Hi Vidura,
Thanks for the information,
I guess the following values defines the correlation between component and
the authorizer.
@Component(name = "some.component.exposing.Authorizer,
...
authorizer: "some.component.exposing.Authorizer"
Cheers,
Ruwan
On Fri, May 12, 2017 at 5:34 PM, Vidura Nanayakkara <vidu...@wso2.com>
wrote:
> Hi Ruwan,
>
> This supports OSGI mode as well. In that case, you have to add the
> @Component annotation to the implemented class.
>
> e.g:
>
> @Component(name = "org.wso2.carbon.uuf.sample.si
> mpleauth.bundle.api.auth.CaasAuthorizer",
>
> service = Authorizer.class,
> immediate = true
> )
> public class CaasAuthorizer implements Authorizer {
>
> @Override
> public boolean hasPermission(User user, Permission permission) {
> *// Some logic here.*
> }
> }
>
>
> Best Regards,
> Vidura Nanayakkara
>
> On Fri, May 12, 2017 at 5:24 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote:
>
>> Hi All,
>> >>
>> # Authorizer for this app
>> authorizer: "org.wso2.carbon.uuf.sample.simpleauth.bundle.api.auth.CaasA
>> uthorizer"
>>
>>
>> Does this means UUF uses reflection to instantiate the class given by the
>> "authorizer" property? If this is the case, could you make it using OSGI
>> service instead.
>>
>> Cheers,
>> Ruwan
>>
>> On Fri, May 12, 2017 at 5:17 PM, Vidura Nanayakkara <vidu...@wso2.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> The following changes will be made to the UUF framework in order to
>>> archive the above.
>>>
>>> - You now have to implement the `Authorizer` interface in order to
>>> plug in any type of `Authorizer` you want. `Authorizer` interface will
>>> have
>>> the following methods:
>>>
>>> boolean hasPermission(User user, Permission permission);
>>>
>>>
>>> - In order to plug in the `Authorizer`, the `Authorizer`
>>> implementation needs to be specified in the `app.yaml` configuration of
>>> the
>>> particular UUF app.
>>>
>>> ...
>>>
>>> # Authorizer for this app
>>> authorizer:
>>> "org.wso2.carbon.uuf.sample.simpleauth.bundle.api.auth.CaasAuthorizer"
>>> ...
>>>
>>> Please note that if you do not specify this value, the app will not have an
>>> `Authorizer` and will return `false` every time the `hasPermission()`
>>> method is called.
>>>
>>>
>>> - Instead of the `User` interface, we now have introduced a
>>> concrete `User` class.
>>>
>>>
>>>
>>>
>>> On Wed, May 3, 2017 at 10:34 PM, Rasika Perera <rasi...@wso2.com> wrote:
>>>
>>>> Hi Sajith,
>>>>
>>>> I am +1 to allow custom authorizers. But not bit convinced with the
>>>> reason provided.
>>>>
>>>> Java allows non-serializable properties on the objects with "transient"
>>>> keyword. At the time of deserialize these properties will be in default
>>>> values (i.e. objects will be null). Then you can override "
>>>> readResolve()" method to fetch & assign the current state of the
>>>> system for those properties.
>>>>
>>>> Best Regards,
>>>> Rasika
>>>>
>>>> On Wed, May 3, 2017 at 10:47 AM, SajithAR Ariyarathna <
>>>> sajit...@wso2.com> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> We are in the process of introducing an extensible authorizer for
>>>>> Carbon UUF.
>>>>>
>>>>> At the moment authorization is done via the org.wso2.carbon.uuf.spi.au
>>>>> th.User interface [1]. When creating an user session, implementation
>>>>> of the User interface (e.g. CaasUser [2]) should be passed. The main
>>>>> drawback of this approach is, the logic in the hasPermission() method
>>>>> has to be serializable. Usually this is difficult to achieve because in
>>>>> order to evaluate permissions one might need to access some user
>>>>> management
>>>>> services (e.g. Realm Service) which cannot be serialized. Hence moving the
>>>>> hasPermission() method out of the User class and allowing to plug-in
>>>>> a custom authorizer would be a better approach.
>>>>>
>>>>> WDYT?
>>>>>
>>>>> [1] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/compo
>>>>> nents/uuf-core/src/main/java/org/wso2/carbon/uuf/spi/auth/Us
>>>>> er.java#L28
>>>>> [2] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/sampl
>>>>> es/osgi-bundles/org.wso2.carbon.uuf.sample.simple-auth.bundl
>>>>> e/src/main/java/org/wso2/carbon/uuf/sample/simpleauth/bundle
>>>>> /CaasUser.java
>>>>>
>>>>> Thanks.
>>>>> --
>>>>> Sajith Janaprasad Ariyarathna
>>>>> Senior Software Engineer; WSO2, Inc.; http://wso2.com/
>>>>> <https://wso2.com/signature>
>>>>>
>>>>> _______________________________________________
>>>>> Architecture mailing list
>>>>> Architecture@wso2.org
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> With Regards,
>>>>
>>>> *Rasika Perera*
>>>> Senior Software Engineer
>>>> LinkedIn: http://lk.linkedin.com/in/rasika90
>>>>
>>>> <http://wso2.com/signature>
>>>>
>>>> WSO2 Inc. www.wso2.com
>>>> lean.enterprise.middleware
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> Architecture@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>> Best Regards,
>>>
>>> *Vidura Nanayakkara*
>>> Software Engineer
>>>
>>> Email : vidu...@wso2.com
>>> Mobile : +94 (0) 717 919277 <+94%2071%20791%209277>
>>> Web : http://wso2.com
>>> Blog : https://medium.com/@viduran <http://wso2.com/>
>>> LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara
>>> <http://wso2.com/>
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>>
>> *Ruwan Abeykoon*
>> *Associate Director/Architect**,*
>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
>> *lean.enterprise.middleware.*
>>
>>
>> _______________________________________________
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Best Regards,
>
> *Vidura Nanayakkara*
> Software Engineer
>
> Email : vidu...@wso2.com
> Mobile : +94 (0) 717 919277 <+94%2071%20791%209277>
> Web : http://wso2.com
> Blog : https://medium.com/@viduran <http://wso2.com/>
> LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara
> <http://wso2.com/>
>
--
*Ruwan Abeykoon*
*Associate Director/Architect**,*
*WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
*lean.enterprise.middleware.*
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
