[wsas-java-dev] Re: [mashup-dev] Re: [esb-java-dev] WSAS+ESB+MASHUP
Paul Fremantle
paul at wso2.com
Wed Aug 29 01:31:54 PDT 2007
You can restrict access to only requests from localhost without needing a
throttling mediator - that works with the built in filtering. However, I
hadn't made the assumption that only localhost users would access the mashup
server and tryit function. If that is a valid assumption then its easy.
Paul
On 8/28/07, Sanjiva Weerawarana <sanjiva at wso2.com> wrote:
>
> Isn't it simpler .. we just use a Synapse rule saying only accesses must
> come from the localhost. I believe the throttling module can do that
> easily.
>
> Sanjiva.
>
> Paul Fremantle wrote:
> > From a security perspective we need to ensure that only tryit requests
> > are allowed access to this "proxying". Otherwise we have enabled an open
> > proxy.
> > http://en.wikipedia.org/wiki/Open_proxy
> >
> > Here is an idea. When you call the ?tryit page, we need the server to
> > generate a keystring which is somehow embedded in the tryit page. Then
> > the SOAP request needs to include the keystring. The ESB proxy only
> > allows through requests that have a valid keystring. I guess the
> > keystring could be something like a timestamp encrypted with a secret
> > random key that both the tryit page and the ESB proxy share.
> >
> > Paul
> >
> > Sanjiva Weerawarana wrote:
> >> +1! Basically, what we need is a way to make a proxy service from the
> >> server for the remote service and then ?tryit against that to get the
> >> "local" UI for the remote service. Since the ESB has proxy service
> >> support this needs to work using that code by somehow just pulling in
> >> the ESB code.
> >>
> >> This'll also make a great example of our products working together. In
> >> order to make it possible to ship releases independently, this however
> >> needs to be set up as some kind of extension module that can be
> >> engaged by picking up an ESB release.
> >>
> >> So, what does it take to make this happen?
> >>
> >> Sanjiva.
> >>
> >> saminda abeyruwan wrote:
> >>> Hi Folks,
> >>>
> >>> https://www.wso2.org/jira/browse/MASHUP-249 JIRA has been refer to
> >>> the generation of "Try it" for any given WSDL in net. We've faced a
> >>> great issue with the Same Origin Policy (SOP) when resolving it. It
> >>> seems like we could have achieve a solution to this using ESB.
> >>>
> >>> Please be kind enough to express your thought on prior.
> >>>
> >>> Thank you
> >>>
> >>> Saminda
> >>>
> >>> _______________________________________________
> >>> Esb-java-dev mailing list
> >>> Esb-java-dev at wso2.org
> >>> http://wso2.org/cgi-bin/mailman/listinfo/esb-java-dev
> >>>
> >>
> >
>
> --
> Sanjiva Weerawarana, Ph.D.
> Founder, Chairman & CEO; WSO2, Inc.; http://www.wso2.com/
> email: sanjiva at wso2.com; cell: +94 77 787 6880; fax: +1 509 691 2000
>
> "Oxygenating the Web Service Platform."
>
> _______________________________________________
> Mashup-dev mailing list
> Mashup-dev at wso2.org
> http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://wso2.org/pipermail/wsas-java-dev/attachments/20070829/a1b88f80/attachment.htm
More information about the Wsas-java-dev
mailing list