[wsas-java-dev] Re: [mashup-dev] Re: [esb-java-dev] WSAS+ESB+MASHUP
Paul Fremantle
paul at wso2.com
Tue Aug 28 01:28:19 PDT 2007
From a security perspective we need to ensure that only tryit requests
are allowed access to this "proxying". Otherwise we have enabled an open
proxy.
http://en.wikipedia.org/wiki/Open_proxy
Here is an idea. When you call the ?tryit page, we need the server to
generate a keystring which is somehow embedded in the tryit page. Then
the SOAP request needs to include the keystring. The ESB proxy only
allows through requests that have a valid keystring. I guess the
keystring could be something like a timestamp encrypted with a secret
random key that both the tryit page and the ESB proxy share.
Paul
Sanjiva Weerawarana wrote:
> +1! Basically, what we need is a way to make a proxy service from the
> server for the remote service and then ?tryit against that to get the
> "local" UI for the remote service. Since the ESB has proxy service
> support this needs to work using that code by somehow just pulling in
> the ESB code.
>
> This'll also make a great example of our products working together. In
> order to make it possible to ship releases independently, this however
> needs to be set up as some kind of extension module that can be engaged
> by picking up an ESB release.
>
> So, what does it take to make this happen?
>
> Sanjiva.
>
> saminda abeyruwan wrote:
>> Hi Folks,
>>
>> https://www.wso2.org/jira/browse/MASHUP-249 JIRA has been refer to the
>> generation of "Try it" for any given WSDL in net. We've faced a great
>> issue with the Same Origin Policy (SOP) when resolving it. It seems
>> like we could have achieve a solution to this using ESB.
>>
>> Please be kind enough to express your thought on prior.
>>
>> Thank you
>>
>> Saminda
>>
>> _______________________________________________
>> Esb-java-dev mailing list
>> Esb-java-dev at wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-dev
>>
>
--
Paul Fremantle
Co-Founder and VP of Technical Sales, WSO2
OASIS WS-RX TC Co-chair
Office: +1 646 290 8050
Cell: +44 798 447 4618
blog: http://pzf.fremantle.org
paul at wso2.com
"Oxygenating the Web Service Platform", www.wso2.com
More information about the Wsas-java-dev
mailing list