On Wed, Aug 14, 2013 at 12:36 PM, Srinath Perera <srin...@wso2.com> wrote:
> Ajanthan we can fix that by extending Unified endpoints to capture that. > Yes if we want to set any SOAP header to partner service request we can set it in bpel itself because we have partner service request as variable in bpel.But if we want to set it in http header we need to extent Unified endpoints.But How we are going to capture the user who invoked the BPEL? In the Unified endpoint handler do we have access to the information on request(which instance's partner service request and who invoked that instance)? > --Srinath > > > On Wed, Aug 14, 2013 at 12:32 PM, Ajanthan Balachandran <ajant...@wso2.com > > wrote: > >> >> >> >> On Wed, Aug 14, 2013 at 9:26 AM, Dimuthu Leelarathne >> <dimut...@wso2.com>wrote: >> >>> Hi, >>> >>> AF BPELs are running in the super tenant space. Now the question is, >>> whether BPEL should invoke admin services deployed in respective tenant >>> space or super tenant space. >>> >>> Here is sample of the admin services [1] From that we can see that some >>> admin services should be in super tenant space and others in respective >>> tenant space. >>> >>> So now comes the question, how can a BPEL running in admin space invoke >>> an admin service in tenant space? >>> >>> Here is the answer that can be seen so far. >>> >>> 1 - Write the mutual auth authenticator for carbon framework. This would >>> check whether the call is coming over a 2 way SSL connection and let the >>> user through. The authorization happen as the real user. This is discussed >>> in the mail thread titled "Multi-tenant AF user model" architecture@ >>> 2 - Extend the UnifiedEndPoint handler to inject the invoking person's >>> name in to a header (SOAP or HTTP) >>> >> We can set SOAP headers in BPEL but not http headers >> >>> >>> And another separate point, the admin services marked in yellow should >>> have an explicit permission check before performing any action to check >>> whether the user has permission to do particular action for the application. >>> >>> WDYT? >>> >>> thanks, >>> dimuthu >>> >>> >>> >>> >>> -- >>> Dimuthu Leelarathne >>> Architect & Product Lead of App Factory >>> >>> WSO2, Inc. (http://wso2.com) >>> email: dimut...@wso2.com >>> Mobile : 0773661935 >>> >>> Lean . Enterprise . Middleware >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> ajanthan >> -- >> Ajanthan Balachandiran >> Senior Software Engineer; >> Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ >> >> email: ajanthan <http://goog_595075977>@wso2.com; cell: +94775581497 >> blog: http://bkayts.blogspot.com/ >> >> >> Lean . Enterprise . Middleware >> > > > > -- > ============================ > Srinath Perera, Ph.D. > Director, Research, WSO2 Inc. > Visiting Faculty, University of Moratuwa > Member, Apache Software Foundation > Research Scientist, Lanka Software Foundation > Blog: http://srinathsview.blogspot.com/ > Photos: http://www.flickr.com/photos/hemapani/ > Phone: 0772360902 > -- ajanthan -- Ajanthan Balachandiran Senior Software Engineer; Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ email: ajanthan <http://goog_595075977>@wso2.com; cell: +94775581497 blog: http://bkayts.blogspot.com/ Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
