On Wed, Aug 14, 2013 at 9:26 AM, Dimuthu Leelarathne <[email protected]>wrote:
> Hi, > > AF BPELs are running in the super tenant space. Now the question is, > whether BPEL should invoke admin services deployed in respective tenant > space or super tenant space. > > Here is sample of the admin services [1] From that we can see that some > admin services should be in super tenant space and others in respective > tenant space. > > So now comes the question, how can a BPEL running in admin space invoke an > admin service in tenant space? > > Here is the answer that can be seen so far. > > 1 - Write the mutual auth authenticator for carbon framework. This would > check whether the call is coming over a 2 way SSL connection and let the > user through. The authorization happen as the real user. This is discussed > in the mail thread titled "Multi-tenant AF user model" architecture@ > 2 - Extend the UnifiedEndPoint handler to inject the invoking person's > name in to a header (SOAP or HTTP) > We can set SOAP headers in BPEL but not http headers > > And another separate point, the admin services marked in yellow should > have an explicit permission check before performing any action to check > whether the user has permission to do particular action for the application. > > WDYT? > > thanks, > dimuthu > > > > > -- > Dimuthu Leelarathne > Architect & Product Lead of App Factory > > WSO2, Inc. (http://wso2.com) > email: [email protected] > Mobile : 0773661935 > > Lean . Enterprise . Middleware > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- ajanthan -- Ajanthan Balachandiran Senior Software Engineer; Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ email: ajanthan <http://goog_595075977>@wso2.com; cell: +94775581497 blog: http://bkayts.blogspot.com/ Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
