to previous filter configuration [1]).
>
> As discussed with Senduran over the call we had, this pattern needs to be
> added to OWASP CSRFGuard as a unprotected URL pattern ([2] section 6).
>
> Was the test performed on a pack with this configuration change? If so,
> lets have a quick remote session to check this out.
>
> [1]
> https://docs.google.com/document/d/16qTgkhOrhgH48ttnIuqEDG531cS1ouMLwqu1CtyfXLI/edit
>
> [2]
> https://docs.google.com/document/d/1A1T-t6IjIaxunjlSyjsGuKSC-x9xl3kilNCTpZVy-EM/edit#
>
> Thank you,
> Ayoma.
>
> On Fri, Jul 8, 2016 at 5:29 PM, Pubudu Priyashan  wrote:
>
>> [+Senduran]
>>
>> We have found the same issue [1] in ESB wso2esb-5.0.0-pre-RC2.zip pack.
>>
>> [1] https://wso2.org/jira/browse/ESBJAVA-4741
>>
>> Pubudu D.P
>> Senior Software Engineer - QA Team | WSO2 inc.
>> Mobile : +94775464547
>>
>> Linkedin: https://uk.linkedin.com/in/pubududp
>> Medium: https://medium.com/@pubududp
>>
>>
>> On Thu, Jul 7, 2016 at 4:53 PM, Ayoma Wijethunga  wrote:
>>
>>> Hi All,
>>>
>>> Original issue reported by Hasintha is relevant to how we handle session
>>> timeout conditions with CSRFGuard filter. We are working on this and will
>>> update with a resolution.
>>>
>>> In general CSRFGuard should work without any per-page modifications,
>>> since we are using JavaScript based attribute injection and header based
>>> protection for AJAX requests. However, there might be special cases in
>>> which these methodologies fail. Such incidences should be handled
>>> case-by-case and we will be adding all the special cases we identified in
>>> to the "Integration Checklist" of [1].
>>>
>>> We had a short offline session with Shavantha on the issue he is facing
>>> and identified that there are methods that use "
>>> *document.createElement('form')*" JavaScript call to build forms
>>> dynamically. Since CSRFGuard JavaScript will not be able to identify such
>>> forms, it is necessary to add CSRF token manually. Please see the
>>> screenshot attached which is the page source of [2]. In such situations it
>>> is required to use JSP Taglib to add CSRF token as an additional parameter.
>>> Please follow [1] for additional details.
>>>
>>> We can of cause arrange quick sessions with teams to check on any
>>> edge-case issues they are facing, relevant to CSRFGuard.
>>>
>>> [1]
>>> https://docs.google.com/document/d/1LV23-hD7q1BjsruUdvM5dO4j7pIuUpzR_EYLmdfOo6k/edit#heading=h.xqvmgi6xtm6f
>>> [2]
>>> https://localhost:9443/t/tenant.com/carbon/user/edit-user-roles.jsp?username=ADDOMAIN%2FAdministrator699=ADDOMAIN%2FAdministrator699
>>>
>>> Best Regards,
>>> Ayoma.
>>>
>>> On Thu, Jul 7, 2016 at 11:35 AM, Shavantha Weerasinghe <
>>> shavan...@wso2.com> wrote:
>>>
 [+Dulanjan]

 Hi All

 When trying to add multiple roles to a user using a feature such as *Select
 all from page 1 to page 3* or clicking on a pagination number the same
 error comes and throws an error similar to[1]

 [1]
 [2016-07-07 11:34:37,139]  WARN - JavaLogger potential cross-site
 request forgery (CSRF) attack thwarted (user:, ip:127.0.0.1,
 method:POST, uri:/t/tenant.com/carbon/user/view-roles.jsp,
 error:required token is missing from the request)


 Regards,
 Shavantha Weerasinghe
 Senior Software Engineer QA
 WSO2, Inc.
 lean.enterprise.middleware.
 http://wso2.com
 http://wso2.org
 Tel : 94 11 214 5345
 Fax :94 11 2145300


 On Wed, Jul 6, 2016 at 4:10 PM, Hasintha Indrajee 
 wrote:

> Hi all,
>
> When trying to perform operations through admin console, once the
> session is expired we are getting a 403 from admin console. Seems like 
> this
> occurs due to CSRF filter blocking the request since the session is no
> longer available at the server side.
>
> [2016-07-06 15:34:27,576]  WARN {org.owasp.csrfguard.log.JavaLogger}
> -  potential cross-site request forgery (CSRF) attack thwarted
> (user:, ip:127.0.0.1, method:POST,
> uri:/carbon/userprofile/set-finish-ajaxprocessor.jsp, error:request token
> does not match session token)
> --
> Hasintha Indrajee
> WSO2, Inc.
> Mobile:+94 771892453
>
>
> ___

Re: [Dev] Moving carbon dashboards version to 2.0.0-SNAPSHOT

[Tanya Madurapperuma]

Pushed the changes to master.

Thanks,
Tanya

On Fri, Jul 8, 2016 at 5:40 PM, Dunith Dhanushka  wrote:

> Hi Tanya,
>
> Thanks for the explanation. We assume any feature that will be added later
> will backward compatible.
>
> Regards,
> Dunith
>
> On Fri, Jul 8, 2016 at 5:18 PM, Tanya Madurapperuma 
> wrote:
>
>> Hi Dunith,
>>
>> All the new features were there on the 1.0.20-SNAPSHOT version. AFAIK you
>> have already verified your build with 1.0.20-SNAPSHOT. Hence this will just
>> be a version change for you.
>> Let us know if you have any concerns.
>>
>> Thanks,
>> Tanya
>>
>> On Fri, Jul 8, 2016 at 5:13 PM, Dunith Dhanushka  wrote:
>>
>>> Hi Tanya,
>>>
>>> On second thought, can you be specific on new features?
>>>
>>> Since we are on the verge of DAS 3.1.0 release today, it's better to go
>>> without new features. Can you merge 4.4.7 related security fixes to
>>> 1.0.20-SNAPSHOT ?
>>>
>>> Thanks,
>>> Dunith
>>>
>>>
>>> On Fri, Jul 8, 2016 at 4:59 PM, Dunith Dhanushka 
>>> wrote:
>>>
 Ack!

 On Fri, Jul 8, 2016 at 4:56 PM, Tanya Madurapperuma 
 wrote:

> Hi all,
>
> We will be $ Subject from 1.0.20-SNAPSHOT. Reason is we have new
> features added and also upgraded the carbon kernel version to 4.4.7.
>
> Please note this if you are pointing to carbon dashboards
> 1.0.20-SNAPSHOT in any of your repos atm.
>
> Thanks,
> Tanya
>
> --
> Tanya Madurapperuma
>
> Senior Software Engineer,
> WSO2 Inc. : wso2.com
> Mobile : +94718184439
> Blog : http://tanyamadurapperuma.blogspot.com
>



 --
 Regards,

 Dunith Dhanushka,
 Associate Technical Lead
 WSO2 Inc,

 Mobile - +94 71 8615744
 Blog - *https://medium.com/@dunithd *
 Twitter - @dunithd 

>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>> Dunith Dhanushka,
>>> Associate Technical Lead
>>> WSO2 Inc,
>>>
>>> Mobile - +94 71 8615744
>>> Blog - *https://medium.com/@dunithd *
>>> Twitter - @dunithd 
>>>
>>
>>
>>
>> --
>> Tanya Madurapperuma
>>
>> Senior Software Engineer,
>> WSO2 Inc. : wso2.com
>> Mobile : +94718184439
>> Blog : http://tanyamadurapperuma.blogspot.com
>>
>
>
>
> --
> Regards,
>
> Dunith Dhanushka,
> Associate Technical Lead
> WSO2 Inc,
>
> Mobile - +94 71 8615744
> Blog - *https://medium.com/@dunithd *
> Twitter - @dunithd 
>



-- 
Tanya Madurapperuma

Senior Software Engineer,
WSO2 Inc. : wso2.com
Mobile : +94718184439
Blog : http://tanyamadurapperuma.blogspot.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Persist host entry in the docker image built from a dockerfile

[Sabra Ossen]

Hi Udara,

I tried method #2 and when I checked the running container created from the
built image, but the host entry was not added. Method #2 only works when I
set the host entry and then use the host entry in the same line, as I have
shown above. Any RUN command executed after the above RUN command would
create a new intermediate container thus creating a new /etc/hosts file.

Thanks and Regards.


On Fri, Jul 8, 2016 at 5:42 PM, Udara Liyanage  wrote:

>
>
> On Fri, Jul 8, 2016 at 7:49 AM, Sabra Ossen  wrote:
>
>> Hi All,
>>
>> I am trying to add a host entry to /etc/hosts inside of a docker image
>> built from a dockerfile. An extensive search resulted in the following
>> results.
>>
>> 1. Add the host entry at runtime using command,
>> *docker run -it --add-host myhost:192.168.18.2  /bin/bash*
>> This method only makes the host entry available in the running
>> container and not in the image resulting after a docker build.
>> 2. Add "RUN echo "192.168.11.112 myhost" >> /etc/hosts && wget
>> http://myhost; to the docker file. With each RUN command a new
>> intermediate container will be created. This method only allows the host
>> entry available in the intermediate container.
>>
> I think this method will work.
> What do you mean by available only to   intermediate container. If you add
> above RUN command it will persist in the final docker image, isn't it?
>
>>
>> Many methods allow the host entry to be available only from a container
>> level vs image level. Any known clean method for $subject.
>>
>> Thanks and Regards.
>> --
>> *Sabra Ossen*
>> *Software Engineer*
>> Email: sa...@wso2.com
>> Mobile: +94 767 837356
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> Udara Liyanage
> Software Engineer
> WSO2, Inc.: http://wso2.com
> lean. enterprise. middleware
>
> web: http://udaraliyanage.wordpress.com
> phone: +94 71 443 6897
>



-- 
*Sabra Ossen*
*Software Engineer*
Email: sa...@wso2.com
Mobile: +94 767 837356
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] "Error 403 - Forbidden" when session expires in admin console

[Ayoma Wijethunga]

Hi Pubudu / Senduran,

This is not the exact same. "/carbon/proxyservices/" is one of EBS CSRF
exclusion patterns (referring to previous filter configuration [1]).

As discussed with Senduran over the call we had, this pattern needs to be
added to OWASP CSRFGuard as a unprotected URL pattern ([2] section 6).

Was the test performed on a pack with this configuration change? If so,
lets have a quick remote session to check this out.

[1]
https://docs.google.com/document/d/16qTgkhOrhgH48ttnIuqEDG531cS1ouMLwqu1CtyfXLI/edit

[2]
https://docs.google.com/document/d/1A1T-t6IjIaxunjlSyjsGuKSC-x9xl3kilNCTpZVy-EM/edit#

Thank you,
Ayoma.

On Fri, Jul 8, 2016 at 5:29 PM, Pubudu Priyashan  wrote:

> [+Senduran]
>
> We have found the same issue [1] in ESB wso2esb-5.0.0-pre-RC2.zip pack.
>
> [1] https://wso2.org/jira/browse/ESBJAVA-4741
>
> Pubudu D.P
> Senior Software Engineer - QA Team | WSO2 inc.
> Mobile : +94775464547
>
> Linkedin: https://uk.linkedin.com/in/pubududp
> Medium: https://medium.com/@pubududp
>
>
> On Thu, Jul 7, 2016 at 4:53 PM, Ayoma Wijethunga  wrote:
>
>> Hi All,
>>
>> Original issue reported by Hasintha is relevant to how we handle session
>> timeout conditions with CSRFGuard filter. We are working on this and will
>> update with a resolution.
>>
>> In general CSRFGuard should work without any per-page modifications,
>> since we are using JavaScript based attribute injection and header based
>> protection for AJAX requests. However, there might be special cases in
>> which these methodologies fail. Such incidences should be handled
>> case-by-case and we will be adding all the special cases we identified in
>> to the "Integration Checklist" of [1].
>>
>> We had a short offline session with Shavantha on the issue he is facing
>> and identified that there are methods that use "
>> *document.createElement('form')*" JavaScript call to build forms
>> dynamically. Since CSRFGuard JavaScript will not be able to identify such
>> forms, it is necessary to add CSRF token manually. Please see the
>> screenshot attached which is the page source of [2]. In such situations it
>> is required to use JSP Taglib to add CSRF token as an additional parameter.
>> Please follow [1] for additional details.
>>
>> We can of cause arrange quick sessions with teams to check on any
>> edge-case issues they are facing, relevant to CSRFGuard.
>>
>> [1]
>> https://docs.google.com/document/d/1LV23-hD7q1BjsruUdvM5dO4j7pIuUpzR_EYLmdfOo6k/edit#heading=h.xqvmgi6xtm6f
>> [2]
>> https://localhost:9443/t/tenant.com/carbon/user/edit-user-roles.jsp?username=ADDOMAIN%2FAdministrator699=ADDOMAIN%2FAdministrator699
>>
>> Best Regards,
>> Ayoma.
>>
>> On Thu, Jul 7, 2016 at 11:35 AM, Shavantha Weerasinghe <
>> shavan...@wso2.com> wrote:
>>
>>> [+Dulanjan]
>>>
>>> Hi All
>>>
>>> When trying to add multiple roles to a user using a feature such as *Select
>>> all from page 1 to page 3* or clicking on a pagination number the same
>>> error comes and throws an error similar to[1]
>>>
>>> [1]
>>> [2016-07-07 11:34:37,139]  WARN - JavaLogger potential cross-site
>>> request forgery (CSRF) attack thwarted (user:, ip:127.0.0.1,
>>> method:POST, uri:/t/tenant.com/carbon/user/view-roles.jsp,
>>> error:required token is missing from the request)
>>>
>>>
>>> Regards,
>>> Shavantha Weerasinghe
>>> Senior Software Engineer QA
>>> WSO2, Inc.
>>> lean.enterprise.middleware.
>>> http://wso2.com
>>> http://wso2.org
>>> Tel : 94 11 214 5345
>>> Fax :94 11 2145300
>>>
>>>
>>> On Wed, Jul 6, 2016 at 4:10 PM, Hasintha Indrajee 
>>> wrote:
>>>
 Hi all,

 When trying to perform operations through admin console, once the
 session is expired we are getting a 403 from admin console. Seems like this
 occurs due to CSRF filter blocking the request since the session is no
 longer available at the server side.

 [2016-07-06 15:34:27,576]  WARN {org.owasp.csrfguard.log.JavaLogger} -
 potential cross-site request forgery (CSRF) attack thwarted
 (user:, ip:127.0.0.1, method:POST,
 uri:/carbon/userprofile/set-finish-ajaxprocessor.jsp, error:request token
 does not match session token)
 --
 Hasintha Indrajee
 WSO2, Inc.
 Mobile:+94 771892453


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>
>>
>> --
>> Ayoma Wijethunga
>> Software Engineer
>> Platform Security Team
>> WSO2, Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> Mobile : +94 (0) 719428123 <+94+(0)+719428123>
>> Blog : http://www.ayomaonline.com
>> LinkedIn: https://www.linkedin.com/in/ayoma
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>


-- 
Ayoma Wijethunga
Software Engineer
Platform Security Team
WSO2, Inc.; http://wso2.com
lean.enterprise.middleware

Mobile : +94 (0) 

Re: [Dev] Persist host entry in the docker image built from a dockerfile

[Udara Liyanage]

On Fri, Jul 8, 2016 at 7:49 AM, Sabra Ossen  wrote:

> Hi All,
>
> I am trying to add a host entry to /etc/hosts inside of a docker image
> built from a dockerfile. An extensive search resulted in the following
> results.
>
> 1. Add the host entry at runtime using command,
> *docker run -it --add-host myhost:192.168.18.2  /bin/bash*
> This method only makes the host entry available in the running
> container and not in the image resulting after a docker build.
> 2. Add "RUN echo "192.168.11.112 myhost" >> /etc/hosts && wget
> http://myhost; to the docker file. With each RUN command a new
> intermediate container will be created. This method only allows the host
> entry available in the intermediate container.
>
I think this method will work.
What do you mean by available only to   intermediate container. If you add
above RUN command it will persist in the final docker image, isn't it?

>
> Many methods allow the host entry to be available only from a container
> level vs image level. Any known clean method for $subject.
>
> Thanks and Regards.
> --
> *Sabra Ossen*
> *Software Engineer*
> Email: sa...@wso2.com
> Mobile: +94 767 837356
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

Udara Liyanage
Software Engineer
WSO2, Inc.: http://wso2.com
lean. enterprise. middleware

web: http://udaraliyanage.wordpress.com
phone: +94 71 443 6897
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Moving carbon dashboards version to 2.0.0-SNAPSHOT

[Dunith Dhanushka]

Hi Tanya,

Thanks for the explanation. We assume any feature that will be added later
will backward compatible.

Regards,
Dunith

On Fri, Jul 8, 2016 at 5:18 PM, Tanya Madurapperuma  wrote:

> Hi Dunith,
>
> All the new features were there on the 1.0.20-SNAPSHOT version. AFAIK you
> have already verified your build with 1.0.20-SNAPSHOT. Hence this will just
> be a version change for you.
> Let us know if you have any concerns.
>
> Thanks,
> Tanya
>
> On Fri, Jul 8, 2016 at 5:13 PM, Dunith Dhanushka  wrote:
>
>> Hi Tanya,
>>
>> On second thought, can you be specific on new features?
>>
>> Since we are on the verge of DAS 3.1.0 release today, it's better to go
>> without new features. Can you merge 4.4.7 related security fixes to
>> 1.0.20-SNAPSHOT ?
>>
>> Thanks,
>> Dunith
>>
>>
>> On Fri, Jul 8, 2016 at 4:59 PM, Dunith Dhanushka  wrote:
>>
>>> Ack!
>>>
>>> On Fri, Jul 8, 2016 at 4:56 PM, Tanya Madurapperuma 
>>> wrote:
>>>
 Hi all,

 We will be $ Subject from 1.0.20-SNAPSHOT. Reason is we have new
 features added and also upgraded the carbon kernel version to 4.4.7.

 Please note this if you are pointing to carbon dashboards
 1.0.20-SNAPSHOT in any of your repos atm.

 Thanks,
 Tanya

 --
 Tanya Madurapperuma

 Senior Software Engineer,
 WSO2 Inc. : wso2.com
 Mobile : +94718184439
 Blog : http://tanyamadurapperuma.blogspot.com

>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>> Dunith Dhanushka,
>>> Associate Technical Lead
>>> WSO2 Inc,
>>>
>>> Mobile - +94 71 8615744
>>> Blog - *https://medium.com/@dunithd *
>>> Twitter - @dunithd 
>>>
>>
>>
>>
>> --
>> Regards,
>>
>> Dunith Dhanushka,
>> Associate Technical Lead
>> WSO2 Inc,
>>
>> Mobile - +94 71 8615744
>> Blog - *https://medium.com/@dunithd *
>> Twitter - @dunithd 
>>
>
>
>
> --
> Tanya Madurapperuma
>
> Senior Software Engineer,
> WSO2 Inc. : wso2.com
> Mobile : +94718184439
> Blog : http://tanyamadurapperuma.blogspot.com
>



-- 
Regards,

Dunith Dhanushka,
Associate Technical Lead
WSO2 Inc,

Mobile - +94 71 8615744
Blog - *https://medium.com/@dunithd *
Twitter - @dunithd 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] "Error 403 - Forbidden" when session expires in admin console

[Pubudu Priyashan]

[+Senduran]

We have found the same issue [1] in ESB wso2esb-5.0.0-pre-RC2.zip pack.

[1] https://wso2.org/jira/browse/ESBJAVA-4741

Pubudu D.P
Senior Software Engineer - QA Team | WSO2 inc.
Mobile : +94775464547

Linkedin: https://uk.linkedin.com/in/pubududp
Medium: https://medium.com/@pubududp


On Thu, Jul 7, 2016 at 4:53 PM, Ayoma Wijethunga  wrote:

> Hi All,
>
> Original issue reported by Hasintha is relevant to how we handle session
> timeout conditions with CSRFGuard filter. We are working on this and will
> update with a resolution.
>
> In general CSRFGuard should work without any per-page modifications, since
> we are using JavaScript based attribute injection and header based
> protection for AJAX requests. However, there might be special cases in
> which these methodologies fail. Such incidences should be handled
> case-by-case and we will be adding all the special cases we identified in
> to the "Integration Checklist" of [1].
>
> We had a short offline session with Shavantha on the issue he is facing
> and identified that there are methods that use "
> *document.createElement('form')*" JavaScript call to build forms
> dynamically. Since CSRFGuard JavaScript will not be able to identify such
> forms, it is necessary to add CSRF token manually. Please see the
> screenshot attached which is the page source of [2]. In such situations it
> is required to use JSP Taglib to add CSRF token as an additional parameter.
> Please follow [1] for additional details.
>
> We can of cause arrange quick sessions with teams to check on any
> edge-case issues they are facing, relevant to CSRFGuard.
>
> [1]
> https://docs.google.com/document/d/1LV23-hD7q1BjsruUdvM5dO4j7pIuUpzR_EYLmdfOo6k/edit#heading=h.xqvmgi6xtm6f
> [2]
> https://localhost:9443/t/tenant.com/carbon/user/edit-user-roles.jsp?username=ADDOMAIN%2FAdministrator699=ADDOMAIN%2FAdministrator699
>
> Best Regards,
> Ayoma.
>
> On Thu, Jul 7, 2016 at 11:35 AM, Shavantha Weerasinghe  > wrote:
>
>> [+Dulanjan]
>>
>> Hi All
>>
>> When trying to add multiple roles to a user using a feature such as *Select
>> all from page 1 to page 3* or clicking on a pagination number the same
>> error comes and throws an error similar to[1]
>>
>> [1]
>> [2016-07-07 11:34:37,139]  WARN - JavaLogger potential cross-site request
>> forgery (CSRF) attack thwarted (user:, ip:127.0.0.1,
>> method:POST, uri:/t/tenant.com/carbon/user/view-roles.jsp,
>> error:required token is missing from the request)
>>
>>
>> Regards,
>> Shavantha Weerasinghe
>> Senior Software Engineer QA
>> WSO2, Inc.
>> lean.enterprise.middleware.
>> http://wso2.com
>> http://wso2.org
>> Tel : 94 11 214 5345
>> Fax :94 11 2145300
>>
>>
>> On Wed, Jul 6, 2016 at 4:10 PM, Hasintha Indrajee 
>> wrote:
>>
>>> Hi all,
>>>
>>> When trying to perform operations through admin console, once the
>>> session is expired we are getting a 403 from admin console. Seems like this
>>> occurs due to CSRF filter blocking the request since the session is no
>>> longer available at the server side.
>>>
>>> [2016-07-06 15:34:27,576]  WARN {org.owasp.csrfguard.log.JavaLogger} -
>>> potential cross-site request forgery (CSRF) attack thwarted
>>> (user:, ip:127.0.0.1, method:POST,
>>> uri:/carbon/userprofile/set-finish-ajaxprocessor.jsp, error:request token
>>> does not match session token)
>>> --
>>> Hasintha Indrajee
>>> WSO2, Inc.
>>> Mobile:+94 771892453
>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>
>
> --
> Ayoma Wijethunga
> Software Engineer
> Platform Security Team
> WSO2, Inc.; http://wso2.com
> lean.enterprise.middleware
>
> Mobile : +94 (0) 719428123 <+94+(0)+719428123>
> Blog : http://www.ayomaonline.com
> LinkedIn: https://www.linkedin.com/in/ayoma
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Persist host entry in the docker image built from a dockerfile

[Sabra Ossen]

Hi All,

I am trying to add a host entry to /etc/hosts inside of a docker image
built from a dockerfile. An extensive search resulted in the following
results.

1. Add the host entry at runtime using command,
*docker run -it --add-host myhost:192.168.18.2  /bin/bash*
This method only makes the host entry available in the running
container and not in the image resulting after a docker build.
2. Add "RUN echo "192.168.11.112 myhost" >> /etc/hosts && wget http://myhost;
to the docker file. With each RUN command a new intermediate container will
be created. This method only allows the host entry available in the
intermediate container.

Many methods allow the host entry to be available only from a container
level vs image level. Any known clean method for $subject.

Thanks and Regards.
-- 
*Sabra Ossen*
*Software Engineer*
Email: sa...@wso2.com
Mobile: +94 767 837356
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Moving carbon dashboards version to 2.0.0-SNAPSHOT

[Tanya Madurapperuma]

Hi Dunith,

All the new features were there on the 1.0.20-SNAPSHOT version. AFAIK you
have already verified your build with 1.0.20-SNAPSHOT. Hence this will just
be a version change for you.
Let us know if you have any concerns.

Thanks,
Tanya

On Fri, Jul 8, 2016 at 5:13 PM, Dunith Dhanushka  wrote:

> Hi Tanya,
>
> On second thought, can you be specific on new features?
>
> Since we are on the verge of DAS 3.1.0 release today, it's better to go
> without new features. Can you merge 4.4.7 related security fixes to
> 1.0.20-SNAPSHOT ?
>
> Thanks,
> Dunith
>
>
> On Fri, Jul 8, 2016 at 4:59 PM, Dunith Dhanushka  wrote:
>
>> Ack!
>>
>> On Fri, Jul 8, 2016 at 4:56 PM, Tanya Madurapperuma 
>> wrote:
>>
>>> Hi all,
>>>
>>> We will be $ Subject from 1.0.20-SNAPSHOT. Reason is we have new
>>> features added and also upgraded the carbon kernel version to 4.4.7.
>>>
>>> Please note this if you are pointing to carbon dashboards
>>> 1.0.20-SNAPSHOT in any of your repos atm.
>>>
>>> Thanks,
>>> Tanya
>>>
>>> --
>>> Tanya Madurapperuma
>>>
>>> Senior Software Engineer,
>>> WSO2 Inc. : wso2.com
>>> Mobile : +94718184439
>>> Blog : http://tanyamadurapperuma.blogspot.com
>>>
>>
>>
>>
>> --
>> Regards,
>>
>> Dunith Dhanushka,
>> Associate Technical Lead
>> WSO2 Inc,
>>
>> Mobile - +94 71 8615744
>> Blog - *https://medium.com/@dunithd *
>> Twitter - @dunithd 
>>
>
>
>
> --
> Regards,
>
> Dunith Dhanushka,
> Associate Technical Lead
> WSO2 Inc,
>
> Mobile - +94 71 8615744
> Blog - *https://medium.com/@dunithd *
> Twitter - @dunithd 
>



-- 
Tanya Madurapperuma

Senior Software Engineer,
WSO2 Inc. : wso2.com
Mobile : +94718184439
Blog : http://tanyamadurapperuma.blogspot.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Moving carbon dashboards version to 2.0.0-SNAPSHOT

[Dunith Dhanushka]

Hi Tanya,

On second thought, can you be specific on new features?

Since we are on the verge of DAS 3.1.0 release today, it's better to go
without new features. Can you merge 4.4.7 related security fixes to
1.0.20-SNAPSHOT ?

Thanks,
Dunith


On Fri, Jul 8, 2016 at 4:59 PM, Dunith Dhanushka  wrote:

> Ack!
>
> On Fri, Jul 8, 2016 at 4:56 PM, Tanya Madurapperuma 
> wrote:
>
>> Hi all,
>>
>> We will be $ Subject from 1.0.20-SNAPSHOT. Reason is we have new features
>> added and also upgraded the carbon kernel version to 4.4.7.
>>
>> Please note this if you are pointing to carbon dashboards 1.0.20-SNAPSHOT
>> in any of your repos atm.
>>
>> Thanks,
>> Tanya
>>
>> --
>> Tanya Madurapperuma
>>
>> Senior Software Engineer,
>> WSO2 Inc. : wso2.com
>> Mobile : +94718184439
>> Blog : http://tanyamadurapperuma.blogspot.com
>>
>
>
>
> --
> Regards,
>
> Dunith Dhanushka,
> Associate Technical Lead
> WSO2 Inc,
>
> Mobile - +94 71 8615744
> Blog - *https://medium.com/@dunithd *
> Twitter - @dunithd 
>



-- 
Regards,

Dunith Dhanushka,
Associate Technical Lead
WSO2 Inc,

Mobile - +94 71 8615744
Blog - *https://medium.com/@dunithd *
Twitter - @dunithd 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [DAS 310] Changing the logo of the dashboard

[Sachith Withana]

Thanks Jerad for the explanation and the links.

Will follow this.

Regards,
Sachith

On Thu, Jul 7, 2016 at 11:49 PM, Jerad Rutnam  wrote:

> Hi Sachith,
>
> Basically you have to overwrite the "
> *repository\deployment\server\jaggeryapps\portal\theme\templates\dashboard.jag*"
> file by copying it and pasting it under "
> *repository\deployment\server\jaggeryapps\portal\extensions\themes\basic\templates\dashboard.jag*".
> That's how the DS theme the extension work.
>
> If you want to have a custom theme folder, you can simply create a new
> folder under "
> *repository\deployment\server\jaggeryapps\portal\extensions\themes\*
> "* ( **NOTE:- You have to follow the same structure as the "basic" theme
> folder. **) *and update "
> *repository\deployment\server\jaggeryapps\portal\configs\designer.json*".
> that will pick the "custom-theme" instead the "basic".
>
> See the example designer.json config sample below,
>
> {
>> ...
>> "theme": "custom-theme",
>> ...
>> }
>
>
> For more details please check:
> https://docs.google.com/document/d/1sr3bTWyBN9bu_JYI9mGVSeLlkU0_RFXpanoSTDiNT_I
>
> Cheers!
> Jerad
>
>
> On Thu, Jul 7, 2016 at 5:15 PM, Sachith Withana  wrote:
>
>> Thanks Jerad and Prabushi.
>>
>> @Jerad: What do you mean by extending the dashboard.jag?
>>
>> Regards,
>> Sachith
>>
>> On Thu, Jul 7, 2016 at 12:07 AM, Prabushi Samarakoon 
>> wrote:
>>
>>> Hi Sachith,
>>>
>>> Currently, we don't allow to change the dashboard logo. But, you can
>>> easily change the dashboard title which locates under the logo, using a
>>> custom theme. You can add the url to the dashboard title if it is ok with
>>> your use case. Otherwise you have to change in the dashboard.jag to change
>>> the logo.
>>>
>>> Thanks,
>>> Prabushi
>>>
>>> On Wed, Jul 6, 2016 at 7:20 PM, Sachith Withana 
>>> wrote:
>>>
 Hi all,

 How can I do the $subject?

 I managed to insert a url in an image tag and do it but it might not be
 the cleanest way to do it looking at the source code.

 Thanks,
 Sachith

 --
 Sachith Withana
 Software Engineer; WSO2 Inc.; http://wso2.com
 E-mail: sachith AT wso2.com
 M: +94715518127
 Linked-In: 
 https://lk.linkedin.com/in/sachithwithana

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> *Prabushi Samarakoon*
>>> Software Engineer
>>> Mobile: +94715434580
>>> Email: prabus...@wso2.com
>>>
>>
>>
>>
>> --
>> Sachith Withana
>> Software Engineer; WSO2 Inc.; http://wso2.com
>> E-mail: sachith AT wso2.com
>> M: +94715518127
>> Linked-In: 
>> https://lk.linkedin.com/in/sachithwithana
>>
>
>
>
> --
> *Jerad Rutnam*
> *Software Engineer*
>
> WSO2 Inc.
> lean | enterprise | middleware
> M : +94 77 959 1609 | E : je...@wso2.com | W : www.wso2.com
>



-- 
Sachith Withana
Software Engineer; WSO2 Inc.; http://wso2.com
E-mail: sachith AT wso2.com
M: +94715518127
Linked-In: https://lk.linkedin.com/in/sachithwithana
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Moving carbon dashboards version to 2.0.0-SNAPSHOT

[Dunith Dhanushka]

Ack!

On Fri, Jul 8, 2016 at 4:56 PM, Tanya Madurapperuma  wrote:

> Hi all,
>
> We will be $ Subject from 1.0.20-SNAPSHOT. Reason is we have new features
> added and also upgraded the carbon kernel version to 4.4.7.
>
> Please note this if you are pointing to carbon dashboards 1.0.20-SNAPSHOT
> in any of your repos atm.
>
> Thanks,
> Tanya
>
> --
> Tanya Madurapperuma
>
> Senior Software Engineer,
> WSO2 Inc. : wso2.com
> Mobile : +94718184439
> Blog : http://tanyamadurapperuma.blogspot.com
>



-- 
Regards,

Dunith Dhanushka,
Associate Technical Lead
WSO2 Inc,

Mobile - +94 71 8615744
Blog - *https://medium.com/@dunithd *
Twitter - @dunithd 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [ES]Error when Importing Users in Bulk through management console

[Omindu Rathnaweera]

Hi Sherene,

Shall we add this to IS docs. We can include the structure of the csv in
[1].

[1] -
https://docs.wso2.com/display/IS510/Configuring+Users#ConfiguringUsers-Importingusers


Thanks,
Omindu.

On Fri, Jul 8, 2016 at 11:57 AM, Kasun Thennakoon  wrote:

> Hi Dilini,
>
> Thanks for the help,It works with a slight change to the *names_2.csv*
> file attached in the JIRA[1].As you suggested , I had to add a new column
> with the password for the user in between username and claim URL columns.
>
> Sample format of the csv file.
>
> UserName,Password,Claims
>> chris,chris123,http://wso2.org/claims/emailaddress=dracusds...@gmail.com
>> mical,mical123,http://wso2.org/claims/emailaddress=dracusds...@gmail.com
>> sharuk,sharuk123,
>> http://wso2.org/claims/emailaddress=dracusds...@gmail.com
>> john,john123,http://wso2.org/claims/emailaddress=dracusds...@gmail.com
>
>
>
> [1] https://wso2.org/jira/browse/IDENTITY-2970
>
> On Wed, Jul 6, 2016 at 4:54 PM, Dilini Gunatilake 
> wrote:
>
>> Hi Kasun,
>>
>> I have tried bulk importing in ES 2.1.0 and it is working for me. May be
>> the format of the file you have used is incorrect. You can find the correct
>> format from [1]. I used the same file attached in the JIRA (names_2.csv).
>>
>> [1] https://wso2.org/jira/browse/IDENTITY-2970
>>
>>
>> Regards,
>> Dilini
>>
>> On Tue, Jul 5, 2016 at 12:23 PM, Kasun Thennakoon 
>> wrote:
>>
>>> Hi all,
>>>
>>> I tried to create multiple user accounts in Entreprise store at once,
>>> rather than creating users one by one. I have tried to use *Bulk Import
>>> Users *option available in the management console.But I couldn't find
>>> the correct format of the file which I need to upload there.I search
>>> through the documentations and found these articles(Importing Users in Bulk
>>> [1 ] and
>>> Bulk Import of Users [2
>>> ]
>>> ).There is a slight different in the documentation and what I'm
>>> having(Please see the attachment) in the management console , that there is
>>> no field to set a default password for the users.despite the issue, I just
>>> upload a CSV, with one column containing a list of usernames.But then got
>>> the following error:
>>>
>>> [2016-07-05 10:44:25,316] ERROR
 {org.wso2.carbon.user.mgt.ui.UserAdminClient} -  Error occurs while
 importing user names. All user names were not imported. Last error was :
 Ask Password Feature is disabled
 org.apache.axis2.AxisFault: Error occurs while importing user names.
 All user names were not imported. Last error was : Ask Password Feature is
 disabled
 at
 org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
 at
 org.apache.axis2.description.RobustOutOnlyAxisOperation$RobustOutOnlyOperationClient.handleResponse(RobustOutOnlyAxisOperation.java:91)
 at
 org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:445)
 at
 org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
 at
 org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
 at
 org.wso2.carbon.user.mgt.stub.UserAdminStub.bulkImportUsers(UserAdminStub.java:6887)
 at
 org.wso2.carbon.user.mgt.ui.UserAdminClient.bulkImportUsers(UserAdminClient.java:236)
 at
 org.apache.jsp.user.bulk_002dimport_002dfinish_jsp._jspService(bulk_002dimport_002dfinish_jsp.java:138)
 at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at
 org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
 at
 org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
 at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
 at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at
 org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
 at
 org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
 at
 org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
 at
 org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
 at
 org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
 at
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
 at
 

[Dev] Moving carbon dashboards version to 2.0.0-SNAPSHOT

[Tanya Madurapperuma]

Hi all,

We will be $ Subject from 1.0.20-SNAPSHOT. Reason is we have new features
added and also upgraded the carbon kernel version to 4.4.7.

Please note this if you are pointing to carbon dashboards 1.0.20-SNAPSHOT
in any of your repos atm.

Thanks,
Tanya

-- 
Tanya Madurapperuma

Senior Software Engineer,
WSO2 Inc. : wso2.com
Mobile : +94718184439
Blog : http://tanyamadurapperuma.blogspot.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Puppet Modules main version should be a constant

[Isuru Perera]

Thanks Imesh!

On Fri, Jul 8, 2016 at 2:39 PM, Imesh Gunaratne  wrote:

> Hi Isuru,
>
> We fixed this in the following commit:
>
> https://github.com/wso2/puppet-modules/commit/6129cfe3353ae41fdd6ffd746dd7fcc0471cbf5f
>
> Thanks
>
> On Fri, Jul 8, 2016 at 2:13 PM, Imesh Gunaratne  wrote:
>
>> Thanks Isuru! Will fix this.
>>
>> On Fri, Jul 8, 2016 at 2:02 PM, Isuru Perera  wrote:
>>
>>> I see following error when building puppet-modules [1]. Shall we fix it
>>> properly?
>>>
>>> wso2-git/puppet-modules$ mci
>>> [INFO] Scanning for projects...
>>> [WARNING]
>>> [WARNING] Some problems were encountered while building the effective
>>> model for org.wso2.puppet:wso2base-puppet-module:pom:2.0.0
>>> [WARNING] 'version' contains an expression but should be a constant. @
>>> org.wso2.puppet:wso2-puppet-modules:${puppet.module.version},
>>> /home/isuru/work/wso2-git/puppet-modules/pom.xml, line 24, column 14
>>>
>>> [1] https://github.com/wso2/puppet-modules
>>> --
>>> Isuru Perera
>>> Associate Technical Lead | WSO2, Inc. | http://wso2.com/
>>> Lean . Enterprise . Middleware
>>>
>>> about.me/chrishantha
>>> Contact: +IsuruPereraWSO2
>>> 
>>>
>>
>>
>>
>> --
>> *Imesh Gunaratne*
>> Software Architect
>> WSO2 Inc: http://wso2.com
>> T: +94 11 214 5345 M: +94 77 374 2057
>> W: https://medium.com/@imesh TW: @imesh
>>
>>
>
>
> --
> *Imesh Gunaratne*
> Software Architect
> WSO2 Inc: http://wso2.com
> T: +94 11 214 5345 M: +94 77 374 2057
> W: https://medium.com/@imesh TW: @imesh
>
>


-- 
Isuru Perera
Associate Technical Lead | WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

about.me/chrishantha
Contact: +IsuruPereraWSO2 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Kernel upgrade of DS fails with jaggery extensions 1.5.3-SNAPHOT

[Dilini Muthumala]

Verified with CEP build. Thanks, Chandana and team!

On Fri, Jul 8, 2016 at 2:10 PM, Tanya Madurapperuma  wrote:

> This is fixed with [1] in jaggery-extensions. Verified in DS build. Thanks
> Chanadana !
>
> [1]
> https://github.com/wso2/jaggery-extensions/commit/be46b7e8966d83fdac08837c032a10121ad339ec
>
> Thanks,
> Tanya
>
> On Fri, Jul 8, 2016 at 9:44 AM, Tanya Madurapperuma 
> wrote:
>
>> Hi Greg team,
>>
>> In DS we are pointing to jaggery extensions version 1.5.3-SNAPSHOT and
>> until 5 th build was success. And now the build is failing with the below
>> error.
>>
>> Software being installed: ws Module - Feature 1.5.3.SNAPSHOT
>> (org.jaggeryjs.modules.ws.feature.group 1.5.3.SNAPSHOT)
>> Missing requirement: org.jaggeryjs.modules.ws 1.5.3.SNAPSHOT (
>> org.jaggeryjs.modules.ws 1.5.3.SNAPSHOT) requires 'package
>> javax.xml.parsers [1.3.0,2.0.0)' but it could not be found
>> Cannot satisfy dependency:
>>  From: ws Module - Feature 1.5.3.SNAPSHOT
>> (org.jaggeryjs.modules.ws.feature.group 1.5.3.SNAPSHOT)
>>  To: org.jaggeryjs.modules.ws [1.5.3.SNAPSHOT]
>>
>> We noticed that jaggery-extensions kernel version is upgraded to 4.4.6 on
>> 6 th which has been the cause for this failure. There seems to be some
>> fixes related to ws module missing which needs to be done along with the
>> upgrade.
>>
>> As per offline chat with Dilini, got to know that CEP is also facing the
>> same issue.
>>
>> Appreciate if you could look into this urgently as we need to release
>> carbon dashboards repo today for APIM release.
>>
>> Thanks,
>> Tanya
>>
>> --
>> Tanya Madurapperuma
>>
>> Senior Software Engineer,
>> WSO2 Inc. : wso2.com
>> Mobile : +94718184439
>> Blog : http://tanyamadurapperuma.blogspot.com
>>
>
>
>
> --
> Tanya Madurapperuma
>
> Senior Software Engineer,
> WSO2 Inc. : wso2.com
> Mobile : +94718184439
> Blog : http://tanyamadurapperuma.blogspot.com
>



-- 
*Dilini Muthumala*
Senior Software Engineer,
WSO2 Inc.

*E-mail :* dil...@wso2.com
*Mobile: *+94 713-400-029
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Puppet Modules main version should be a constant

[Imesh Gunaratne]

Hi Isuru,

We fixed this in the following commit:
https://github.com/wso2/puppet-modules/commit/6129cfe3353ae41fdd6ffd746dd7fcc0471cbf5f

Thanks

On Fri, Jul 8, 2016 at 2:13 PM, Imesh Gunaratne  wrote:

> Thanks Isuru! Will fix this.
>
> On Fri, Jul 8, 2016 at 2:02 PM, Isuru Perera  wrote:
>
>> I see following error when building puppet-modules [1]. Shall we fix it
>> properly?
>>
>> wso2-git/puppet-modules$ mci
>> [INFO] Scanning for projects...
>> [WARNING]
>> [WARNING] Some problems were encountered while building the effective
>> model for org.wso2.puppet:wso2base-puppet-module:pom:2.0.0
>> [WARNING] 'version' contains an expression but should be a constant. @
>> org.wso2.puppet:wso2-puppet-modules:${puppet.module.version},
>> /home/isuru/work/wso2-git/puppet-modules/pom.xml, line 24, column 14
>>
>> [1] https://github.com/wso2/puppet-modules
>> --
>> Isuru Perera
>> Associate Technical Lead | WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>> about.me/chrishantha
>> Contact: +IsuruPereraWSO2 
>>
>
>
>
> --
> *Imesh Gunaratne*
> Software Architect
> WSO2 Inc: http://wso2.com
> T: +94 11 214 5345 M: +94 77 374 2057
> W: https://medium.com/@imesh TW: @imesh
>
>


-- 
*Imesh Gunaratne*
Software Architect
WSO2 Inc: http://wso2.com
T: +94 11 214 5345 M: +94 77 374 2057
W: https://medium.com/@imesh TW: @imesh
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Puppet Modules main version should be a constant

[Imesh Gunaratne]

Thanks Isuru! Will fix this.

On Fri, Jul 8, 2016 at 2:02 PM, Isuru Perera  wrote:

> I see following error when building puppet-modules [1]. Shall we fix it
> properly?
>
> wso2-git/puppet-modules$ mci
> [INFO] Scanning for projects...
> [WARNING]
> [WARNING] Some problems were encountered while building the effective
> model for org.wso2.puppet:wso2base-puppet-module:pom:2.0.0
> [WARNING] 'version' contains an expression but should be a constant. @
> org.wso2.puppet:wso2-puppet-modules:${puppet.module.version},
> /home/isuru/work/wso2-git/puppet-modules/pom.xml, line 24, column 14
>
> [1] https://github.com/wso2/puppet-modules
> --
> Isuru Perera
> Associate Technical Lead | WSO2, Inc. | http://wso2.com/
> Lean . Enterprise . Middleware
>
> about.me/chrishantha
> Contact: +IsuruPereraWSO2 
>



-- 
*Imesh Gunaratne*
Software Architect
WSO2 Inc: http://wso2.com
T: +94 11 214 5345 M: +94 77 374 2057
W: https://medium.com/@imesh TW: @imesh
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Kernel upgrade of DS fails with jaggery extensions 1.5.3-SNAPHOT

[Tanya Madurapperuma]

This is fixed with [1] in jaggery-extensions. Verified in DS build. Thanks
Chanadana !

[1]
https://github.com/wso2/jaggery-extensions/commit/be46b7e8966d83fdac08837c032a10121ad339ec

Thanks,
Tanya

On Fri, Jul 8, 2016 at 9:44 AM, Tanya Madurapperuma  wrote:

> Hi Greg team,
>
> In DS we are pointing to jaggery extensions version 1.5.3-SNAPSHOT and
> until 5 th build was success. And now the build is failing with the below
> error.
>
> Software being installed: ws Module - Feature 1.5.3.SNAPSHOT
> (org.jaggeryjs.modules.ws.feature.group 1.5.3.SNAPSHOT)
> Missing requirement: org.jaggeryjs.modules.ws 1.5.3.SNAPSHOT (
> org.jaggeryjs.modules.ws 1.5.3.SNAPSHOT) requires 'package
> javax.xml.parsers [1.3.0,2.0.0)' but it could not be found
> Cannot satisfy dependency:
>  From: ws Module - Feature 1.5.3.SNAPSHOT
> (org.jaggeryjs.modules.ws.feature.group 1.5.3.SNAPSHOT)
>  To: org.jaggeryjs.modules.ws [1.5.3.SNAPSHOT]
>
> We noticed that jaggery-extensions kernel version is upgraded to 4.4.6 on
> 6 th which has been the cause for this failure. There seems to be some
> fixes related to ws module missing which needs to be done along with the
> upgrade.
>
> As per offline chat with Dilini, got to know that CEP is also facing the
> same issue.
>
> Appreciate if you could look into this urgently as we need to release
> carbon dashboards repo today for APIM release.
>
> Thanks,
> Tanya
>
> --
> Tanya Madurapperuma
>
> Senior Software Engineer,
> WSO2 Inc. : wso2.com
> Mobile : +94718184439
> Blog : http://tanyamadurapperuma.blogspot.com
>



-- 
Tanya Madurapperuma

Senior Software Engineer,
WSO2 Inc. : wso2.com
Mobile : +94718184439
Blog : http://tanyamadurapperuma.blogspot.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Puppet Modules main version should be a constant

[Isuru Perera]

I see following error when building puppet-modules [1]. Shall we fix it
properly?

wso2-git/puppet-modules$ mci
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model
for org.wso2.puppet:wso2base-puppet-module:pom:2.0.0
[WARNING] 'version' contains an expression but should be a constant. @
org.wso2.puppet:wso2-puppet-modules:${puppet.module.version},
/home/isuru/work/wso2-git/puppet-modules/pom.xml, line 24, column 14

[1] https://github.com/wso2/puppet-modules
-- 
Isuru Perera
Associate Technical Lead | WSO2, Inc. | http://wso2.com/
Lean . Enterprise . Middleware

about.me/chrishantha
Contact: +IsuruPereraWSO2 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding APPM-1160

[Dinusha Senanayaka]

Agree with Ruwan's point that we should not keep credentials per tenant.
But, passing tenantId as a query parameter to API seems a security
concern.  This provides capability to access some other tenant's device
list to any of the tenant having valid access token. One way that I could
think of to avoid this is, keep only consumer/secret key in the
app-manager.xml and generate the access token when user login into the
store. In the API side, identify the user and tenant domain using access
token and filter only devices belong to that tenant space. Again, this
won't be a good solution, since we need to use password grant type which
requires to access the user password to get the access token at the time of
user login. So we back to keeping per tenant credential solution :).

Regards,
Dinusha.


On Fri, Jul 8, 2016 at 12:25 PM, Ruwan Abeykoon  wrote:

> Hi All,
> I think REST connector should have single endpoint. The rest call can have
> tenant ID in a header or as a request parameter. Then the API gateway(
> API-Manager) should be able to distinguish the respective endpoint if
> necessary. This is a functionality of APIM.
>
> The reasons are,
> 1. REST connector request/response will not be change at all between
> tenants
> 2. It is not needed to maintain credentials per tenant in AppM side.
>
> -1 on having configuration per tenant wise even in registry.
> I do not agree with the JIRA.
>
> Cheers,
> Ruwan
>
> On Fri, Jul 8, 2016 at 11:38 AM, Dinusha Senanayaka 
> wrote:
>
>> Hi Sajith,
>>
>> We could not keep each and every tenant authentication configuration in
>> app-manager.xml, due to dynamic nature of tenant creation and the growth.
>>
>> appmgt.mdm.rest.connector is the default connector that we provided to
>> connect with WSO2EMM. We could keep it's configurations in the registry.
>> Also I don't think at least 1% of the requirements will come to use
>> specific connector other than using default connectors provided by us (EMM).
>>
>> Regards,
>> Dinusha.
>>
>> On Fri, Jul 8, 2016 at 11:22 AM, Sajith Abeywardhana 
>> wrote:
>>
>>> Hi All,
>>>
>>> EMM supports multi-tenancy it is designed to work with one instance of
 App Manager via OSGI services. When they work together they function as one
 product, hence EMM and App Manager share same tenants across the multi
 tenanted environment.

>>>
>>> This means we don't need to keep the tenant config when we are
>>> connecting using OSGi service.
>>>
>>>
 This is a special scenario where AppM connects to EMM via  EMM REST
 APIs. According to how we have developed the plugin tenant admin and
 password needs to be stored in the plugin configuration. This is a
 plugin specific configuration, therefore, the plugin developer has
 flexibility to store those configurations in any way he prefers.

>>>
>>> When we are connecting using REST connector we need to have a tenant
>>> config in AppM side. How about that we kept those tenant config in
>>> app-manager.xml as below.
>>>
>>> 
>>>
>>> >> bundle="org.wso2.carbon.appmgt.mdm.restconnector">
>>> >> name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
>>> 
>>> https://localhost:9450/mdm-admin
>>> 
>>> https://localhost:9448/oauth2/token
>>> >> name="ClientKey">WjLm24IxBVLF0oz0VJfmtJbjJbka
>>> >> name="ClientSecret">v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa
>>> hr.com ,eng.com
>>> ,mrk.com
>>> 
>>>
>>> >> bundle="org.wso2.carbon.appmgt.mdm.osgiconnector">
>>> >> name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
>>> 
>>>
>>> 
>>> 
>>> hradmin
>>> hr.123
>>> 
>>> 
>>> engadmin
>>> eng.123
>>> 
>>> 
>>> mrkadmin
>>> eng.123
>>> 
>>> 
>>>
>>> 
>>>
>>>
>>>
>>> --
>>> *Sajith Abeywardhana* | Software Engineer
>>> WSO2, Inc | lean. enterprise. middleware.
>>> #20, Palm Grove, Colombo 03, Sri Lanka.
>>> Mobile: +94772260485
>>> Email: saji...@wso2.com | Web: www.wso2.com
>>>
>>>
>>> On Tue, Jul 5, 2016 at 12:01 PM, Chathura Dilan 
>>> wrote:
>>>
 Hi Dinusha,

 EMM supports multi-tenancy it is designed to work with one instance of
 App Manager via OSGI services. When they work together they function as one
 product, hence EMM and App Manager share same tenants across the multi
 tenanted environment.

>>>
 This is a special scenario where AppM connects to EMM via  EMM REST
 APIs. According to how we have developed the plugin tenant admin and
 password needs to be stored in the plugin configuration. This 

Re: [Dev] Regarding APPM-1160

[Ruwan Abeykoon]

Hi All,
I think REST connector should have single endpoint. The rest call can have
tenant ID in a header or as a request parameter. Then the API gateway(
API-Manager) should be able to distinguish the respective endpoint if
necessary. This is a functionality of APIM.

The reasons are,
1. REST connector request/response will not be change at all between tenants
2. It is not needed to maintain credentials per tenant in AppM side.

-1 on having configuration per tenant wise even in registry.
I do not agree with the JIRA.

Cheers,
Ruwan

On Fri, Jul 8, 2016 at 11:38 AM, Dinusha Senanayaka 
wrote:

> Hi Sajith,
>
> We could not keep each and every tenant authentication configuration in
> app-manager.xml, due to dynamic nature of tenant creation and the growth.
>
> appmgt.mdm.rest.connector is the default connector that we provided to
> connect with WSO2EMM. We could keep it's configurations in the registry.
> Also I don't think at least 1% of the requirements will come to use
> specific connector other than using default connectors provided by us (EMM).
>
> Regards,
> Dinusha.
>
> On Fri, Jul 8, 2016 at 11:22 AM, Sajith Abeywardhana 
> wrote:
>
>> Hi All,
>>
>> EMM supports multi-tenancy it is designed to work with one instance of
>>> App Manager via OSGI services. When they work together they function as one
>>> product, hence EMM and App Manager share same tenants across the multi
>>> tenanted environment.
>>>
>>
>> This means we don't need to keep the tenant config when we are connecting
>> using OSGi service.
>>
>>
>>> This is a special scenario where AppM connects to EMM via  EMM REST
>>> APIs. According to how we have developed the plugin tenant admin and
>>> password needs to be stored in the plugin configuration. This is a
>>> plugin specific configuration, therefore, the plugin developer has
>>> flexibility to store those configurations in any way he prefers.
>>>
>>
>> When we are connecting using REST connector we need to have a tenant
>> config in AppM side. How about that we kept those tenant config in
>> app-manager.xml as below.
>>
>> 
>>
>> > bundle="org.wso2.carbon.appmgt.mdm.restconnector">
>> > name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
>> 
>> https://localhost:9450/mdm-admin
>> 
>> https://localhost:9448/oauth2/token
>> > name="ClientKey">WjLm24IxBVLF0oz0VJfmtJbjJbka
>> > name="ClientSecret">v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa
>> hr.com ,eng.com
>> ,mrk.com
>> 
>>
>> > bundle="org.wso2.carbon.appmgt.mdm.osgiconnector">
>> > name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
>> 
>>
>> 
>> 
>> hradmin
>> hr.123
>> 
>> 
>> engadmin
>> eng.123
>> 
>> 
>> mrkadmin
>> eng.123
>> 
>> 
>>
>> 
>>
>>
>>
>> --
>> *Sajith Abeywardhana* | Software Engineer
>> WSO2, Inc | lean. enterprise. middleware.
>> #20, Palm Grove, Colombo 03, Sri Lanka.
>> Mobile: +94772260485
>> Email: saji...@wso2.com | Web: www.wso2.com
>>
>>
>> On Tue, Jul 5, 2016 at 12:01 PM, Chathura Dilan 
>> wrote:
>>
>>> Hi Dinusha,
>>>
>>> EMM supports multi-tenancy it is designed to work with one instance of
>>> App Manager via OSGI services. When they work together they function as one
>>> product, hence EMM and App Manager share same tenants across the multi
>>> tenanted environment.
>>>
>>
>>> This is a special scenario where AppM connects to EMM via  EMM REST
>>> APIs. According to how we have developed the plugin tenant admin and
>>> password needs to be stored in the plugin configuration. This is a
>>> plugin specific configuration, therefore, the plugin developer has
>>> flexibility to store those configurations in any way he prefers.
>>>
>>> When it's comes to multi tenancy, +1 we have to store those
>>> configurations in the registry for the rest connector plugin . But how we
>>> store those values are plugin specific.
>>>
>>>
>>> On Tue, Jul 5, 2016 at 10:51 AM, Dinusha Senanayaka 
>>> wrote:
>>>
 Hi Chathura,

 Does multi-tenancy supports in EMM for device management ? If yes, we
 need to fix [1] as well, which means we cannot keep this configuration in
 the app-manager.xml. Need to take it to registry.

 [1] https://wso2.org/jira/browse/APPM-1160

 Regards,
 Dinsuha.

 --
 Dinusha Dilrukshi
 Associate Technical Lead
 WSO2 Inc.: http://wso2.com/
 Mobile: +94725255071
 Blog: http://dinushasblog.blogspot.com/

>>>
>>>
>>>
>>> --
>>> Regards,
>>>
>>> Chatura Dilan Perera
>>> *Associate Tech Lead** - 

Re: [Dev] [ES]Error when Importing Users in Bulk through management console

[Kasun Thennakoon]

Hi Dilini,

Thanks for the help,It works with a slight change to the *names_2.csv* file
attached in the JIRA[1].As you suggested , I had to add a new column with
the password for the user in between username and claim URL columns.

Sample format of the csv file.

UserName,Password,Claims
> chris,chris123,http://wso2.org/claims/emailaddress=dracusds...@gmail.com
> mical,mical123,http://wso2.org/claims/emailaddress=dracusds...@gmail.com
> sharuk,sharuk123,http://wso2.org/claims/emailaddress=dracusds...@gmail.com
> john,john123,http://wso2.org/claims/emailaddress=dracusds...@gmail.com



[1] https://wso2.org/jira/browse/IDENTITY-2970

On Wed, Jul 6, 2016 at 4:54 PM, Dilini Gunatilake  wrote:

> Hi Kasun,
>
> I have tried bulk importing in ES 2.1.0 and it is working for me. May be
> the format of the file you have used is incorrect. You can find the correct
> format from [1]. I used the same file attached in the JIRA (names_2.csv).
>
> [1] https://wso2.org/jira/browse/IDENTITY-2970
>
>
> Regards,
> Dilini
>
> On Tue, Jul 5, 2016 at 12:23 PM, Kasun Thennakoon 
> wrote:
>
>> Hi all,
>>
>> I tried to create multiple user accounts in Entreprise store at once,
>> rather than creating users one by one. I have tried to use *Bulk Import
>> Users *option available in the management console.But I couldn't find
>> the correct format of the file which I need to upload there.I search
>> through the documentations and found these articles(Importing Users in Bulk
>> [1 ] and
>> Bulk Import of Users [2
>> ]
>> ).There is a slight different in the documentation and what I'm
>> having(Please see the attachment) in the management console , that there is
>> no field to set a default password for the users.despite the issue, I just
>> upload a CSV, with one column containing a list of usernames.But then got
>> the following error:
>>
>> [2016-07-05 10:44:25,316] ERROR
>>> {org.wso2.carbon.user.mgt.ui.UserAdminClient} -  Error occurs while
>>> importing user names. All user names were not imported. Last error was :
>>> Ask Password Feature is disabled
>>> org.apache.axis2.AxisFault: Error occurs while importing user names. All
>>> user names were not imported. Last error was : Ask Password Feature is
>>> disabled
>>> at
>>> org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
>>> at
>>> org.apache.axis2.description.RobustOutOnlyAxisOperation$RobustOutOnlyOperationClient.handleResponse(RobustOutOnlyAxisOperation.java:91)
>>> at
>>> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:445)
>>> at
>>> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
>>> at
>>> org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
>>> at
>>> org.wso2.carbon.user.mgt.stub.UserAdminStub.bulkImportUsers(UserAdminStub.java:6887)
>>> at
>>> org.wso2.carbon.user.mgt.ui.UserAdminClient.bulkImportUsers(UserAdminClient.java:236)
>>> at
>>> org.apache.jsp.user.bulk_002dimport_002dfinish_jsp._jspService(bulk_002dimport_002dfinish_jsp.java:138)
>>> at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>>> at
>>> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
>>> at
>>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
>>> at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>>> at org.wso2.carbon.ui.JspServlet.service(JspServlet.java:155)
>>> at org.wso2.carbon.ui.TilesJspServlet.service(TilesJspServlet.java:80)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>>> at
>>> org.eclipse.equinox.http.helper.ContextPathServletAdaptor.service(ContextPathServletAdaptor.java:37)
>>> at
>>> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61)
>>> at
>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128)
>>> at
>>> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68)
>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>>> at
>>> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
>>> at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>>> at
>>> org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748)
>>> at
>>> org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:604)
>>> at
>>> org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:543)
>>> at
>>> 

[Dev] carbon-deployment 4.7.0 released

[Kalpa Welivitigoda]

HI all,

Please note $subject,

org.wso2.carbon.deployment
carbon-deployment
4.7.0


-- 
Best Regards,

Kalpa Welivitigoda
Senior Software Engineer, WSO2 Inc. http://wso2.com
Email: kal...@wso2.com
Mobile: +94776509215
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding APPM-1160

[Dinusha Senanayaka]

Hi Sajith,

We could not keep each and every tenant authentication configuration in
app-manager.xml, due to dynamic nature of tenant creation and the growth.

appmgt.mdm.rest.connector is the default connector that we provided to
connect with WSO2EMM. We could keep it's configurations in the registry.
Also I don't think at least 1% of the requirements will come to use
specific connector other than using default connectors provided by us (EMM).

Regards,
Dinusha.

On Fri, Jul 8, 2016 at 11:22 AM, Sajith Abeywardhana 
wrote:

> Hi All,
>
> EMM supports multi-tenancy it is designed to work with one instance of
>> App Manager via OSGI services. When they work together they function as one
>> product, hence EMM and App Manager share same tenants across the multi
>> tenanted environment.
>>
>
> This means we don't need to keep the tenant config when we are connecting
> using OSGi service.
>
>
>> This is a special scenario where AppM connects to EMM via  EMM REST
>> APIs. According to how we have developed the plugin tenant admin and
>> password needs to be stored in the plugin configuration. This is a
>> plugin specific configuration, therefore, the plugin developer has
>> flexibility to store those configurations in any way he prefers.
>>
>
> When we are connecting using REST connector we need to have a tenant
> config in AppM side. How about that we kept those tenant config in
> app-manager.xml as below.
>
> 
>
>  bundle="org.wso2.carbon.appmgt.mdm.restconnector">
>  name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
> 
> https://localhost:9450/mdm-admin
> 
> https://localhost:9448/oauth2/token
>  name="ClientKey">WjLm24IxBVLF0oz0VJfmtJbjJbka
>  name="ClientSecret">v3KkIQXkJ1SDp_Bf8uUQxu5p7TQa
> hr.com ,eng.com
> ,mrk.com
> 
>
>  bundle="org.wso2.carbon.appmgt.mdm.osgiconnector">
>  name="ImageURL">/store/extensions/assets/mobileapp/resources/models/%s.png
> 
>
> 
> 
> hradmin
> hr.123
> 
> 
> engadmin
> eng.123
> 
> 
> mrkadmin
> eng.123
> 
> 
>
> 
>
>
>
> --
> *Sajith Abeywardhana* | Software Engineer
> WSO2, Inc | lean. enterprise. middleware.
> #20, Palm Grove, Colombo 03, Sri Lanka.
> Mobile: +94772260485
> Email: saji...@wso2.com | Web: www.wso2.com
>
>
> On Tue, Jul 5, 2016 at 12:01 PM, Chathura Dilan 
> wrote:
>
>> Hi Dinusha,
>>
>> EMM supports multi-tenancy it is designed to work with one instance of
>> App Manager via OSGI services. When they work together they function as one
>> product, hence EMM and App Manager share same tenants across the multi
>> tenanted environment.
>>
>
>> This is a special scenario where AppM connects to EMM via  EMM REST
>> APIs. According to how we have developed the plugin tenant admin and
>> password needs to be stored in the plugin configuration. This is a
>> plugin specific configuration, therefore, the plugin developer has
>> flexibility to store those configurations in any way he prefers.
>>
>> When it's comes to multi tenancy, +1 we have to store those
>> configurations in the registry for the rest connector plugin . But how we
>> store those values are plugin specific.
>>
>>
>> On Tue, Jul 5, 2016 at 10:51 AM, Dinusha Senanayaka 
>> wrote:
>>
>>> Hi Chathura,
>>>
>>> Does multi-tenancy supports in EMM for device management ? If yes, we
>>> need to fix [1] as well, which means we cannot keep this configuration in
>>> the app-manager.xml. Need to take it to registry.
>>>
>>> [1] https://wso2.org/jira/browse/APPM-1160
>>>
>>> Regards,
>>> Dinsuha.
>>>
>>> --
>>> Dinusha Dilrukshi
>>> Associate Technical Lead
>>> WSO2 Inc.: http://wso2.com/
>>> Mobile: +94725255071
>>> Blog: http://dinushasblog.blogspot.com/
>>>
>>
>>
>>
>> --
>> Regards,
>>
>> Chatura Dilan Perera
>> *Associate Tech Lead** - WSO2 Inc.*
>> www.dilan.me
>>
>
>
>
>


-- 
Dinusha Dilrukshi
Associate Technical Lead
WSO2 Inc.: http://wso2.com/
Mobile: +94725255071
Blog: http://dinushasblog.blogspot.com/
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev