Hi Isuru and all The problem I see is not we are using Management permission, but using same permission everywhere. Because of that all secured endpoint s in carbon either can be exposed or blocked. We cannot block some and allow some. On Aug 17, 2014 1:23 AM, "Isuru Perera" <[email protected]> wrote:
> Hi all, > > In Carbon, we use ManagementPermission [1] to check security. See > org.wso2.carbon.base.CarbonBaseUtils.checkSecurity() method [2]. > > Instead of checking ManagementPermission [1], I think we must use our own > permissions to check security in CarbonContext APIs. The > ManagementPermission [1] is used for a different purposes. > > Shall we introduce new Permission classes for future Carbon releases? > > Thanks! > > Best Regards, > > [1] > http://docs.oracle.com/javase/7/docs/api/java/lang/management/ManagementPermission.html > [2] > https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/core/org.wso2.carbon.base/4.2.0/src/main/java/org/wso2/carbon/base/CarbonBaseUtils.java > > -- > Isuru Perera > Senior Software Engineer | WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > > about.me/chrishantha > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
