[mashup-dev] Re: [esb-java-dev] WSAS+ESB+MASHUP
Sanjiva Weerawarana
sanjiva at wso2.com
Wed Aug 29 10:40:18 PDT 2007
For the mashup case I believe that is sufficient .. mashup folks??
Sanjiva.
Paul Fremantle wrote:
> You can restrict access to only requests from localhost without needing
> a throttling mediator - that works with the built in filtering. However,
> I hadn't made the assumption that only localhost users would access the
> mashup server and tryit function. If that is a valid assumption then its
> easy.
>
> Paul
>
>
>
> On 8/28/07, *Sanjiva Weerawarana* <sanjiva at wso2.com
> <mailto:sanjiva at wso2.com>> wrote:
>
> Isn't it simpler .. we just use a Synapse rule saying only accesses must
> come from the localhost. I believe the throttling module can do that
> easily.
>
> Sanjiva.
>
> Paul Fremantle wrote:
>
> > From a security perspective we need to ensure that only tryit
> requests
> > are allowed access to this "proxying". Otherwise we have enabled
> an open
> > proxy.
> > http://en.wikipedia.org/wiki/Open_proxy
> >
> > Here is an idea. When you call the ?tryit page, we need the server to
> > generate a keystring which is somehow embedded in the tryit page.
> Then
> > the SOAP request needs to include the keystring. The ESB proxy only
> > allows through requests that have a valid keystring. I guess the
> > keystring could be something like a timestamp encrypted with a secret
> > random key that both the tryit page and the ESB proxy share.
> >
> > Paul
> >
> > Sanjiva Weerawarana wrote:
> >> +1! Basically, what we need is a way to make a proxy service
> from the
> >> server for the remote service and then ?tryit against that to
> get the
> >> "local" UI for the remote service. Since the ESB has proxy service
> >> support this needs to work using that code by somehow just
> pulling in
> >> the ESB code.
> >>
> >> This'll also make a great example of our products working
> together. In
> >> order to make it possible to ship releases independently, this
> however
> >> needs to be set up as some kind of extension module that can be
> >> engaged by picking up an ESB release.
> >>
> >> So, what does it take to make this happen?
> >>
> >> Sanjiva.
> >>
> >> saminda abeyruwan wrote:
> >>> Hi Folks,
> >>>
> >>> https://www.wso2.org/jira/browse/MASHUP-249 JIRA has been refer to
> >>> the generation of "Try it" for any given WSDL in net. We've faced a
> >>> great issue with the Same Origin Policy (SOP) when resolving
> it. It
> >>> seems like we could have achieve a solution to this using ESB.
> >>>
> >>> Please be kind enough to express your thought on prior.
> >>>
> >>> Thank you
> >>>
> >>> Saminda
> >>>
> >>> _______________________________________________
> >>> Esb-java-dev mailing list
> >>> Esb-java-dev at wso2.org <mailto:Esb-java-dev at wso2.org>
> >>> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-dev
> >>>
> >>
> >
>
> --
> Sanjiva Weerawarana, Ph.D.
> Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
> email: sanjiva at wso2.com <mailto:sanjiva at wso2.com>; cell: +94 77 787
> 6880; fax: +1 509 691 2000
>
> "Oxygenating the Web Service Platform."
>
> _______________________________________________
> Mashup-dev mailing list
> Mashup-dev at wso2.org <mailto:Mashup-dev at wso2.org>
> http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
> <http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Esb-java-dev mailing list
> Esb-java-dev at wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-dev
--
Sanjiva Weerawarana, Ph.D.
Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
email: sanjiva at wso2.com; cell: +94 77 787 6880; fax: +1 509 691 2000
"Oxygenating the Web Service Platform."
More information about the Esb-java-dev
mailing list