Il giorno 30/mar/2012, alle ore 14.29, Colm O hEigeartaigh ha scritto: > Hi Bob, > > I've been running into similar issues. > >> - /auth/getentitlements doesn't give me the roles of the connected user > > It gives you the list of entitlements associated with the roles of the > connected user. Perhaps this controller should also have a similar > method for returning a list of role names of the connected user as > well?
Probably you can have required information by using UserRequestController (see below). > A question I have is whether the list of entitlements is only for the > child roles or all of the entitlements associated with the role > hierarchy? https://issues.apache.org/jira/browse/SYNCOPE-48 > >> - /user/read?username=user : gives me the user but only if I >> authenticated with a user that has the possiblity to read other users >> as well. This means I should have some kind of administration >> connection to core instead of a user specific connection? > > Yes I think so. Your Tomcat user account should have the ability to > read users/roles etc., and you authenticate as this user. I think > there should possibly be an "authenticateUser" method or something > similar that takes in a username/password and returns true or false > depending on if there is a matching user in Syncope. You can read data about authenticated user by calling .../syncope/rest/user/request/read/self.xml This method is provided by the UserRequestController. Further, you have the method verifyPassword provided by UserController that could be used to verify userid/password. This method, for security reason can be called only by a user with USER_READ capability. >> - if there are hierarchical roles, I only get the child role. I >> suppose I have to walk the tree myself to retrieve the other roles? >> i.e. based on response to role/list request? > > IMO there should be an easy way to get all roles of the user rather > than having to walk the tree. Actually users have only the roles explicitly assigned. Regards, F. > > Colm. > > On Fri, Mar 30, 2012 at 12:42 PM, Bob Lannoy <[email protected]> wrote: >> Hi, >> >> suppose I have users & hierarchical roles in Syncope and an external >> system (tomcat webapp) that needs to authenticate those users and get >> the roles. >> Can you give me an indication on how I would go about this? >> >> I did some preliminary tests: >> - I can do an authentication to core using basic auth, but I saw that >> the user object also contains the hashed password of the user >> - /auth/getentitlements doesn't give me the roles of the connected user >> - /user/read?username=user : gives me the user but only if I >> authenticated with a user that has the possiblity to read other users >> as well. This means I should have some kind of administration >> connection to core instead of a user specific connection? >> - if there are hierarchical roles, I only get the child role. I >> suppose I have to walk the tree myself to retrieve the other roles? >> i.e. based on response to role/list request? >> regards >> >> Bob > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com
