Hi All, As i mentioned in the initial mail we will get rid of "login" call to AuthenticationAdmin and will authenticate users only through provided authenticators. During this change i realise that we were authorising (checking whether users have login permission) users at the same time we authenticate users. IMO the authentication process should not do any permission checks rather it should only validate the user is a legitimate user within the system.
If we need to authorise users we need to make a separate call (We are yet to identify which component is going to handle authorization). I will be changing code accordingly. If you have any concerns / feedback please let me know. Thanks AmilaJ On Wed, Feb 15, 2012 at 8:33 AM, Manjula Rathnayake <manju...@wso2.com> wrote: > > > On Tue, Feb 14, 2012 at 10:14 PM, Sameera Jayasoma <same...@wso2.com> wrote: >> >> https://wso2.org/jira/browse/CARBON-12378 >> >> Thanks, >> Sameera. >> >> >> On Tue, Feb 14, 2012 at 9:50 PM, Amila Jayasekara <ami...@wso2.com> wrote: >>> >>> On Tue, Feb 14, 2012 at 9:32 PM, Sameera Jayasoma <same...@wso2.com> >>> wrote: >>> > Hi Amila, >>> > >>> > +1 for the proposed changes. Please see my comments below. >>> > >>> > On Tue, Feb 14, 2012 at 3:22 PM, Amila Jayasekara <ami...@wso2.com> >>> > wrote: >>> >> >>> >> Hi All, >>> >> >>> >> We had a review discussion on Carbon Authenticators and following are >>> >> the review notes. >>> >> >>> >> 1. There are some common logic that should be implemented in every >>> >> authenticator. Currently invoking this logic is duplicated among >>> >> authenticators. So to avoid that we are planning to come up with an >>> >> abstract Authenticator implementation. >>> >> 2. As per now AuthenticationHandler first invokes AuthenticationAdmin >>> >> and then it calls chain of authenticators. The AuthenticationAdmin >>> >> call is not necessary. We need to refactor code in such a way that >>> >> authenticator it self will only handle authenticating logic (Rather >>> >> than within the Handler). >>> >> 3. Properly implement authenticator chaining pattern. Make use >>> >> “isHandle”, “priority”, “isAuthenticated” methods and make only >>> >> authenticator aware about the logic. >>> >> 4. After cleaning up the API, implement “Basic Auth” authenticator. >>> >> (As first step) >>> > >>> > >>> > 5. Cleanup Carbon.UI framework to improve the plugability of custom >>> > authenticators. I recently wrote an authenticator, but I had to hard >>> > code >>> > some URLs in the CarbonSecurityHttpContext class. Please have a look at >>> > the >>> > following method in this class. >>> > >>> > private boolean skipSSOSessionInvalidation(String requestedURI) { >>> > boolean skipSessionInvalidation = false; >>> > if ((requestedURI.indexOf("/samlsso") > -1) >>> > || (requestedURI.indexOf("sso-saml/login.jsp") > -1) >>> > || >>> > (requestedURI.indexOf("stratos-sso/login_ajaxprocessor.jsp") > -1) >>> > || >>> > (requestedURI.indexOf("sso-saml/redirect_ajaxprocessor.jsp") > -1) >>> > || >>> > (requestedURI.indexOf("stratos-sso/redirect_ajaxprocessor.jsp") > -1) >>> > || >>> > (requestedURI.indexOf("sso-acs/redirect_ajaxprocessor.jsp") > -1) >>> > || >>> > (requestedURI.indexOf("stratos-auth/redirect_ajaxprocessor.jsp") > -1)) >>> > { >>> > skipSessionInvalidation = true; >>> > } >>> > return skipSessionInvalidation; >>> > } >>> > >>> > As a part of this effort, lets refactor this bit of code as well. > > > I have looked into this already, I will come up with set of handler > implementations(same as axis2 handlers) to clean up that lengthy method. We > will discuss once I am done with the code. > > Thank you. >>> >>> >>> +1. Will take above into consideration as well. If possible please >>> create a carbon Jira and assigned to me. >>> >>> Thanks >>> AmilaJ >>> >>> > >>> > Thanks, >>> > Sameera. >>> > >>> >> >>> >> Thanks >>> >> AmilaJ >>> >> >>> >> -- >>> >> Mobile : +94773330538 >>> >> >>> >> _______________________________________________ >>> >> Carbon-dev mailing list >>> >> Carbon-dev@wso2.org >>> >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> > >>> > >>> > >>> > >>> > -- >>> > Sameera Jayasoma >>> > Technical Lead and Product Manager, WSO2 Carbon >>> > >>> > WSO2, Inc. (http://wso2.com) >>> > email: same...@wso2.com >>> > blog: http://tech.jayasoma.org >>> > >>> > >>> > Lean . Enterprise . Middleware >>> > >>> > _______________________________________________ >>> > Carbon-dev mailing list >>> > Carbon-dev@wso2.org >>> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> > >>> >>> >>> >>> -- >>> Mobile : +94773330538 >>> _______________________________________________ >>> Carbon-dev mailing list >>> Carbon-dev@wso2.org >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> >> >> >> -- >> Sameera Jayasoma >> Technical Lead and Product Manager, WSO2 Carbon >> >> WSO2, Inc. (http://wso2.com) >> email: same...@wso2.com >> blog: http://tech.jayasoma.org >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > > > > -- > Manjula Rathnayaka > Software Engineer > WSO2, Inc. > Mobile:+94 77 743 1987 > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > -- Mobile : +94773330538 _______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
