Re: [Dev] Why is redirect_uris mandatory in DCR request?

2017-04-26 Thread Harsha Thirimanna 
On 27 Apr 2017 10:56 a.m., "Manoj Gunawardena"  wrote:

+1 for removing mandatory validation.

Dynamic OAUTH2 client Registration management protocol [1] will implement
in IS next version?

Yes

Once support that, DCR should be able to update the mandatory or optional
of redirect urls depends on the grant type.

Not under dcr. Update is under DCRM.



[1] https://tools.ietf.org/html/rfc7592




On Wed, Apr 26, 2017 at 9:17 AM, Nuwandi Wickramasinghe 
wrote:

> Thanks Johann and Pushpalanka. Updated [1] with details.
>
> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>
> On Tue, Apr 25, 2017 at 8:19 PM, Pushpalanka Jayawardhana 
> wrote:
>
>> Hi,
>>
>> On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby 
>> wrote:
>>
>>> +1. However we have to make sure that if we update the application with
>>> authorization_code or implicit grant type, then we have to validate that at
>>> least one redirect_uri is also provided.
>>>
>>> Regards,
>>> Johann.
>>>
>>> On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe <
>>> nuwan...@wso2.com> wrote:
>>>
 Hi,

 As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send
 at least one redirect uri for any grant type and otherwise will give
 following error response.

 {
 "error_description": "RedirectUris property must have at least one URI
 value.",
 "error": "invalid_client_metadata"
 }


 AFAIU there is no significance of a redirect URI for grant types that
 do not have a redirection in the flow. Shall we allow client registration
 without redirect URI for the other grant types such as password, client
 credentials and SAML2

 [1] states that

 The implementation and use of all client metadata
fields is OPTIONAL, unless stated otherwise.


 ..


 redirect_uris
   Array of redirection URI strings for use in redirect-based flows
   such as the authorization code and implicit flows.  As required by
   Section 2  of OAuth 
 2.0 [RFC6749 ], clients using flows 
 with
   redirection MUST register their redirection URI values.
   Authorization servers that support dynamic registration for
   redirect-based flows MUST implement support for this metadata
   value.


 [1] https://tools.ietf.org/html/rfc7591#section-2

>>> +1.
>> We already have a task to track and fix on these compliancy issues as at
>> [1]. Please create or add these details there too, so we can make sure we
>> address this and rectify.
>>
>> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>>
>>>

 --

 Best Regards,

 Nuwandi Wickramasinghe

 Software Engineer

 WSO2 Inc.

 Web : http://wso2.com

 Mobile : 0719214873 <071%20921%204873>

>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Technical Lead & Product Lead of WSO2 Identity Server
>>> Governance Technologies Team
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+9476950*
>>> Blog - *http://nallaa.wordpress.com *
>>>
>>
>>
>>
>> --
>> Pushpalanka.
>> --
>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>> Mobile: +94779716248
>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p
>> ushpalanka/ | Twitter: @pushpalanka
>>
>>
>
>
> --
>
> Best Regards,
>
> Nuwandi Wickramasinghe
>
> Software Engineer
>
> WSO2 Inc.
>
> Web : http://wso2.com
>
> Mobile : 0719214873
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Manoj Gunawardena
Tech Lead
WSO2, Inc.: http://wso2.com
lean.enterprise.middleware
Mobile : +94 77 2291643

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Why is redirect_uris mandatory in DCR request?

2017-04-26 Thread Manoj Gunawardena 
+1 for removing mandatory validation.

Dynamic OAUTH2 client Registration management protocol [1] will implement
in IS next version?
Once support that, DCR should be able to update the mandatory or optional
of redirect urls depends on the grant type.


[1] https://tools.ietf.org/html/rfc7592




On Wed, Apr 26, 2017 at 9:17 AM, Nuwandi Wickramasinghe 
wrote:

> Thanks Johann and Pushpalanka. Updated [1] with details.
>
> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>
> On Tue, Apr 25, 2017 at 8:19 PM, Pushpalanka Jayawardhana 
> wrote:
>
>> Hi,
>>
>> On Tue, Apr 25, 2017 at 7:51 PM, Johann Nallathamby 
>> wrote:
>>
>>> +1. However we have to make sure that if we update the application with
>>> authorization_code or implicit grant type, then we have to validate that at
>>> least one redirect_uri is also provided.
>>>
>>> Regards,
>>> Johann.
>>>
>>> On Tue, Apr 25, 2017 at 5:46 PM, Nuwandi Wickramasinghe <
>>> nuwan...@wso2.com> wrote:
>>>
 Hi,

 As per the DCR implementation in WSO2 IS 5.3.0, it is mandatory to send
 at least one redirect uri for any grant type and otherwise will give
 following error response.

 {
 "error_description": "RedirectUris property must have at least one URI
 value.",
 "error": "invalid_client_metadata"
 }


 AFAIU there is no significance of a redirect URI for grant types that
 do not have a redirection in the flow. Shall we allow client registration
 without redirect URI for the other grant types such as password, client
 credentials and SAML2

 [1] states that

 The implementation and use of all client metadata
fields is OPTIONAL, unless stated otherwise.


 ..


 redirect_uris
   Array of redirection URI strings for use in redirect-based flows
   such as the authorization code and implicit flows.  As required by
   Section 2  of OAuth 
 2.0 [RFC6749 ], clients using flows 
 with
   redirection MUST register their redirection URI values.
   Authorization servers that support dynamic registration for
   redirect-based flows MUST implement support for this metadata
   value.


 [1] https://tools.ietf.org/html/rfc7591#section-2

>>> +1.
>> We already have a task to track and fix on these compliancy issues as at
>> [1]. Please create or add these details there too, so we can make sure we
>> address this and rectify.
>>
>> [1] - https://wso2.org/jira/browse/IDENTITY-5879
>>
>>>

 --

 Best Regards,

 Nuwandi Wickramasinghe

 Software Engineer

 WSO2 Inc.

 Web : http://wso2.com

 Mobile : 0719214873 <071%20921%204873>

>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>>
>>> *Johann Dilantha Nallathamby*
>>> Technical Lead & Product Lead of WSO2 Identity Server
>>> Governance Technologies Team
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - *+9476950*
>>> Blog - *http://nallaa.wordpress.com *
>>>
>>
>>
>>
>> --
>> Pushpalanka.
>> --
>> Pushpalanka Jayawardhana, B.Sc.Eng.(Hons).
>> Senior Software Engineer, WSO2 Lanka (pvt) Ltd;  wso2.com/
>> Mobile: +94779716248
>> Blog: pushpalankajaya.blogspot.com/ | LinkedIn: lk.linkedin.com/in/p
>> ushpalanka/ | Twitter: @pushpalanka
>>
>>
>
>
> --
>
> Best Regards,
>
> Nuwandi Wickramasinghe
>
> Software Engineer
>
> WSO2 Inc.
>
> Web : http://wso2.com
>
> Mobile : 0719214873
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Manoj Gunawardena
Tech Lead
WSO2, Inc.: http://wso2.com
lean.enterprise.middleware
Mobile : +94 77 2291643
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Using Multiple PreparedStatements with a single ResultSet

2017-04-26 Thread Hasanthi Purnima Dissanayake 
[+ dev]

Hi All,

We are maintaining below two methods in [1]. Those methods are expecting
multiple PreparedStatements and one or two ResultSets. IMO it is
conceptually wrong to have multiple PreparedStatements with one or two
ResultSets.

public static void closeAllConnections(Connection dbConnection,
ResultSet rs, PreparedStatement... prepStmts) {

closeResultSet(rs);
closeStatements(prepStmts);
closeConnection(dbConnection);
}

public static void closeAllConnections(Connection dbConnection,
ResultSet rs1, ResultSet rs2,
   PreparedStatement... prepStmts) {
closeResultSet(rs1);
closeResultSet(rs2);
closeStatements(prepStmts);
closeConnection(dbConnection);
}


In the references of this method [2], we have assigned multiple
PreparedStatement execution results to a single ResultSet. (without closing
the resultset we have re-used it). This is useless and it can cause to a
memory leak as well.

So IMO we should depreciate using above two methods and introduce a new
method to close connections.

 [1] https://github.com/wso2-support/carbon4-kernel/blob/
support-4.4.11/core/org.wso2.carbon.user.core/src/main/
java/org/wso2/carbon/user/core/util/DatabaseUtil.java
[2] https://github.com/wso2-support/carbon4-kernel/blob/
support-4.4.11/core/org.wso2.carbon.user.core/src/main/
java/org/wso2/carbon/user/core/authorization/PermissionTree.java#L1012


WDYT?

Thanks

Hasanthi Dissanayake

Software Engineer | WSO2

E: hasan...@wso2.com
M :0718407133| http://wso2.com 

On Tue, Apr 25, 2017 at 4:58 PM, Ruwan Abeykoon  wrote:

> Hi All,
> I think we should mark these methods as Deprecated and remove all
> references from IS and user-code side. They promote careless mistakes,
> which are difficult to detect by human or automated tools.
>
> public static void closeAllConnections(Connection dbConnection, 
> PreparedStatement... prepStmts) {
>
> public static void closeAllConnections(Connection dbConnection, ResultSet rs, 
> PreparedStatement... prepStmts) {
>
> public static void closeAllConnections(Connection dbConnection, ResultSet 
> rs1, ResultSet rs2,
>PreparedStatement... prepStmts) {
>
>
> Also we should be able to rewrite the code to use
> newer AutoCloseable thing with java7 for IS 5.3.0+.
>
> Cheers,
> Ruwan
>
> On Tue, Apr 25, 2017 at 4:37 PM, Hasanthi Purnima Dissanayake <
> hasan...@wso2.com> wrote:
>
>> Hi All,
>>
>> We are maintaining below two methods in [1]. Those methods are expecting
>> multiple PreparedStatements and one or two ResultSets. IMO it is
>> conceptually wrong to have multiple PreparedStatements with one or two
>> ResultSets.
>>
>> public static void closeAllConnections(Connection dbConnection, ResultSet 
>> rs, PreparedStatement... prepStmts) {
>>
>> closeResultSet(rs);
>> closeStatements(prepStmts);
>> closeConnection(dbConnection);
>> }
>>
>> public static void closeAllConnections(Connection dbConnection, ResultSet 
>> rs1, ResultSet rs2,
>>PreparedStatement... prepStmts) {
>> closeResultSet(rs1);
>> closeResultSet(rs2);
>> closeStatements(prepStmts);
>> closeConnection(dbConnection);
>> }
>>
>>
>> In the references of this method [2], we have assigned multiple
>> PreparedStatement execution results to a single ResultSet. (without
>> closing the resultset we have re-used it). This is useless and it can cause
>> to a memory leak as well.
>>
>> So IMO we should depreciate using above two methods and introduce a new
>> method to close connections.
>>
>>  [1] https://github.com/wso2-support/carbon4-kernel/blob/support-
>> 4.4.11/core/org.wso2.carbon.user.core/src/main/java/org/
>> wso2/carbon/user/core/util/DatabaseUtil.java
>> [2] https://github.com/wso2-support/carbon4-kernel/blob/support-
>> 4.4.11/core/org.wso2.carbon.user.core/src/main/java/org/
>> wso2/carbon/user/core/authorization/PermissionTree.java#L1012
>>
>>
>> WDYT?
>>
>> Thanks,
>>
>> Hasanthi Dissanayake
>>
>> Software Engineer | WSO2
>>
>> E: hasan...@wso2.com
>> M :0718407133| http://wso2.com 
>>
>
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding gmail connector

2017-04-26 Thread Keerthika Mahendralingam 
HI Varuni,

As per the ticket [1], current connector only supports plain text messages.

[1]. https://wso2.org/jira/browse/ESBCONNECT-147

Thanks,

On Thu, Apr 27, 2017 at 9:37 AM, Supun Sethunga  wrote:

> Which Gmail connector are you referring to? ESB[1] or Ballerina[2] ?
>
> [1] https://docs.wso2.com/display/ESBCONNECTORS/Gmail+Connector
> [2] http://ballerinalang.org/docs/api/0.8/org.wso2.
> ballerina.connectors.gmail.html
>
> On Wed, Apr 26, 2017 at 5:29 PM, Varuni Alwis  wrote:
>
>> Hi all,
>>
>> I want to send a mail in the html format (not as a text) in the mail body
>> using the gmail connector? Is that possible with the connector?
>>
>> Thanks.
>>
>>
>> *Varuni Alwis*
>> *Software Engineer - Intern*
>> *WSO2*
>>
>> Email : var...@wso2.com
>> Mobile : +94 719865395 <+94%2071%20986%205395>
>>
>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Supun Sethunga*
> Senior Software Engineer
> WSO2, Inc.
> http://wso2.com/
> lean | enterprise | middleware
> Mobile : +94 716546324 <+94%2071%20654%206324>
> Blog: http://supunsetunga.blogspot.com
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

Keerthika Mahendralingam
Software Engineer
Mobile :+94 (0) 776 121144
keerth...@wso2.com
WSO2, Inc.
lean . enterprise . middleware
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Regarding gmail connector

2017-04-26 Thread Supun Sethunga 
Which Gmail connector are you referring to? ESB[1] or Ballerina[2] ?

[1] https://docs.wso2.com/display/ESBCONNECTORS/Gmail+Connector
[2]
http://ballerinalang.org/docs/api/0.8/org.wso2.ballerina.connectors.gmail.html

On Wed, Apr 26, 2017 at 5:29 PM, Varuni Alwis  wrote:

> Hi all,
>
> I want to send a mail in the html format (not as a text) in the mail body
> using the gmail connector? Is that possible with the connector?
>
> Thanks.
>
>
> *Varuni Alwis*
> *Software Engineer - Intern*
> *WSO2*
>
> Email : var...@wso2.com
> Mobile : +94 719865395 <+94%2071%20986%205395>
>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Supun Sethunga*
Senior Software Engineer
WSO2, Inc.
http://wso2.com/
lean | enterprise | middleware
Mobile : +94 716546324
Blog: http://supunsetunga.blogspot.com
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] ballerina sample jms exception

2017-04-26 Thread Megala Uthayakumar 
Hi Ruwanthika,

Did you start the activemq broker before running this sample? We need the
activemq broker to be in running state to run this sample without any
problem. I think we have missed to include that in the README.

We have a dedicated google group for ballerina dev queries. Please use [1]
for future queries about ballerina as mentioned in [2]

[1] https://groups.google.com/forum/#!forum/ballerina-dev
[2] http://ballerinalang.org/#Get-involved

Thanks.

Regards,
Megala


On Wed, Apr 26, 2017 at 4:46 PM, Ruwanthika Perera 
wrote:

> Hi all,
> I have tried the sample jms in ballerina.i imported
> activemq-all-.jar library and run the reciever & sender files.In
> sender file throw an exception like this,
>
> error in ballerina program: exception occurred while sending message.
>  at ballerina.net.jms:send(jmsSender.bal:19)
>  at jmsSender(jmsSender.bal:5)
>  at main(jmsSender.bal:4)
>
> Cheers,
> Ruwanthika Perera
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Megala Uthayakumar

Software Engineer
Mobile : 0779967122
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Regarding gmail connector

2017-04-26 Thread Varuni Alwis 
Hi all,

I want to send a mail in the html format (not as a text) in the mail body
using the gmail connector? Is that possible with the connector?

Thanks.


*Varuni Alwis*
*Software Engineer - Intern*
*WSO2*

Email : var...@wso2.com
Mobile : +94 719865395
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] ballerina sample jms exception

2017-04-26 Thread Ruwanthika Perera 
Hi all,
I have tried the sample jms in ballerina.i imported
activemq-all-.jar library and run the reciever & sender files.In
sender file throw an exception like this,

error in ballerina program: exception occurred while sending message.
 at ballerina.net.jms:send(jmsSender.bal:19)
 at jmsSender(jmsSender.bal:5)
 at main(jmsSender.bal:4)

Cheers,
Ruwanthika Perera
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] Security Patch Releases - API Manager 2.1.0

2017-04-26 Thread Vidura Nanayakkara 
Hi Gayakshika,

I checked the above 3 patches. Here are the affected products for each
patch (security)

*WSO2-CARBON-PATCH-4.4.0-0665*

   - WSO2 API Manager 2.0.0
   - WSO2 App Manager 1.2.0
   - WSO2 Business Process Server 3.6.0
   - WSO2 Complex Event Processor 4.2.0
   - WSO2 Data Analytics Server 3.1.0
   - WSO2 Data Services Server 3.5.1
   - WSO2 Enterprise Service Bus 5.0.0
   - WSO2 Identity Server 5.2.0
   - WSO2 Machine Learner 1.2.0

*WSO2-CARBON-PATCH-4.4.0-0666*

   - WSO2 API Manager 2.0.0
   - WSO2 App Manager 1.2.0
   - WSO2 Machine Learner 1.2.0
   - WSO2 Governance Registry 5.3.0

*WSO2-CARBON-PATCH-4.4.0-0676*

   - WSO2 App Manager 1.2.0


As you can see there is clearly a mistake in the website page you have
referred. Here is how they should be corrected

   - There is no WSO2 API Manager 1.2.0. This should be WSO2 API Manager
   2.0.0
   - The patches are affected to WSO2 App Manager 1.2.0 ("APP" is
   mistakenly taken as "API")

Thank you,
Vidura Nanayakkara


On Tue, Apr 25, 2017 at 4:54 PM, Gayakshika Gimhani [IT/EKO/LOITS] <
gayakshi...@lolctech.com> wrote:

> Hi,
>
>
>
> I referred below link for the security patch releases for API Manager
> 2.1.0.
>
> http://wso2.com/security-patch-releases/api-manager
>
>
>
> I just want to confirm the product versions for first three patches are
> correct as the API Manager is not mentioned under the *AFFECTED PRODUCTS *of
> their *Security Advisory Links*
>
>
>
>
>
>
>
>
>
> Thanks & best regards!
>
>
>
> *K.M.Gayakshika Gimhani*
>
> Trainee Software Engineer
>
> LOLC Technologies
>
> Email: gayakshi...@lolc.com
>
>
>
>
>
>
>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Best Regards,

*Vidura Nanayakkara*
Software Engineer

Email : vidu...@wso2.com
Mobile : +94 (0) 717 919277
Web : http://wso2.com
Blog : https://medium.com/@viduran 
LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] Please review and merge

2017-04-26 Thread Hasanthi Purnima Dissanayake 
Hi kernel team,

Please review and merge [1] which fixes [2]

[1] https://github.com/wso2-support/carbon4-kernel/pull/211
[2] https://wso2.org/jira/browse/IDENTITY-5314

Thanks,

Hasanthi Dissanayake

Software Engineer | WSO2

E: hasan...@wso2.com
M :0718407133| http://wso2.com 
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev