On Mon, Jan 9, 2017 at 1:34 PM, SajithAR Ariyarathna <sajit...@wso2.com> wrote:
> Currently, we are in the process of refactoring the carbon-security source >> and hope to release a 1.0.0-m3 soon. With this release, CAAS User >> implementation will only provide authorization functionalities. In order to >> consume identity store related functionalities, you need to use the User >> class provided by carbon-identity-mgt[1]. Also, both classes will implement >> Serializable. >> >> [1] - https://github.com/thanujalk/carbon-identity-mgt/blob/ >> master/components/org.wso2.carbon.identity.mgt/src/main/ >> java/org/wso2/carbon/identity/mgt/User.java >> > So, which class will provide the isAuthorized(Permission permission) > method? > > It is the class which we have inside the CAAS. Basically User class in the carbon-identity-mgt is a child of CAAS User. > On Mon, Jan 9, 2017 at 1:05 PM, Thanuja Jayasinghe <than...@wso2.com> > wrote: > >> Hi Sajith, >> >> Currently, we are in the process of refactoring the carbon-security >> source and hope to release a 1.0.0-m3 soon. With this release, CAAS User >> implementation will only provide authorization functionalities. In order to >> consume identity store related functionalities, you need to use the User >> class provided by carbon-identity-mgt[1]. Also, both classes will implement >> Serializable. >> >> [1] - https://github.com/thanujalk/carbon-identity-mgt/blob/ >> master/components/org.wso2.carbon.identity.mgt/src/main/ >> java/org/wso2/carbon/identity/mgt/User.java >> >> Thanks, >> Thanuja >> >> On Mon, Jan 9, 2017 at 12:45 PM, SajithAR Ariyarathna <sajit...@wso2.com> >> wrote: >> >>> Hi Johann, >>> >>> Once you login using CAAS (carbon authentication and authorization >>>> service) components you will get a CAAS User object [1]. This User object >>>> is a proxy object which can be used to call all the underlying identity >>>> store and authorization store methods. Ideally you will store this User >>>> object in the user's logged in session and perform those operations when >>>> necessary. >>>> >>>> [1] https://github.com/wso2/carbon-security/blob/release-1.0 >>>> .0-m2/components/org.wso2.carbon.security.caas/src/main/java >>>> /org/wso2/carbon/security/caas/user/core/bean/User.java >>>> >>> This means that we need to store the User object in the UUF session. In >>> order to that the User class needs to be serializable. However User >>> class does not implements Serializable interface. >>> >>> On Wed, Jan 4, 2017 at 3:13 PM, Tanya Madurapperuma <ta...@wso2.com> >>> wrote: >>> >>>> Hi Dilan, >>>> >>>> On Wed, Jan 4, 2017 at 2:48 PM, Dilan Udara Ariyaratne <dil...@wso2.com >>>> > wrote: >>>> >>>>> Hi Tania, >>>>> >>>>> Are we going to keep one dashboard permission or multiple ? The reason >>>>> that I am asking this is if we can allow multiple, we can >>>>> separate out access for critical functions like dashboard view, edit >>>>> and manage via those permissions. >>>>> >>>> As explained offline each dashboard will have its own permission for >>>> view , edit/ update, delete. The only difference in this with the previous >>>> versions is that instead of the role we will use permissions. >>>> >>>>> >>>>> Also, have you looked into the scenario of restricting access of >>>>> dashboards for different users ? >>>>> >>>> A permission is resource + action. So we can restrict access with the >>>> permission. >>>> >>>>> AFAIU, it's only by having multiple permissions, we can do this. >>>>> >>>> >>>> Thanks, >>>> Tanya >>>> >>>>> >>>>> Cheers, >>>>> Dilan. >>>>> >>>>> *Dilan U. Ariyaratne* >>>>> Senior Software Engineer >>>>> WSO2 Inc. <http://wso2.com/> >>>>> Mobile: +94766405580 <%2B94766405580> >>>>> lean . enterprise . middleware >>>>> >>>>> >>>>> On Wed, Jan 4, 2017 at 1:56 PM, Johann Nallathamby <joh...@wso2.com> >>>>> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Wed, Jan 4, 2017 at 1:04 PM, Nipuna Chandradasa <nipu...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> [+adding Sajith] >>>>>>> Please find the my questions and suggestions in line.... >>>>>>> >>>>>>>> >>>>>>>>>> Based on the above model we have following questions. >>>>>>>>>> 1. How can we call the isAuthorized method from dashboard >>>>>>>>>> component ? >>>>>>>>>> >>>>>>>>> >>>>>>> Isn't this isAuthorized method should be exposed through UUF as >>>>>>> dashboard component is basically a UUF component? It might not be good >>>>>>> to >>>>>>> expose a such a functionality through a UI framework but it'll be lot >>>>>>> cleaner than invoking a OSGI service inside our component. >>>>>>> >>>>>> >>>>>> Once you login using CAAS (carbon authentication and authorization >>>>>> service) components you will get a CAAS User object [1]. This User object >>>>>> is a proxy object which can be used to call all the underlying identity >>>>>> store and authorization store methods. Ideally you will store this User >>>>>> object in the user's logged in session and perform those operations when >>>>>> necessary. >>>>>> >>>>>> [1] https://github.com/wso2/carbon-security/blob/release-1.0 >>>>>> .0-m2/components/org.wso2.carbon.security.caas/src/main/java >>>>>> /org/wso2/carbon/security/caas/user/core/bean/User.java >>>>>> >>>>>> Regards, >>>>>> Johann. >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>>> 2. Is there any standard / approval process for permission strings ? >>>>>>>>>> >>>>>>>>>> >>>>>>>>> 3. How should we register the permissions dynamically at the time >>>>>>>>>> of creating a dashboard? >>>>>>>>>> >>>>>>>>>> Appreciate your insight. >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> Thank you, >>>>>>> >>>>>>> -- >>>>>>> Nipuna Marcus >>>>>>> *Software Engineer* >>>>>>> WSO2 Inc. >>>>>>> http://wso2.com/ - "lean . enterprise . middleware" >>>>>>> Mobile : +94 (0) 713 667906 <+94%2071%20366%207906> >>>>>>> nipu...@wso2.com >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Thanks & Regards, >>>>>> >>>>>> *Johann Dilantha Nallathamby* >>>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>>> Governance Technologies Team >>>>>> WSO2, Inc. >>>>>> lean.enterprise.middleware >>>>>> >>>>>> Mobile - *+94777776950* >>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> Architecture@wso2.org >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> Architecture@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Tanya Madurapperuma >>>> >>>> Senior Software Engineer, >>>> WSO2 Inc. : wso2.com >>>> Mobile : +94718184439 <+94%2071%20818%204439> >>>> Blog : http://tanyamadurapperuma.blogspot.com >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Sajith Janaprasad Ariyarathna >>> Software Engineer; WSO2, Inc.; http://wso2.com/ >>> <https://wso2.com/signature> >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> *Thanuja Lakmal* >> Senior Software Engineer >> WSO2 Inc. http://wso2.com/ >> *lean.enterprise.middleware* >> Mobile: +94715979891 +94758009992 >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Sajith Janaprasad Ariyarathna > Software Engineer; WSO2, Inc.; http://wso2.com/ > <https://wso2.com/signature> > -- *Thanuja Lakmal* Senior Software Engineer WSO2 Inc. http://wso2.com/ *lean.enterprise.middleware* Mobile: +94715979891 +94758009992
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
