Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump carbon.identity-inbound-auth-oauth.version from 6.2.17 to 6.2.20 #37

Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions modules/distribution/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,39 @@
<module>product</module>
</modules>

<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-antrun-plugin</artifactId>
<executions>
<execution>
<id>extract-docs-from-components</id>
<phase>package</phase>
<goals>
<goal>run</goal>
</goals>
<configuration>
<tasks>
<!-- Explode the authenticationendpoint.war -->
<unzip dest="../p2-profile/product/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/webapps/authenticationendpoint">
<fileset dir="../p2-profile/product/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/webapps">
<include name="authenticationendpoint.war" />
</fileset>
</unzip>
<delete file="../p2-profile/product/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/webapps/authenticationendpoint.war" />
<!-- Explode the accountrecoveryendpoint.war -->
<unzip dest="../p2-profile/product/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/webapps/accountrecoveryendpoint">
<fileset dir="../p2-profile/product/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/webapps">
<include name="accountrecoveryendpoint.war" />
</fileset>
</unzip>
<delete file="../p2-profile/product/target/wso2carbon-core-${carbon.kernel.version}/repository/deployment/server/webapps/accountrecoveryendpoint.war" />
</tasks>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
32 changes: 30 additions & 2 deletions modules/distribution/product/src/main/assembly/bin.xml
Original file line number Diff line number Diff line change
Expand Up @@ -555,7 +555,22 @@
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/webapps
</outputDirectory>
<includes>
<include>authenticationendpoint.war</include>
<include>authenticationendpoint/</include>
</includes>
</fileSet>

<fileSet>
<directory>
src/main/extensions
</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/webapps/authenticationendpoint/extensions
</outputDirectory>
<includes>
<include>title.jsp</include>
<include>header.jsp</include>
<include>footer.jsp</include>
<include>cookie-policy-content.jsp</include>
<include>privacy-policy-content.jsp</include>
</includes>
</fileSet>

Expand All @@ -566,7 +581,20 @@
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/webapps
</outputDirectory>
<includes>
<include>accountrecoveryendpoint.war</include>
<include>accountrecoveryendpoint/</include>
</includes>
</fileSet>

<fileSet>
<directory>
src/main/extensions
</directory>
<outputDirectory>${pom.artifactId}-${pom.version}/repository/deployment/server/webapps/accountrecoveryendpoint/extensions
</outputDirectory>
<includes>
<include>title.jsp</include>
<include>header.jsp</include>
<include>footer.jsp</include>
</includes>
</fileSet>

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,176 @@
<%--
~ Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
--%>

<!-- page content -->
<div class="row">
<div class="col-xs-12 col-sm-3 col-md-3 col-lg-3 col-sm-offset-1 col-md-offset-1 col-lg-offset-1">
<div id="toc"></div>
</div>
<div class="col-xs-12 col-sm-7 col-md-7 col-lg-7">
<!-- content -->
<div class="container col-xs-12 col-sm-12 col-md-12 col-lg-12 col-centered wr-content wr-login col-centered padding-bottom-100">
<div>
<h2 class="wr-title uppercase blue-bg padding-double white boarder-bottom-blue margin-none">
WSO2 API Manager - Cookie Policy
</h2>
</div>
<div class="boarder-all ">
<div class="clearfix"></div>
<%-- Customizable content. Due to this nature, i18n is not implemented for this section --%>
<div id="cookiePolicy" class="padding-double">
<h4><a href="https://wso2.com/api-management/"><strong>About WSO2 API Manager</strong></a></h4>
<p>WSO2 API Manager (referred hereafter as &ldquo;API-M &rdquo;) is an open source enterprise-class solution that supports API publishing, lifecycle management, application development, access control, rate limiting and analytics in one cleanly integrated system.</p>
<div class="margin-bottom-double"></div>
<h2 id="cookie-policy"><strong>Cookie Policy</strong></h2>
<p>API-M uses cookies to provide you with the best user experience, and to securely identify you. You might not be able to access some of the services if you disable cookies.</p>
<div class="margin-bottom-double"></div>
<h2 id="what-is-a-cookie">What is a cookie &quest;</h2>
<p>A browser cookie is a small piece of data that is stored on your device to help websites and mobile apps remember things about you. Other technologies, including Web storage and identifiers associated with your device, may be used for similar purposes. In this policy, we use the term &ldquo;cookies&rdquo; to discuss all of these technologies.</p>
<div class="margin-bottom-double"></div>
<h2 id="how-apim-process-cookies">How does API-M process cookies &quest;</h2>
<p>API-M uses cookies to store and retrieve information on your browser. This information is used to provide a better user experience. Some cookies have the primary purpose of allowing logging in to the system, maintaining sessions, and keeping track of activities you do within the login session.</p>
<p>Some cookies used in API-M are used to identify you personally. However, the cookie lifetime will end when you log-out ending your session or when your session expires.</p>
<p>Some cookies are simply used to give you a more personalised web experience, and these cannot be used to identify you or your activities personally.</p>
<p>This Cookie Policy is part of the API-M Privacy Policy.</p>
<div class="margin-bottom-double"></div>
<h2 id="what-apim-use-cookies-for">What does API-M use cookies for &quest;</h2>
<p>Cookies are used for two purposes in API-M</p>
<ol>
<li>Security.</li>
<li>Providing a better user experience.</li>
</ol>
<div class="margin-bottom"></div>
<h3 id="apim-uses-cookies-for-the-following-purposes">API-M uses cookies for the following purposes</h3>
<h4>Preferences</h4>
<p>API-M uses cookies to remember your settings and preferences and to auto-fill the fields to make your interactions with the site easier.</p>
<ul>
<li>These cannot be used to identify you personally.</li>
</ul>
<h4>Security</h4>
<p>API-M uses selected cookies to identify and prevent security risks.</p>
<p>For example, API-M may use cookies to store your session information to prevent others from changing your password without your username and password.</p>
<p>API-M uses session cookie to maintain your active session.</p>
<p>API-M may use a temporary cookie when performing multi-factor authentication and federated authentication.</p>
<p>API-M may use permanent cookies to detect the devices you have logged in previously. This is to to calculate the <strong>risk level</strong> associated with your current login attempt. Using these cookies protects you and your account from possible attacks.</p>
<h4>Performance</h4>
<p>API-M may use cookies to allow &ldquo;Remember Me&rdquo; functionalities.</p>
<div class="margin-bottom"></div>
<h3 id="analytics">Analytics</h3>
<p>API-M as a product does not use cookies for analytical purposes.</p>
<div class="margin-bottom"></div>
<h3 id="third-party-cookies">Third party cookies</h3>
<p>Using API-M may cause some third-party cookie being set to your browser. API-M has no control over the operation of these cookies. The third-party cookies which maybe set include,</p>
<ul>
<li>Any of the social login sites, when API-M is configured to use &ldquo;Social&rdquo; or &ldquo;Federated&rdquo; login, and you opt to do login with your &ldquo;Social Account&rdquo;</li>
<li>Any third party federated login</li>
</ul>
<p>We strongly advise you to refer the respective cookie policies of such sites carefully as API-M has no knowledge or use on these cookies.</p>
<div class="margin-bottom-double"></div>
<h2 id="what-type-of-cookies-apim-use">What type of cookies does API-M use &quest;</h2>
<p>API-M uses persistent cookies and session cookies. A persistent cookie helps API-M to recognize you as an existing user, so you can easily return to WSO2 or interact with API-M without signing in again. After you sign in, a persistent cookie stays in your browser and will be read by API-M when you return.</p>
<p>A session cookie is erased when the user closes the Web browser. It is stored in temporarily and is not retained after the browser is closed. Session cookies do not collect information from the user's computer.</p>
<div class="margin-bottom-double"></div>
<h2 id="how-do-i-control-my-cookies">How do I control my cookies &quest;</h2>
<p>Most browsers allow you to control cookies through settings. However, if you limit the ability of websites to set cookies, you may worsen your overall user experience, since it will no longer be personalized to you. It may also stop you from saving customized
settings like login information. Disabling cookies might make you unable to use Authentication and Authorization functionalities offered by API-M.</p>
<p>If you have any questions or concerns regarding the use of cookies, please contact the Data Protection Officer of the organization running this API-M instance.</p>
<div class="margin-bottom-double"></div>
<h2 id="what-are-the-cookies-used">What are the cookies used &quest;</h2>
<table class="table table-bordered">
<tbody>
<tr>
<td>
<p><strong>Cookie Name</strong></p>
</td>
<td>
<p><strong>Purpose</strong></p>
</td>
<td>
<p><strong>Retention</strong></p>
</td>
</tr>
<tr>
<td>
<p>JSESSIONID</p>
</td>
<td>
<p>Keeps track of the user session data when you are logged in for providing a better user experience.</p>
</td>
<td>
<p>Session</p>
</td>
</tr>
<tr>
<td>
<p>goto_url</p>
</td>
<td>
<p>Keeps track of the page that you should be directed to after login.</p>
</td>
<td>
<p>Session</p>
</td>
</tr>
<tr>
<td>
<p>workflowCookie</p>
</td>
<td>
<p>Used for authentication purposes when invoking an admin service in the Business Process Server.</p>
</td>
<td>
<p>Session</p>
</td>
</tr>
<tr>
<td>
<p>csrftoken</p>
</td>
<td>
<p>Used for mitigating Cross Site Request Forgery Attacks to provide you with a secure service.</p>
</td>
<td>
<p>Request</p>
</td>
</tr>
<tr>
<td>
<p>i18next</p>
</td>
<td>
<p>Used to track the language API-M is served to you.</p>
</td>
<td>
<p>Session</p>
</td>
</tr>
</tbody>
</table>
<div class="margin-bottom-double"></div>
<h2 id="disclaimer">Disclaimer</h2>
<p>This cookie policy is only for illustrative purposes of the API-M product. The content in this policy is technically correct at the time of product shipment.
The organization which runs this API-M instance has the full authority and responsibility of the effective Cookie Policy.</p>
</div>
<!-- /Customizable content -->
<div class="clearfix"></div>
</div>
</div>
<!-- /content -->
</div>
</div>

34 changes: 34 additions & 0 deletions modules/distribution/product/src/main/extensions/footer.jsp
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
<%--
~ Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
--%>

<!-- localize.jsp MUST already be included in the calling script -->

<!-- footer -->
<footer class="footer">
<div class="container-fluid">
<p>WSO2 API Manager | &copy;
<script>document.write(new Date().getFullYear());</script>
<a href="https://wso2.com/"
target="_blank">
<i class="icon fw fw-wso2"></i>
Inc
</a>
. All rights reserved
</p>
</div>
</footer>
35 changes: 35 additions & 0 deletions modules/distribution/product/src/main/extensions/header.jsp
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
<%--
~ Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
--%>

<!-- localize.jsp MUST already be included in the calling script -->

<!-- header -->
<header class="header header-default">
<div class="container-fluid"><br></div>
<div class="container-fluid">
<div class="pull-left brand float-remove-xs text-center-xs">
<a href="#">
<img src="images/logo-inverse.svg"
alt="WSO2"
title="WSO2"
class="logo">
<h1><em>API Manager</em></h1>
</a>
</div>
</div>
</header>
Loading