Return-Path: X-Original-To: apmail-stratos-dev-archive@minotaur.apache.org Delivered-To: apmail-stratos-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 71F0010B71 for ; Fri, 10 Jan 2014 00:38:18 +0000 (UTC) Received: (qmail 54324 invoked by uid 500); 10 Jan 2014 00:38:18 -0000 Delivered-To: apmail-stratos-dev-archive@stratos.apache.org Received: (qmail 54257 invoked by uid 500); 10 Jan 2014 00:38:17 -0000 Mailing-List: contact dev-help@stratos.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@stratos.incubator.apache.org Delivered-To: mailing list dev@stratos.incubator.apache.org Received: (qmail 54250 invoked by uid 99); 10 Jan 2014 00:38:17 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 10 Jan 2014 00:38:17 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of pradeepfn@gmail.com designates 209.85.128.174 as permitted sender) Received: from [209.85.128.174] (HELO mail-ve0-f174.google.com) (209.85.128.174) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 10 Jan 2014 00:38:11 +0000 Received: by mail-ve0-f174.google.com with SMTP id pa12so3002453veb.19 for ; Thu, 09 Jan 2014 16:37:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=B+8Nd9AXVETFAVtco9mSPgg8RSG9qzW0R23owmzGQug=; b=RqNmGd+DAk6sUkdRqDSIcZFI17tBHiRuQo9ovsmNe8Sx6Blg7Fy9O7i1Oel2sQBRpq rN0sOj+dDaMdAfujzvNoq1rNbMvtTAvDeBtiaAhR7Un4Sbvi/prIsmQh6VzZ6ifVIdt3 6yjrg349nCXOXTBsmLsYjSh2uk41Vb+UQExQuDlwFvQ8bU0xQwLTi1V7nD7odcmEDI9j pHbs85TT1jVzcI6RehoMC9167B9+hJjnr0emhvJn1xpybpTjvP+h4imQjs63CmLhSwpK V1YcxLGeRJITvB7CkUFxdtzBYVtXuQCuArLETxJIuLlmMRmQQMXT3lT9WnaQY3Jq1NUk OHbg== MIME-Version: 1.0 X-Received: by 10.52.106.107 with SMTP id gt11mr4479011vdb.7.1389314270841; Thu, 09 Jan 2014 16:37:50 -0800 (PST) Received: by 10.58.65.37 with HTTP; Thu, 9 Jan 2014 16:37:50 -0800 (PST) Received: by 10.58.65.37 with HTTP; Thu, 9 Jan 2014 16:37:50 -0800 (PST) In-Reply-To: References: Date: Fri, 10 Jan 2014 06:07:50 +0530 Message-ID: Subject: Re: SecurityException in Stratos Manager From: Pradeep Fernando To: dev Content-Type: multipart/alternative; boundary=001a1133ccf6984eb204ef92effb X-Virus-Checked: Checked by ClamAV on apache.org --001a1133ccf6984eb204ef92effb Content-Type: text/plain; charset=UTF-8 Nice. Now we test the tenant flows as well.. --Pradeep sent from my phone On Jan 9, 2014 10:58 PM, "Isuru Haththotuwa" wrote: > Updated the Stratos Manager features to the latest available versions. > Afterwards this error didn't occur. > > > On Thu, Jan 9, 2014 at 7:13 PM, Isuru Haththotuwa wrote: > >> Hi devs, >> >> In testing the non-super tenant flows for Subscription, I observed the >> following error in Stratos Manager: >> >> java.lang.SecurityException: Malicious code detected! Trying to override >> restricted item: carbonContextHolder. An incident has been logged for >> tenant b.com[2] >> >> This seem to be coming since SM is using several outdated jars after the >> Carbon 4.2.0 migration. I'll will be updating them, will hold the non-super >> tenant path testing till this is done. >> >> -- >> Thanks and Regards, >> >> Isuru H. >> +94 716 358 048* * >> >> >> > > > -- > Thanks and Regards, > > Isuru H. > +94 716 358 048* * > > > --001a1133ccf6984eb204ef92effb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Nice. Now we test the tenant flows as well..

--Pradeep
sent from my phone

On Jan 9, 2014 10:58 PM, "Isuru Haththotuwa= " <isuruh@wso2.com> wrote= :
Updated the Stratos Manager features to the latest availab= le versions. Afterwards this error didn't occur.


On Thu, Jan 9, 2014 at 7:1= 3 PM, Isuru Haththotuwa <isuruh@wso2.com> wrote:
Hi devs,

<= /div>In testing the non-super tenant flows for Subscription, I observed the= following error in Stratos Manager:

java.lang.SecurityException: Malicious code detected! Trying to overrid= e restricted item: carbonContextHolder. An incident has been logged for=20 tenant b.com[2]

This seem to be coming since SM is using several outdated jars after the C= arbon 4.2.0 migration. I'll will be updating them, will hold the non-su= per tenant path testing till this is done.

--
Thanks and R= egards,

Isuru H.



--
T= hanks and Regards,

Isuru H.
--001a1133ccf6984eb204ef92effb--