[wsas-java-dev] Re: [mashup-dev] Re: [esb-java-dev] WSAS+ESB+MASHUP

indika indika at wso2.com
Tue Aug 28 23:23:01 PDT 2007 

hi

Using the throttling module or the throttle mediator ,it is easily can 
fully allow access or fully deny access for the particular IP or the 
IP-range(With current implementation of the throttling module). The User 
name token based throttling currently has not been implemented ,but if 
it is need we can add it.

thanks
indika


Sanjiva Weerawarana wrote:
> Isn't it simpler .. we just use a Synapse rule saying only accesses 
> must come from the localhost. I believe the throttling module can do 
> that easily.
>
> Sanjiva.
>
> Paul Fremantle wrote:
>>  From a security perspective we need to ensure that only tryit 
>> requests are allowed access to this "proxying". Otherwise we have 
>> enabled an open proxy.
>> http://en.wikipedia.org/wiki/Open_proxy
>>
>> Here is an idea. When you call the ?tryit page, we need the server to 
>> generate a keystring which is somehow embedded in the tryit page. 
>> Then the SOAP request needs to include the keystring. The ESB proxy 
>> only allows through requests that have a valid keystring. I guess the 
>> keystring could be something like a timestamp encrypted with a secret 
>> random key that both the tryit page and the ESB proxy share.
>>
>> Paul
>>
>> Sanjiva Weerawarana wrote:
>>> +1! Basically, what we need is a way to make a proxy service from 
>>> the server for the remote service and then ?tryit against that to 
>>> get the "local" UI for the remote service. Since the ESB has proxy 
>>> service support this needs to work using that code by somehow just 
>>> pulling in the ESB code.
>>>
>>> This'll also make a great example of our products working together. 
>>> In order to make it possible to ship releases independently, this 
>>> however needs to be set up as some kind of extension module that can 
>>> be engaged by picking up an ESB release.
>>>
>>> So, what does it take to make this happen?
>>>
>>> Sanjiva.
>>>
>>> saminda abeyruwan wrote:
>>>> Hi Folks,
>>>>
>>>> https://www.wso2.org/jira/browse/MASHUP-249 JIRA has been refer to 
>>>> the generation of "Try it" for any given WSDL in net. We've faced a 
>>>> great issue with the Same Origin Policy (SOP) when resolving it. It 
>>>> seems like we could have achieve a solution to this using ESB.
>>>>
>>>> Please be kind enough to express your thought on prior.
>>>>
>>>> Thank you
>>>>
>>>> Saminda
>>>>
>>>> _______________________________________________
>>>> Esb-java-dev mailing list
>>>> Esb-java-dev at wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-dev
>>>>
>>>
>>
>

More information about the Wsas-java-dev mailing list