On Mon, Jul 15, 2013 at 10:38 AM, Amila Suriarachchi <[email protected]> wrote:
>
>
>
> Here is another example. Registry has following method. This method is
> used to check whether a given user in admin role and allow some permissions
> (see the usage of this method) to user. If we have an hasRole method as in
> here[1] we shall not require this method and code would have written as
>
> userRealm.hasRole(userName, "admin");
>
We have the method, isUserHasRole(User, Role) in UserStoreManager. Having
this in UserRealm is not that meaningful.
Thanks & regards,
-Prabath
>
> public static boolean hasAdminAuthorizations(String userName, UserRealm
> userRealm)
> throws RegistryException {
>
> try {
> UserStoreManager userStoreReader =
> userRealm.getUserStoreManager();
>
> RealmConfiguration realmConfig;
> try {
> realmConfig = userRealm.getRealmConfiguration();
> } catch (UserStoreException e) {
> String msg = "Failed to retrieve realm configuration.";
> log.error(msg, e);
> throw new RegistryException(msg, e);
> }
> String systemUser = CarbonConstants.REGISTRY_SYSTEM_USERNAME;
>
> if (systemUser.equals(userName)) {
> return true;
> }
>
> String adminUser = realmConfig.getAdminUserName();
> if (adminUser.equals(userName)) {
> return true;
> }
>
> String[] roles = userStoreReader.getRoleListOfUser(userName);
> String adminRoleName = realmConfig.getAdminRoleName();
> if (containsString(adminRoleName, roles)) {
> return true;
> }
>
> } catch (UserStoreException e) {
>
> String msg = "Failed to check authorization level of user " +
> userName + ". Caused by: " + e.getMessage();
> log.error(msg, e);
> throw new RegistryException(msg, e);
> }
>
> return false;
> }
>
> thanks,
> Amila.
>
>
> [1]
> http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/Realm.html
>
>>
>> With C5 we can keep such a simple API at core level and put admin
>> functionality to carbon components.
>>
>> thanks,
>> Amila.
>>
>>
>> [1]
>> http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/Realm.html
>>
>>>
>>> Thanks & regards,
>>> -Prabath
>>>
>>>
>>> On Thu, Jul 11, 2013 at 12:42 PM, Amila Suriarachchi <[email protected]>wrote:
>>>
>>>>
>>>>
>>>>
>>>> On Thu, Jul 11, 2013 at 10:21 AM, Prabath Siriwardena <[email protected]
>>>> > wrote:
>>>>
>>>>> UserStoreManager API is not clean at all.. There so many stuff can
>>>>> remove... Also maintain two interfaces one in the core and another in API.
>>>>> We need to get rid of the interface in core..
>>>>>
>>>>> On Thu, Jul 11, 2013 at 10:06 AM, Asela Pathberiya <[email protected]>wrote:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> I am not sure why we are keeping following method in the API...
>>>>>> Sorry, if i have missed any thing.... If there are on any usage, we can
>>>>>> remove them...
>>>>>>
>>>>>> 1. String[] getAllSecondaryRoles()
>>>>>>
>>>>>> Why we need only the roles of secondary user store?
>>>>>>
>>>>>
>>>>> This is useful.. In a multi-tenanted environment - primary user store
>>>>> is governed by the super tenant.. It's also better to have a method
>>>>> getRoles(String userStoreDomain).
>>>>>
>>>>
>>>> This is wrong. You should not try to get the roles from the UserStore.
>>>> Roles has to come from the Authorization manager.
>>>>
>>>> thanks,
>>>> Amila.
>>>>
>>>>>
>>>>> Thanks & regards,
>>>>> -Prabath
>>>>>
>>>>>
>>>>>>
>>>>>> 2. int getTenantId(String username)
>>>>>>
>>>>>> Once user is authenticated, we knows the tenant Id. Else why we need
>>>>>> to get the tenant id of a user who is not in its tenant space ?
>>>>>>
>>>>>> 3. int getUserId(String username)
>>>>>>
>>>>>> What is the use of user id? It seems to this is auto increment value
>>>>>> of UM_USER table
>>>>>>
>>>>>> 4. int getTenantId()
>>>>>>
>>>>>> I guess, tenant Id is not need to expose via user store manager API,
>>>>>> it is available with carbon context
>>>>>>
>>>>>> Thanks,
>>>>>> Asela.
>>>>>>
>>>>>> --
>>>>>> Thanks & Regards,
>>>>>> Asela
>>>>>>
>>>>>> Mobile : +94 777 625 933
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Thanks & Regards,
>>>>> Prabath
>>>>>
>>>>> Mobile : +94 71 809 6732
>>>>>
>>>>> http://blog.facilelogin.com
>>>>> http://RampartFAQ.com
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> [email protected]
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Amila Suriarachchi*
>>>>
>>>> Software Architect
>>>> WSO2 Inc. ; http://wso2.com
>>>> lean . enterprise . middleware
>>>>
>>>> phone : +94 71 3082805
>>>>
>>>
>>>
>>>
>>> --
>>> Thanks & Regards,
>>> Prabath
>>>
>>> Mobile : +94 71 809 6732
>>>
>>> http://blog.facilelogin.com
>>> http://RampartFAQ.com
>>>
>>
>>
>>
>> --
>> *Amila Suriarachchi*
>>
>> Software Architect
>> WSO2 Inc. ; http://wso2.com
>> lean . enterprise . middleware
>>
>> phone : +94 71 3082805
>>
>
>
>
> --
> *Amila Suriarachchi*
>
> Software Architect
> WSO2 Inc. ; http://wso2.com
> lean . enterprise . middleware
>
> phone : +94 71 3082805
>
--
Thanks & Regards,
Prabath
Mobile : +94 71 809 6732
http://blog.facilelogin.com
http://RampartFAQ.com
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
