Hi Vidura, Thanks for the information, I guess the following values defines the correlation between component and the authorizer.
@Component(name = "some.component.exposing.Authorizer, ... authorizer: "some.component.exposing.Authorizer" Cheers, Ruwan On Fri, May 12, 2017 at 5:34 PM, Vidura Nanayakkara <vidu...@wso2.com> wrote: > Hi Ruwan, > > This supports OSGI mode as well. In that case, you have to add the > @Component annotation to the implemented class. > > e.g: > > @Component(name = "org.wso2.carbon.uuf.sample.si > mpleauth.bundle.api.auth.CaasAuthorizer", > > service = Authorizer.class, > immediate = true > ) > public class CaasAuthorizer implements Authorizer { > > @Override > public boolean hasPermission(User user, Permission permission) { > *// Some logic here.* > } > } > > > Best Regards, > Vidura Nanayakkara > > On Fri, May 12, 2017 at 5:24 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote: > >> Hi All, >> >> >> # Authorizer for this app >> authorizer: "org.wso2.carbon.uuf.sample.simpleauth.bundle.api.auth.CaasA >> uthorizer" >> >> >> Does this means UUF uses reflection to instantiate the class given by the >> "authorizer" property? If this is the case, could you make it using OSGI >> service instead. >> >> Cheers, >> Ruwan >> >> On Fri, May 12, 2017 at 5:17 PM, Vidura Nanayakkara <vidu...@wso2.com> >> wrote: >> >>> Hi All, >>> >>> The following changes will be made to the UUF framework in order to >>> archive the above. >>> >>> - You now have to implement the `Authorizer` interface in order to >>> plug in any type of `Authorizer` you want. `Authorizer` interface will >>> have >>> the following methods: >>> >>> boolean hasPermission(User user, Permission permission); >>> >>> >>> - In order to plug in the `Authorizer`, the `Authorizer` >>> implementation needs to be specified in the `app.yaml` configuration of >>> the >>> particular UUF app. >>> >>> ... >>> >>> # Authorizer for this app >>> authorizer: >>> "org.wso2.carbon.uuf.sample.simpleauth.bundle.api.auth.CaasAuthorizer" >>> ... >>> >>> Please note that if you do not specify this value, the app will not have an >>> `Authorizer` and will return `false` every time the `hasPermission()` >>> method is called. >>> >>> >>> - Instead of the `User` interface, we now have introduced a >>> concrete `User` class. >>> >>> >>> >>> >>> On Wed, May 3, 2017 at 10:34 PM, Rasika Perera <rasi...@wso2.com> wrote: >>> >>>> Hi Sajith, >>>> >>>> I am +1 to allow custom authorizers. But not bit convinced with the >>>> reason provided. >>>> >>>> Java allows non-serializable properties on the objects with "transient" >>>> keyword. At the time of deserialize these properties will be in default >>>> values (i.e. objects will be null). Then you can override " >>>> readResolve()" method to fetch & assign the current state of the >>>> system for those properties. >>>> >>>> Best Regards, >>>> Rasika >>>> >>>> On Wed, May 3, 2017 at 10:47 AM, SajithAR Ariyarathna < >>>> sajit...@wso2.com> wrote: >>>> >>>>> Hi All, >>>>> >>>>> We are in the process of introducing an extensible authorizer for >>>>> Carbon UUF. >>>>> >>>>> At the moment authorization is done via the org.wso2.carbon.uuf.spi.au >>>>> th.User interface [1]. When creating an user session, implementation >>>>> of the User interface (e.g. CaasUser [2]) should be passed. The main >>>>> drawback of this approach is, the logic in the hasPermission() method >>>>> has to be serializable. Usually this is difficult to achieve because in >>>>> order to evaluate permissions one might need to access some user >>>>> management >>>>> services (e.g. Realm Service) which cannot be serialized. Hence moving the >>>>> hasPermission() method out of the User class and allowing to plug-in >>>>> a custom authorizer would be a better approach. >>>>> >>>>> WDYT? >>>>> >>>>> [1] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/compo >>>>> nents/uuf-core/src/main/java/org/wso2/carbon/uuf/spi/auth/Us >>>>> er.java#L28 >>>>> [2] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/sampl >>>>> es/osgi-bundles/org.wso2.carbon.uuf.sample.simple-auth.bundl >>>>> e/src/main/java/org/wso2/carbon/uuf/sample/simpleauth/bundle >>>>> /CaasUser.java >>>>> >>>>> Thanks. >>>>> -- >>>>> Sajith Janaprasad Ariyarathna >>>>> Senior Software Engineer; WSO2, Inc.; http://wso2.com/ >>>>> <https://wso2.com/signature> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> Architecture@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> With Regards, >>>> >>>> *Rasika Perera* >>>> Senior Software Engineer >>>> LinkedIn: http://lk.linkedin.com/in/rasika90 >>>> >>>> <http://wso2.com/signature> >>>> >>>> WSO2 Inc. www.wso2.com >>>> lean.enterprise.middleware >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Best Regards, >>> >>> *Vidura Nanayakkara* >>> Software Engineer >>> >>> Email : vidu...@wso2.com >>> Mobile : +94 (0) 717 919277 <+94%2071%20791%209277> >>> Web : http://wso2.com >>> Blog : https://medium.com/@viduran <http://wso2.com/> >>> LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara >>> <http://wso2.com/> >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> >> *Ruwan Abeykoon* >> *Associate Director/Architect**,* >> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * >> *lean.enterprise.middleware.* >> >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Best Regards, > > *Vidura Nanayakkara* > Software Engineer > > Email : vidu...@wso2.com > Mobile : +94 (0) 717 919277 <+94%2071%20791%209277> > Web : http://wso2.com > Blog : https://medium.com/@viduran <http://wso2.com/> > LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara > <http://wso2.com/> > -- *Ruwan Abeykoon* *Associate Director/Architect**,* *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * *lean.enterprise.middleware.*
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture