this is my first question in Stackoverflow and i'm new in WSO2 ESB. I installed the 4.9.0 version of ESB and also installed Application Server feature on it. WSO2 ESB can not manage HttpSession. Can u help me please to solve this problem?
I already tried to change this parameter to true or false:
<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<secure>false</secure>
</cookie-config>
</session-config>
in ESB_HOME\repository\conf\tomcat\web.xml
Application server feature installed well i think. I can start my app and its working till i trying to use httpsession to manage users session and authentication.
Somebody had the same problem?
Related
Vulnerable JS Library jquery-3.4.1.js reported in Wso2 identity server 5.11.0.
I recently installed wso2 identity server 5.11.0 on my linux server and intregrated my application with it.
During ZAP scan below vulnerbaility is reported:
Vulnerable JS Library jquery-3.4.1.js reported in Wso2 identity server 5.11.0
Reported URL :
https://myapplicationurl.com/authenticationendpoint/libs/jquery_3.4.1/jquery-3.4.1.js
Does WSO2 provide any fix for this. It seems the authenticationendpoint application of wso2 uses this js and I am not sure of the impact if I just replace it with higher version of jquery.
Please refer to the WSO2 Security reporting process
at https://wso2.com/security. WSO2 discourages discussing security issues in public forums.
Nevertheless, most of the reported vulnerabilities of JQuery are not a threat to WSO2IS when it comes to their usage. Because those vulnerabilities reside in specific functions of JQuery and those functions are not used at all or not used in a vulnerable way.
I got the following error when runnning WSO2 API Manager 1.3.1 to use the WSO2 BAM Server 2.0.1.
TID: [0] [AM] [2013-05-02 18:58:40,609] ERROR
{org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher}
- Error initializing APIMgtUsageDataBridgeDataPublisher {org.wso2.carbon.apimgt.usage.publisher.APIMgtUsageDataBridgeDataPublisher}
org.wso2.carbon.databridge.agent.thrift.exception.AgentException:
Error when finding event stream definition for :
org.wso2.apimgt.statistics.request 1.0.0
Both API Manager and BAM are running on the same machine and I changed offset to 1 in /home/jtao/api/wso2bam-2.0.1/repository/conf/carbon.xml based on Monetization of API Usage.
I also checked that BAM_HOME/repository/conf/etc/cassandra-component.xml doesn't exist in BAM 2.0.1. as someone suggested in the answer of another question "Configuring WSO2 API Manager to use the WSO2 BAM Server"
Any ideas?
I ran the same scenario described in guide and it works without any error. May be your have missed a part in the configuration guide? Make sure BAM_HOME is set correctly and BAM server is started before the AM server.
The following guide too can be used to integrate AM 1.3.1 with BAM 2.0.1
http://docs.wso2.org/wiki/display/AM131/Monitoring+and+Statistics
Ishara
I am trying to follow up with the samples as mentioned in:
http://blog.facilelogin.com/2012/05/authentication-and-authorization-with.html
After following up with everystep, when I try to test it using TryIt, the Identity Server throws the following error:
Access Denied. Please Login First.
The Servers are running at their default configuration, except for the ports - ESB on 9443 and IS on 9445.
ESB version: 4.5.1
IS version: 3.2.3
Kindly let me know what configuration is missing.
Thanks,
Praveen
refer this to understand more on Authentication and Autherization using ESB and IS Patterns.
furthermore, this slide set has interesting Security patterns with ESB
I'm using WSO2 Governance and Registry version 4.1.1, I can find wsdl file of AuthenticationAdminService in wso2greg-4.1.1-src but I can't find anything by url:
https://127.0.0.1:9443/services/AuthenticationAdmin?wsdl
even after I modify HideAdminServiceWSDLs tag in carbon.xml, while other services like ResourceAdminService is available.
Can anybody help?
You need to restart the sever after modifying the parameter in carbon.xml
<HideAdminServiceWSDLs>false</HideAdminServiceWSDLs>
After that you should be able to access the wsdl in (I verified with 4.1.1 server)
https://localhost:9443/services/AuthenticationAdmin?wsdl or
http://localhost:9763/services/AuthenticationAdmin?wsdl
When I try to config throttling with domain type in WSO2 ESB 4.0.3 for services ECHO.
I tried to send the soap message from client to server via command line:
curl --data-binary #soaptest.xml -H 'Content-Type: text/xml;charset=UTF-8' "http://dc2nix2d11:8282/services/echo"
But I still get the result although I set access deny for the domain of client machine.
I try to do the same config throttling with IP type and it's work.
Maybe Throttling does not work with domain type in WSO2 ESB 4.0.3 ?
Please help me to fix this issue.
This is an known issue. It's already fixed in next ESB release
If you are using service hosting feature on WSO2 ESB you could alternatively use recently released WSO2 AS 5.1.0 which support for domain based throttling to host your services till the next ESB version get released.