[mashup-dev] Re: [esb-java-dev] WSAS+ESB+MASHUP

Sanjiva Weerawarana sanjiva at wso2.com
Tue Aug 28 09:39:12 PDT 2007 

Isn't it simpler .. we just use a Synapse rule saying only accesses must 
come from the localhost. I believe the throttling module can do that easily.

Sanjiva.

Paul Fremantle wrote:
>  From a security perspective we need to ensure that only tryit requests 
> are allowed access to this "proxying". Otherwise we have enabled an open 
> proxy.
> http://en.wikipedia.org/wiki/Open_proxy
> 
> Here is an idea. When you call the ?tryit page, we need the server to 
> generate a keystring which is somehow embedded in the tryit page. Then 
> the SOAP request needs to include the keystring. The ESB proxy only 
> allows through requests that have a valid keystring. I guess the 
> keystring could be something like a timestamp encrypted with a secret 
> random key that both the tryit page and the ESB proxy share.
> 
> Paul
> 
> Sanjiva Weerawarana wrote:
>> +1! Basically, what we need is a way to make a proxy service from the 
>> server for the remote service and then ?tryit against that to get the 
>> "local" UI for the remote service. Since the ESB has proxy service 
>> support this needs to work using that code by somehow just pulling in 
>> the ESB code.
>>
>> This'll also make a great example of our products working together. In 
>> order to make it possible to ship releases independently, this however 
>> needs to be set up as some kind of extension module that can be 
>> engaged by picking up an ESB release.
>>
>> So, what does it take to make this happen?
>>
>> Sanjiva.
>>
>> saminda abeyruwan wrote:
>>> Hi Folks,
>>>
>>> https://www.wso2.org/jira/browse/MASHUP-249 JIRA has been refer to 
>>> the generation of "Try it" for any given WSDL in net. We've faced a 
>>> great issue with the Same Origin Policy (SOP) when resolving it. It 
>>> seems like we could have achieve a solution to this using ESB.
>>>
>>> Please be kind enough to express your thought on prior.
>>>
>>> Thank you
>>>
>>> Saminda
>>>
>>> _______________________________________________
>>> Esb-java-dev mailing list
>>> Esb-java-dev at wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-dev
>>>
>>
> 

-- 
Sanjiva Weerawarana, Ph.D.
Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
email: sanjiva at wso2.com; cell: +94 77 787 6880; fax: +1 509 691 2000

"Oxygenating the Web Service Platform."

More information about the Esb-java-dev mailing list