Return-Path: 
 <dev-return-7553-apmail-airavata-dev-archive=airavata.apache.org@airavata.apache.org>
X-Original-To: apmail-airavata-dev-archive@www.apache.org
Delivered-To: apmail-airavata-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 802EB10356
	for <apmail-airavata-dev-archive@www.apache.org>;
 Wed, 12 Jun 2013 14:30:15 +0000 (UTC)
Received: (qmail 60657 invoked by uid 500); 12 Jun 2013 14:30:15 -0000
Delivered-To: apmail-airavata-dev-archive@airavata.apache.org
Received: (qmail 60555 invoked by uid 500); 12 Jun 2013 14:30:14 -0000
Mailing-List: contact dev-help@airavata.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@airavata.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@airavata.apache.org>
List-Post: <mailto:dev@airavata.apache.org>
List-Id: <dev.airavata.apache.org>
Reply-To: dev@airavata.apache.org
Delivered-To: mailing list dev@airavata.apache.org
Received: (qmail 60546 invoked by uid 99); 12 Jun 2013 14:30:13 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jun 2013 14:30:13 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_NONE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of viknesb@msn.com designates
 65.55.111.101 as permitted sender)
Received: from [65.55.111.101] (HELO blu0-omc2-s26.blu0.hotmail.com)
 (65.55.111.101)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jun 2013 14:30:06 +0000
Received: from BLU402-EAS73 ([65.55.111.73]) by blu0-omc2-s26.blu0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.4675);
	 Wed, 12 Jun 2013 07:29:45 -0700
X-TMN: [CYNXufJRivo4nyevPUymw0mzInoMUTUq]
X-Originating-Email: [viknesb@msn.com]
Message-ID: <BLU402-EAS73502807A75FF856830B70AB860@phx.gbl>
Reply-To: <viknesb@msn.com>
From: Viknes Balasubramanee <viknesb@msn.com>
To: <dev@airavata.apache.org>
References: <BLU402-EAS4206EF6C70C9B433913A8D4AB860@phx.gbl>
	<CAKUcLKZ2WnfY8wQQoBeRLx4tjSHgEAgfUQ2pEavEsrbBL1vySQ@mail.gmail.com>
	<CAALcEpgGmXDjbZvJ8hMqZh09dEg3=jo9FzVpdO6RDnqyF6E7JA@mail.gmail.com>
	<CAKUcLKZ6EGHFNT5j6VOTh56jbCGF8ZX-1yDiou7ya1ESwayCiA@mail.gmail.com>
	<CAALcEphCM+TLBJ1mr1scF=NbDtWv07Ygg3Vcwrg7dAvFcUUUZw@mail.gmail.com>
 <CAKUcLKY0Uh3g8qR9N1RxJUC1smsWUM0Z-BAwZA3-dQ2SNL3AjQ@mail.gmail.com>
In-Reply-To: 
 <CAKUcLKY0Uh3g8qR9N1RxJUC1smsWUM0Z-BAwZA3-dQ2SNL3AjQ@mail.gmail.com>
Subject: RE: Accessing the REST service from JavaScript
Date: Wed, 12 Jun 2013 10:29:33 -0400
X-Mailer: Microsoft Outlook 15.0
Thread-Index: 
 AQABAgMEgPCqkVThpLGcb5Gb0N+CaQAmHUhCAJV6qCYA+ow6HAB4lw13AOMXNOactFmAcA==
MIME-Version: 1.0
Content-Language: en-us
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
	micalg=SHA1; boundary="----=_NextPart_000_00CD_01CE6757.BB231FA0"
X-OriginalArrivalTime: 12 Jun 2013 14:29:45.0859 (UTC)
 FILETIME=[4949A530:01CE6779]
X-Virus-Checked: Checked by ClamAV on apache.org

------=_NextPart_000_00CD_01CE6757.BB231FA0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

I'd like to avoid a backend server of my own or a proxy server. My aim is to
develop a portable webapp of just HTML and JS pages that can be included by
any client. I am pretty sure I have successfully made cross domain requests
earlier. The only problem here is adding the authorization header and these
2 browsers don't allow it.

Amila,
When the security is disabled, should the username be still set in the
authorization header or can it be passed as a parameter or data attribute.

Thanks
Viknes
 
-----Original Message-----
From: Amila Jayasekara [mailto:thejaka.amila@gmail.com] 
Sent: Wednesday, June 12, 2013 9:28 AM
To: dev@airavata.apache.org
Cc: viknesb
Subject: Re: Accessing the REST service from JavaScript

I am not quite sure, issue is more subtle I guess. Cos browser it self
doesnt allow us to manipulate headers.
But we can try and see.

Thanks
Amila


On Wed, Jun 12, 2013 at 9:21 AM, Supun Kamburugamuva
<supun06@gmail.com>wrote:

> From the description my understand was this is a cross domain 
> scripting issue. If that is the case, using a proxy server will make 
> all the requests to go through the same server (domain) and avoid the
issue.
>
> Thanks,
> Supun..
>
>
> On Wed, Jun 12, 2013 at 8:58 AM, Amila Jayasekara
> <thejaka.amila@gmail.com>wrote:
>
> > Hi Supun,
> >
> > Didn't quite understand how HTTPD going to solve the issue. You 
> > meant to (from browser) pass header in different format to HTTPD and 
> > set headers
> at
> > HTTPD server level ? If this is possible could you also point to a 
> > reference ?
> >
> > Thanks
> > Amila
> >
> >
> > On Wed, Jun 12, 2013 at 8:28 AM, Supun Kamburugamuva 
> > <supun06@gmail.com
> > >wrote:
> >
> > > You can try proxying all your requests through a HTTPD server. May 
> > > be
> it
> > > will help.
> > >
> > > Thanks,
> > > Supun..
> > >
> > >
> > > On Wed, Jun 12, 2013 at 12:48 AM, Amila Jayasekara
> > > <thejaka.amila@gmail.com>wrote:
> > >
> > > > Hi Viknes,
> > > >
> > > > As discussed offline the reason for authentication failure is 
> > > > not
> > getting
> > > > "Authorization" header to backend. We experienced that Firefox 
> > > > and
> > Chrome
> > > > does
> > > > not allow user to set headers while IE allow user to set headers
> > (Correct
> > > > me if I am wrong). Further [1] describes this restriction in detail.
> > > >
> > > > It seems like due to security reasons some browsers does not 
> > > > allow
> user
> > > to
> > > > manipulate headers. Maybe other Javascript experts can give more
> > feedback
> > > > to
> > > > solve this issue.
> > > >
> > > > Further even though you disable security Airavata needs a user 
> > > > id to operate on. Therefore we still require a user id in the 
> > > > request
> header.
> > > >
> > > > [1]
> > http://news.anarchy46.net/2012/06/refused-to-set-unsafe-header.html
> > > >
> > > > Thanks
> > > > Amila
> > > >
> > > >
> > > > On Tue, Jun 11, 2013 at 11:42 PM, Viknes Balasubramanee <
> > viknesb@msn.com
> > > > >wrote:
> > > >
> > > > > Hi All,
> > > > >
> > > > > I am trying to get the list of experiments in Airavata by 
> > > > > accessing
> > the
> > > > > Registry API REST service from a webapp. When I make an AJAX
> request
> > > from
> > > > > JavaScript, I get an error in the browser console(FireBug) 
> > > > > stating
> > > > "Access
> > > > > denied to restricted URI".  This is the URL that I am trying 
> > > > > to hit
> > > > >
> > > > >
> > > >
> > >
> >
> http://localhost:8080/airavata-registry/api/experimentregistry/get/exp
> erimen
> > > > > ts/all . The URL works fine from the browser.
> > > > >
> > > > > 1. I have the basic authentication header set with the encoded
> > username
> > > > and
> > > > > password when I make the request. I have CORS enabled in jQuery.
> Yet,
> > > the
> > > > > request seems to fail.
> > > > > 2. In order to skip the authentication and try my request, I 
> > > > > set
> the
> > > > > enabled
> > > > > parameter in authentication.xml to false. <authenticators
> > > > enabled="false">.
> > > > > When I do so, I get the below exception if I try to connect to 
> > > > > the
> > > > registry
> > > > > from XBaya.
> > > > >
> > > > >
> > >
> org.apache.airavata.client.api.exception.AiravataAPIInvocationException:
> > > > > Error while initializing the Airavata API
> > > > >         at
> > > > >
> > > > >
> > > >
> > >
> >
> org.apache.airavata.client.AiravataAPIFactory.getAPI(AiravataAPIFactor
> y.java
> > > > > :64)
> > > > >         at
> > > > >
> > > > >
> > > >
> > >
> >
> org.apache.airavata.client.AiravataAPIFactory.getAPI(AiravataAPIFactor
> y.java
> > > > > :43)
> > > > >         at
> > > > >
> > > > >
> > > >
> > >
> >
> org.apache.airavata.xbaya.ui.dialogs.registry.RegistryWindow.getAirava
> taAPI(
> > > > > RegistryWindow.java:260)
> > > > > Caused by:
> > > > >
> > >
> org.apache.airavata.client.api.exception.AiravataAPIInvocationException:
> > > > > Error while initializing the Airavat a API
> > > > >         at
> > > > >
> > > > >
> > > >
> > >
> >
>
org.apache.airavata.client.AiravataClient.initialize(AiravataClient.java:163
> > > > > )
> > > > >         at
> > > > >
> > > > >
> > > >
> > >
> >
>
org.apache.airavata.client.AiravataAPIFactory.getAPI(AiravataAPIFactory.java
> > > > > :61)
> > > > >         ... 99 more
> > > > > Caused by: java.lang.RuntimeException: Failed : HTTP error code :
> 500
> > > > >         at
> > > > >
> > > > >
> > > >
> > >
> >
>
org.apache.airavata.rest.client.ConfigurationResourceClient.getEventingURI(C
> > > > > onfigurationResourceClient.java:5
> > > > > 19)
> > > > >         at
> > > > >
> > > > >
> > > >
> > >
> >
>
org.apache.airavata.rest.client.RegistryClient.getEventingServiceURI(Registr
> > > > > yClient.java:164)
> > > > >         at
> > > > >
> > > > >
> > > >
> > >
> >
>
org.apache.airavata.client.AiravataClient.createConfig(AiravataClient.java:1
> > > > > 15)
> > > > >
> > > > > Please let me know if I am missing something here. For most of the
> > GSOC
> > > > > projects, we are developing webapp and I believe this would play
an
> > > > > important role.
> > > > >
> > > > > Thanks
> > > > > Viknes
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Supun Kamburugamuva
> > > Member, Apache Software Foundation; http://www.apache.org
> > > E-mail: supun06@gmail.com;  Mobile: +1 812 369 6762
> > > Blog: http://supunk.blogspot.com
> > >
> >
>
>
>
> --
> Supun Kamburugamuva
> Member, Apache Software Foundation; http://www.apache.org
> E-mail: supun06@gmail.com;  Mobile: +1 812 369 6762
> Blog: http://supunk.blogspot.com
>

------=_NextPart_000_00CD_01CE6757.BB231FA0
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIITCjCCBDYw
ggMeoAMCAQICAQEwDQYJKoZIhvcNAQEFBQAwbzELMAkGA1UEBhMCU0UxFDASBgNVBAoTC0FkZFRy
dXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5hbCBUVFAgTmV0d29yazEiMCAGA1UEAxMZ
QWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9vdDAeFw0wMDA1MzAxMDQ4MzhaFw0yMDA1MzAxMDQ4Mzha
MG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3Qg
RXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3Qw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC39xoz5vIABC054E5b7R+8bA/Ntfojts7e
mxEzl6QpTH2Tn71KvJPtAxrjj8/lbVBa1pcplFqAsEl62y6V/bjKvzc4LR4+kUGtcFbH8E8/6DKe
dMrIkFTpxl8PeJ2aQDwOrGGqXhSPnoehalDc15pOrwWzpnGUnHGzUGAKxxOdOAeGAqjpqGkmGJCr
TLBPI6s6T4TY386f4Wlvu9dC12tE5Met7m1BX3JacQg3s3llpFmglDf3AC8NwpJy2tA4ctsUqEXE
XSp9t7TWxO6szRNEt8kr3UMAJfphuWlqWCMRt6czj1Z1WfXNKddGtworZbbTQm8Vsrh7++/pXVPV
NFonAgMBAAGjgdwwgdkwHQYDVR0OBBYEFK29mHo0tCb3+sQmVO8DveAky1QaMAsGA1UdDwQEAwIB
BjAPBgNVHRMBAf8EBTADAQH/MIGZBgNVHSMEgZEwgY6AFK29mHo0tCb3+sQmVO8DveAky1QaoXOk
cTBvMQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0
IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
ggEBMA0GCSqGSIb3DQEBBQUAA4IBAQCwm+CFJcLWI+IPlgaSnUGYnNmEeYHZHlsUByM2ZY+w2He7
rEFsR2CDUbD5Mj3n/PYmE8eAFqW/WvyHz3h5iSGa4kwHCoY1vPLeUcTSlrfcfk7ucP0cOesMAlEU
LY69FuDB30Z15ySt7PRCtIWTcBBnup0GNUoY0yt6zFFCoXpj0ea7ocUrwja+Ew3mvWN+eXunCQ1A
q2rdj4rD9vaMGkIFUdRF9Z+nYiFoFSBDPJnnfL0k2KmRF3OIP1YbMTgYtHEPms3IDp6OLhvhjJiD
yx8x8URMxgRzSXZgD8f4vReAay7pzEwOWpp5DyAKLtWeYyYeVZKU2IIXWnvQvMePToYEMIIEijCC
A3KgAwIBAgIQJ/TqEfR6hsRunbtuqRcHBzANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3
b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290MB4XDTA1MDYwNzA4MDkxMFoX
DTIwMDUzMDEwNDgzOFowga4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2Fs
dCBMYWtlIENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0
cDovL3d3dy51c2VydHJ1c3QuY29tMTYwNAYDVQQDEy1VVE4tVVNFUkZpcnN0LUNsaWVudCBBdXRo
ZW50aWNhdGlvbiBhbmQgRW1haWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyOYWk
8n2rQTtiRjeuzcFgdbw5ZflKGkeiucxIzGqY1U01GbmkQuXOSeKKLx580jEHx060g2SdLinVomTE
hb2FUTV5pE5okHsceqSSqBfymBXyk8zJpDKVuwxPML2YoAuL5W4bokb6eLyib6tZXqUvz8rabaov
66yhs2qqty5nNYt54R5piOLmRs2gpeq+C852OnoOm+r82idbPXMfIuZIYcZM82mxqC4bttQxICy8
goqOpA6l14lD/BZarx1x1xFZ2rqHDa/68+HC8KTFZ4zW1lQ63gqkugN3s2XI/R7TdGKqGMpokx6h
hX71R2XL+E1XKHTSNP8wtu72YjAUjCzrAgMBAAGjgeEwgd4wHwYDVR0jBBgwFoAUrb2YejS0Jvf6
xCZU7wO94CTLVBowHQYDVR0OBBYEFImCZ33EnSZwAEu0UEh83j2uBG59MA4GA1UdDwEB/wQEAwIB
BjAPBgNVHRMBAf8EBTADAQH/MHsGA1UdHwR0MHIwOKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2Eu
Y29tL0FkZFRydXN0RXh0ZXJuYWxDQVJvb3QuY3JsMDagNKAyhjBodHRwOi8vY3JsLmNvbW9kby5u
ZXQvQWRkVHJ1c3RFeHRlcm5hbENBUm9vdC5jcmwwDQYJKoZIhvcNAQEFBQADggEBABnYiRFvKKym
AKLnh8GbkAPbfqES/R7z4vABqZRUQmuaCcSgbdeQkgQDZnlDcfz4b6/bdkXiNxo93eRZBHisHPSD
RvN6z1uEci3lRsG6GBEp88tJeYc8um0FnaRtaE+tchQ2qLmx/b/Pf/CkapQ1UI/PgW1Vsd1ZMErf
baCcZB9JfO82u/TjafT4OY9arUuFOrcO7dPPDUSi+wS/5C9wjiX7WlQGs9DEvG2N+3MyLOmbhCQt
1n+RemgCUB8OP03pzPW7Z+jcHC47/E7N/gKO46gTCqUmRGXpEPJNUqeu3D7KazJcQWz+9V2g6v/R
+puGWG09lkfl/i6VBMIAzI6h8rswggUaMIIEAqADAgECAhBtGeqnGU9qMyLmIjJ6qnHeMA0GCSqG
SIb3DQEBBQUAMIGuMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFr
ZSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0dHA6Ly93
d3cudXNlcnRydXN0LmNvbTE2MDQGA1UEAxMtVVROLVVTRVJGaXJzdC1DbGllbnQgQXV0aGVudGlj
YXRpb24gYW5kIEVtYWlsMB4XDTExMDQyODAwMDAwMFoXDTIwMDUzMDEwNDgzOFowgZMxCzAJBgNV
BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAY
BgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRp
Y2F0aW9uIGFuZCBTZWN1cmUgRW1haWwgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCShIRbS1eY1F4vi6ThQMijU1hfZmXxMk73nzJ9VdB4TFW3QpTg+SdxB8XGaaS5MsTxQBqQzCdW
Yn8XtXFpruUgG+TLY15gyqJB9mrho/+43x9IbWVDjCouK2M4d9+xF6zC2oIC1tQyatRnbyATj1w1
+uVUgK/YcQodNwoCUFNslR2pEBS0mZVZEjH/CaLSTNxS297iQAFbSGjdxUq04O0kHzqvcV8H46y/
FDuwJXFoPfQP1hdYRhWBPGiLi4MPbXohV+Y0sNsyfuNK4aVScmQmkU6lkg//4LFg/RpvaFGZY40a
i6XMQpubfSJj06mg/M6ekN9EGfRcWzW6FvOnm//BAgMBAAGjggFLMIIBRzAfBgNVHSMEGDAWgBSJ
gmd9xJ0mcABLtFBIfN49rgRufTAdBgNVHQ4EFgQUehNOAHRbxnhjZCfBL+KgW7x5xXswDgYDVR0P
AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEQYDVR0gBAowCDAGBgRVHSAAMFgGA1UdHwRR
ME8wTaBLoEmGR2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LUNsaWVudEF1
dGhlbnRpY2F0aW9uYW5kRW1haWwuY3JsMHQGCCsGAQUFBwEBBGgwZjA9BggrBgEFBQcwAoYxaHR0
cDovL2NydC51c2VydHJ1c3QuY29tL1VUTkFkZFRydXN0Q2xpZW50X0NBLmNydDAlBggrBgEFBQcw
AYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQUFAAOCAQEAhda+eFdVbTN/
RFL+QtUGqAEDgIr7DbL9Sr/2r0FJ9RtaxdKtG3NuPukmfOZMmMEwKN/L+0I8oSU+CnXW0D05hmbR
oZu1TZtvryhsHa/l6nRaqNqxwPF1ei+eupN5yv7ikR5WdLL4jdPgQ3Ib7Y/9YDkgR/uLrzplSDyY
PaUlv73vYOBJ5RbI6z9Dg/Dg7g3B080zX5vQvWBqszv++tTJOjwf7Zv/m0kzvkIpOYPuM2kugp1F
Tahp2oAbHj3SGl18R5mlmwhtEpmG1l1XBxunML5LSUS4kH7K0Xk467Qz+qA6XSZYnmFVGLQh1ZnV
4ENAQjC+6qXnlNKw/vN1+X9u5zCCBSAwggQIoAMCAQICEQC6ACYKqYYMvyFddpzOdMMqMA0GCSqG
SIb3DQEBBQUAMIGTMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAw
DgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDE5MDcGA1UEAxMwQ09N
T0RPIENsaWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTEyMDkyNjAw
MDAwMFoXDTEzMDkyNjIzNTk1OVowIDEeMBwGCSqGSIb3DQEJARYPdmlrbmVzYkBtc24uY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gLub8fMV9WKteiCxhkflIha82DuMGjZi4S8
EsCYcz2mFKE/CDfzuCAvdudWT+seH1FTp1wGUZWN7XNMjSKoy/oOx/D2SPVaG/xgBM9i9lOZ/B93
is8/LjXqJ9W6r7Y6aaLEOKcvlV2bzybuzq1z5yqIEQfMcxcoqK7cBiQ85sGNErwz8oarae6udPS5
hVjWZcfz8vk8gs324qfJSN487q5C4O9024e6O2ZExfy+217vw7BLA49k1kl7KjF1dbA49KThteEC
9IxOdUT+yoIjB9Az/OmnN7cwG99LbapD9hCmsMtGaLWEZ/ou40qlqrTfyX/fTkirgbcDxO9irKaw
ZwIDAQABo4IB3zCCAdswHwYDVR0jBBgwFoAUehNOAHRbxnhjZCfBL+KgW7x5xXswHQYDVR0OBBYE
FEYYhRVWO6Z0QwgTQ08r2VB56uPIMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMCAGA1Ud
JQQZMBcGCCsGAQUFBwMEBgsrBgEEAbIxAQMFAjARBglghkgBhvhCAQEEBAMCBSAwRgYDVR0gBD8w
PTA7BgwrBgEEAbIxAQIBAQEwKzApBggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5l
dC9DUFMwVwYDVR0fBFAwTjBMoEqgSIZGaHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPQ2xp
ZW50QXV0aGVudGljYXRpb25hbmRTZWN1cmVFbWFpbENBLmNybDCBiAYIKwYBBQUHAQEEfDB6MFIG
CCsGAQUFBzAChkZodHRwOi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9DbGllbnRBdXRoZW50aWNh
dGlvbmFuZFNlY3VyZUVtYWlsQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9j
YS5jb20wGgYDVR0RBBMwEYEPdmlrbmVzYkBtc24uY29tMA0GCSqGSIb3DQEBBQUAA4IBAQCSHI/C
oyfSWr2B4EPIxcMmWU6MqKRVZY4jYAh5VVW+muq5ipWeJZxqiX5XTSj2Px0Eqf5AUHn5keoAqquA
ViVyYG52KZ9PC+0gUGatSEblAthzLtaw8XkthWELoDgED8/llQG7DCXJypKbk8GdvuIyeACgipMV
92P2U79c4Xil5MMCigI3ZEs5REAV3uRuPbZOY54kj6foHMqk+j0HXTfQRpx36XQlYxeSb/969vlP
7IIZH6Laz00SRts8U0bd1rDFeI47YstmG95/+odwO36zgUUByDtfSt0Cln4u2drzX/RPkPRSxVCh
CjkO1fI6RPdhRg6fQcvlmRiFfTVHppg+MYIERDCCBEACAQEwgakwgZMxCzAJBgNVBAYTAkdCMRsw
GQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNP
TU9ETyBDQSBMaW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFu
ZCBTZWN1cmUgRW1haWwgQ0ECEQC6ACYKqYYMvyFddpzOdMMqMAkGBSsOAwIaBQCgggJvMBgGCSqG
SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTEzMDYxMjE0MjkzM1owIwYJKoZI
hvcNAQkEMRYEFBpjkqTNGUx8LOsO1d2R7tcsdgKhMIGTBgkqhkiG9w0BCQ8xgYUwgYIwCwYJYIZI
AWUDBAEqMAsGCWCGSAFlAwQBFjAKBggqhkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwIC
AgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIaMAsGCWCGSAFlAwQCAzALBglghkgBZQMEAgIwCwYJ
YIZIAWUDBAIBMIG6BgkrBgEEAYI3EAQxgawwgakwgZMxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJH
cmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBM
aW1pdGVkMTkwNwYDVQQDEzBDT01PRE8gQ2xpZW50IEF1dGhlbnRpY2F0aW9uIGFuZCBTZWN1cmUg
RW1haWwgQ0ECEQC6ACYKqYYMvyFddpzOdMMqMIG8BgsqhkiG9w0BCRACCzGBrKCBqTCBkzELMAkG
A1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEa
MBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxOTA3BgNVBAMTMENPTU9ETyBDbGllbnQgQXV0aGVu
dGljYXRpb24gYW5kIFNlY3VyZSBFbWFpbCBDQQIRALoAJgqphgy/IV12nM50wyowDQYJKoZIhvcN
AQEBBQAEggEACkcTqj7gRddwU0Vi9xrW5qdhBLRSvDFrHzSKi77aIbilW2hlNtqaZcw1MXhE7DkP
ayVMMiHt3jcL07iEaraRz/t85wrCpZDt2amnU9tk1Hka83s5bMnhD1U5xA4jroziJ0HMhHPjdWL0
rjIOltpLGKFml+XQEALcytcWmaiylOY9WBU5EqlFAy55ckH0z6NgImiOsZyOkirhTtVBlOn2EO9s
1Cx7njWPAxlz5ehlOEbhciUMCxwe6zwpuvdR658NDChlg+SuPdti7Mt1Qgr8qOoSv4YPg+BLhYX6
zscrkuQCmHS0BmbNI7IpcSebFbBh7kTnlMPV3Po9iaY7KwAyhAAAAAAAAA==

------=_NextPart_000_00CD_01CE6757.BB231FA0--