Ajanthan we can fix that by extending Unified endpoints to capture that. --Srinath
On Wed, Aug 14, 2013 at 12:32 PM, Ajanthan Balachandran <[email protected]>wrote: > > > > On Wed, Aug 14, 2013 at 9:26 AM, Dimuthu Leelarathne <[email protected]>wrote: > >> Hi, >> >> AF BPELs are running in the super tenant space. Now the question is, >> whether BPEL should invoke admin services deployed in respective tenant >> space or super tenant space. >> >> Here is sample of the admin services [1] From that we can see that some >> admin services should be in super tenant space and others in respective >> tenant space. >> >> So now comes the question, how can a BPEL running in admin space invoke >> an admin service in tenant space? >> >> Here is the answer that can be seen so far. >> >> 1 - Write the mutual auth authenticator for carbon framework. This would >> check whether the call is coming over a 2 way SSL connection and let the >> user through. The authorization happen as the real user. This is discussed >> in the mail thread titled "Multi-tenant AF user model" architecture@ >> 2 - Extend the UnifiedEndPoint handler to inject the invoking person's >> name in to a header (SOAP or HTTP) >> > We can set SOAP headers in BPEL but not http headers > >> >> And another separate point, the admin services marked in yellow should >> have an explicit permission check before performing any action to check >> whether the user has permission to do particular action for the application. >> >> WDYT? >> >> thanks, >> dimuthu >> >> >> >> >> -- >> Dimuthu Leelarathne >> Architect & Product Lead of App Factory >> >> WSO2, Inc. (http://wso2.com) >> email: [email protected] >> Mobile : 0773661935 >> >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > ajanthan > -- > Ajanthan Balachandiran > Senior Software Engineer; > Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ > > email: ajanthan <http://goog_595075977>@wso2.com; cell: +94775581497 > blog: http://bkayts.blogspot.com/ > > > Lean . Enterprise . Middleware > -- ============================ Srinath Perera, Ph.D. Director, Research, WSO2 Inc. Visiting Faculty, University of Moratuwa Member, Apache Software Foundation Research Scientist, Lanka Software Foundation Blog: http://srinathsview.blogspot.com/ Photos: http://www.flickr.com/photos/hemapani/ Phone: 0772360902
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
