Theoretical it is a easy fix, need to have a look and decide. --Srinath
On Wed, Aug 14, 2013 at 12:58 PM, Ajanthan Balachandran <[email protected]>wrote: > > > > On Wed, Aug 14, 2013 at 12:36 PM, Srinath Perera <[email protected]> wrote: > >> Ajanthan we can fix that by extending Unified endpoints to capture that. >> > Yes if we want to set any SOAP header to partner service request we can > set it in bpel itself because we have partner service request as variable > in bpel.But if we want to set it in http header we need to > extent Unified endpoints.But How we are going to capture the user who > invoked the BPEL? In the Unified endpoint handler do we have access to the > information on request(which instance's partner service request and who > invoked that instance)? > >> --Srinath >> >> >> On Wed, Aug 14, 2013 at 12:32 PM, Ajanthan Balachandran < >> [email protected]> wrote: >> >>> >>> >>> >>> On Wed, Aug 14, 2013 at 9:26 AM, Dimuthu Leelarathne >>> <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> AF BPELs are running in the super tenant space. Now the question is, >>>> whether BPEL should invoke admin services deployed in respective tenant >>>> space or super tenant space. >>>> >>>> Here is sample of the admin services [1] From that we can see that some >>>> admin services should be in super tenant space and others in respective >>>> tenant space. >>>> >>>> So now comes the question, how can a BPEL running in admin space invoke >>>> an admin service in tenant space? >>>> >>>> Here is the answer that can be seen so far. >>>> >>>> 1 - Write the mutual auth authenticator for carbon framework. This >>>> would check whether the call is coming over a 2 way SSL connection and let >>>> the user through. The authorization happen as the real user. This is >>>> discussed in the mail thread titled "Multi-tenant AF user model" >>>> architecture@ >>>> 2 - Extend the UnifiedEndPoint handler to inject the invoking person's >>>> name in to a header (SOAP or HTTP) >>>> >>> We can set SOAP headers in BPEL but not http headers >>> >>>> >>>> And another separate point, the admin services marked in yellow should >>>> have an explicit permission check before performing any action to check >>>> whether the user has permission to do particular action for the >>>> application. >>>> >>>> WDYT? >>>> >>>> thanks, >>>> dimuthu >>>> >>>> >>>> >>>> >>>> -- >>>> Dimuthu Leelarathne >>>> Architect & Product Lead of App Factory >>>> >>>> WSO2, Inc. (http://wso2.com) >>>> email: [email protected] >>>> Mobile : 0773661935 >>>> >>>> Lean . Enterprise . Middleware >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> ajanthan >>> -- >>> Ajanthan Balachandiran >>> Senior Software Engineer; >>> Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ >>> >>> email: ajanthan <http://goog_595075977>@wso2.com; cell: +94775581497 >>> blog: http://bkayts.blogspot.com/ >>> >>> >>> Lean . Enterprise . Middleware >>> >> >> >> >> -- >> ============================ >> Srinath Perera, Ph.D. >> Director, Research, WSO2 Inc. >> Visiting Faculty, University of Moratuwa >> Member, Apache Software Foundation >> Research Scientist, Lanka Software Foundation >> Blog: http://srinathsview.blogspot.com/ >> Photos: http://www.flickr.com/photos/hemapani/ >> Phone: 0772360902 >> > > > > -- > ajanthan > -- > Ajanthan Balachandiran > Senior Software Engineer; > Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ > > email: ajanthan <http://goog_595075977>@wso2.com; cell: +94775581497 > blog: http://bkayts.blogspot.com/ > > Lean . Enterprise . Middleware > -- ============================ Srinath Perera, Ph.D. Director, Research, WSO2 Inc. Visiting Faculty, University of Moratuwa Member, Apache Software Foundation Research Scientist, Lanka Software Foundation Blog: http://srinathsview.blogspot.com/ Photos: http://www.flickr.com/photos/hemapani/ Phone: 0772360902
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
