Hi Johann/Napagoda, KasunG is currently working on removing user.core components from the carbon-security repo. So we will have carbon-security m3 release before the IS 6.0.0 m1 release.
Thanks, Thanuja On Fri, Jan 20, 2017 at 9:58 AM, Johann Nallathamby <joh...@wso2.com> wrote: > > > On Mon, Jan 9, 2017 at 2:21 PM, Thanuja Jayasinghe <than...@wso2.com> > wrote: > >> >> >> On Mon, Jan 9, 2017 at 1:34 PM, SajithAR Ariyarathna <sajit...@wso2.com> >> wrote: >> >>> Currently, we are in the process of refactoring the carbon-security >>>> source and hope to release a 1.0.0-m3 soon. With this release, CAAS User >>>> implementation will only provide authorization functionalities. In order to >>>> consume identity store related functionalities, you need to use the User >>>> class provided by carbon-identity-mgt[1]. Also, both classes will implement >>>> Serializable. >>>> >>>> [1] - https://github.com/thanujalk/carbon-identity-mgt/blob/mast >>>> er/components/org.wso2.carbon.identity.mgt/src/main/java/org >>>> /wso2/carbon/identity/mgt/User.java >>>> >>> So, which class will provide the isAuthorized(Permission permission) >>> method? >>> >>> It is the class which we have inside the CAAS. Basically User class in >> the carbon-identity-mgt is a child of CAAS User. >> > > Thanuja, are we not removing the user.core implementation from > carbon-security and just have it in carbon-identity-mgt? I thought in IS > 6.0.0 M1 release that is how it will be. So we will only have one User > class hereafter. Is my understanding wrong? > > >> On Mon, Jan 9, 2017 at 1:05 PM, Thanuja Jayasinghe <than...@wso2.com> >>> wrote: >>> >>>> Hi Sajith, >>>> >>>> Currently, we are in the process of refactoring the carbon-security >>>> source and hope to release a 1.0.0-m3 soon. With this release, CAAS User >>>> implementation will only provide authorization functionalities. In order to >>>> consume identity store related functionalities, you need to use the User >>>> class provided by carbon-identity-mgt[1]. Also, both classes will implement >>>> Serializable. >>>> >>>> [1] - https://github.com/thanujalk/carbon-identity-mgt/blob/mast >>>> er/components/org.wso2.carbon.identity.mgt/src/main/java/org >>>> /wso2/carbon/identity/mgt/User.java >>>> >>>> Thanks, >>>> Thanuja >>>> >>>> On Mon, Jan 9, 2017 at 12:45 PM, SajithAR Ariyarathna < >>>> sajit...@wso2.com> wrote: >>>> >>>>> Hi Johann, >>>>> >>>>> Once you login using CAAS (carbon authentication and authorization >>>>>> service) components you will get a CAAS User object [1]. This User object >>>>>> is a proxy object which can be used to call all the underlying identity >>>>>> store and authorization store methods. Ideally you will store this User >>>>>> object in the user's logged in session and perform those operations when >>>>>> necessary. >>>>>> >>>>>> [1] https://github.com/wso2/carbon-security/blob/release-1.0 >>>>>> .0-m2/components/org.wso2.carbon.security.caas/src/main/java >>>>>> /org/wso2/carbon/security/caas/user/core/bean/User.java >>>>>> >>>>> This means that we need to store the User object in the UUF session. >>>>> In order to that the User class needs to be serializable. However >>>>> User class does not implements Serializable interface. >>>>> >>>>> On Wed, Jan 4, 2017 at 3:13 PM, Tanya Madurapperuma <ta...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi Dilan, >>>>>> >>>>>> On Wed, Jan 4, 2017 at 2:48 PM, Dilan Udara Ariyaratne < >>>>>> dil...@wso2.com> wrote: >>>>>> >>>>>>> Hi Tania, >>>>>>> >>>>>>> Are we going to keep one dashboard permission or multiple ? The >>>>>>> reason that I am asking this is if we can allow multiple, we can >>>>>>> separate out access for critical functions like dashboard view, edit >>>>>>> and manage via those permissions. >>>>>>> >>>>>> As explained offline each dashboard will have its own permission for >>>>>> view , edit/ update, delete. The only difference in this with the >>>>>> previous >>>>>> versions is that instead of the role we will use permissions. >>>>>> >>>>>>> >>>>>>> Also, have you looked into the scenario of restricting access of >>>>>>> dashboards for different users ? >>>>>>> >>>>>> A permission is resource + action. So we can restrict access with the >>>>>> permission. >>>>>> >>>>>>> AFAIU, it's only by having multiple permissions, we can do this. >>>>>>> >>>>>> >>>>>> Thanks, >>>>>> Tanya >>>>>> >>>>>>> >>>>>>> Cheers, >>>>>>> Dilan. >>>>>>> >>>>>>> *Dilan U. Ariyaratne* >>>>>>> Senior Software Engineer >>>>>>> WSO2 Inc. <http://wso2.com/> >>>>>>> Mobile: +94766405580 <%2B94766405580> >>>>>>> lean . enterprise . middleware >>>>>>> >>>>>>> >>>>>>> On Wed, Jan 4, 2017 at 1:56 PM, Johann Nallathamby <joh...@wso2.com> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Wed, Jan 4, 2017 at 1:04 PM, Nipuna Chandradasa < >>>>>>>> nipu...@wso2.com> wrote: >>>>>>>> >>>>>>>>> [+adding Sajith] >>>>>>>>> Please find the my questions and suggestions in line.... >>>>>>>>> >>>>>>>>>> >>>>>>>>>>>> Based on the above model we have following questions. >>>>>>>>>>>> 1. How can we call the isAuthorized method from dashboard >>>>>>>>>>>> component ? >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> Isn't this isAuthorized method should be exposed through UUF as >>>>>>>>> dashboard component is basically a UUF component? It might not be >>>>>>>>> good to >>>>>>>>> expose a such a functionality through a UI framework but it'll be lot >>>>>>>>> cleaner than invoking a OSGI service inside our component. >>>>>>>>> >>>>>>>> >>>>>>>> Once you login using CAAS (carbon authentication and authorization >>>>>>>> service) components you will get a CAAS User object [1]. This User >>>>>>>> object >>>>>>>> is a proxy object which can be used to call all the underlying identity >>>>>>>> store and authorization store methods. Ideally you will store this User >>>>>>>> object in the user's logged in session and perform those operations >>>>>>>> when >>>>>>>> necessary. >>>>>>>> >>>>>>>> [1] https://github.com/wso2/carbon-security/blob/release-1.0 >>>>>>>> .0-m2/components/org.wso2.carbon.security.caas/src/main/java >>>>>>>> /org/wso2/carbon/security/caas/user/core/bean/User.java >>>>>>>> >>>>>>>> Regards, >>>>>>>> Johann. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> 2. Is there any standard / approval process for permission >>>>>>>>>>>> strings ? >>>>>>>>>>>> >>>>>>>>>>> 3. How should we register the permissions dynamically at the >>>>>>>>>>>> time of creating a dashboard? >>>>>>>>>>>> >>>>>>>>>>>> Appreciate your insight. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> Thank you, >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Nipuna Marcus >>>>>>>>> *Software Engineer* >>>>>>>>> WSO2 Inc. >>>>>>>>> http://wso2.com/ - "lean . enterprise . middleware" >>>>>>>>> Mobile : +94 (0) 713 667906 <+94%2071%20366%207906> >>>>>>>>> nipu...@wso2.com >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Thanks & Regards, >>>>>>>> >>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>>>>> Governance Technologies Team >>>>>>>> WSO2, Inc. >>>>>>>> lean.enterprise.middleware >>>>>>>> >>>>>>>> Mobile - *+94777776950* >>>>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> Architecture@wso2.org >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> Architecture@wso2.org >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Tanya Madurapperuma >>>>>> >>>>>> Senior Software Engineer, >>>>>> WSO2 Inc. : wso2.com >>>>>> Mobile : +94718184439 <+94%2071%20818%204439> >>>>>> Blog : http://tanyamadurapperuma.blogspot.com >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> Architecture@wso2.org >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Sajith Janaprasad Ariyarathna >>>>> Software Engineer; WSO2, Inc.; http://wso2.com/ >>>>> <https://wso2.com/signature> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> Architecture@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Thanuja Lakmal* >>>> Senior Software Engineer >>>> WSO2 Inc. http://wso2.com/ >>>> *lean.enterprise.middleware* >>>> Mobile: +94715979891 +94758009992 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Sajith Janaprasad Ariyarathna >>> Software Engineer; WSO2, Inc.; http://wso2.com/ >>> <https://wso2.com/signature> >>> >> >> >> >> -- >> *Thanuja Lakmal* >> Senior Software Engineer >> WSO2 Inc. http://wso2.com/ >> *lean.enterprise.middleware* >> Mobile: +94715979891 +94758009992 >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Thanks & Regards, > > *Johann Dilantha Nallathamby* > Technical Lead & Product Lead of WSO2 Identity Server > Governance Technologies Team > WSO2, Inc. > lean.enterprise.middleware > > Mobile - *+94777776950* > Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Thanuja Lakmal* Senior Software Engineer WSO2 Inc. http://wso2.com/ *lean.enterprise.middleware* Mobile: +94715979891 +94758009992
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture