Hi, I was working with BAM dashboard for last couple of days. Here are my findings/concerns.
1. Right now dashboard app uses logged in users' credentials for backend access. The proper way to do is, having app-specific credentials. The standard approach is to avoid WS calls altogether and use OSGi services. (I tried to change this, however the logic is written in admin service itself for the tried out scenario) 2. Currently we have to manually edit the config files during each toolbox installation. - Chanaka should be able to explain this further 3. The dashboard pages, do not validate the user(using session) while serving. Hence initial login is somewhat dummy operation. 4. Make login mechanism pluggable - Many users will ask for SSO based login in the future. (since this is different from admin users) 5. Currently logged in user get validated using authenticationAdmin WS. Jaggery now supports user-manager interaction and we can use that. 6. Do we need a permission model (?) listed above are some of the issues (IMPOV) that i came across while working with the bamdashboard. Some of the issues may have got fixed with new release. :) just my 2 cents. thanks, --Pradeep
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
