looping Dmitry to the thread
On Fri, Sep 5, 2014 at 10:26 AM, Chamila Adhikarinayake <[email protected]> wrote: > Hi all, > > The current user signup method (jsFunction_addUser() [1]) in API manager > uses addUser method in UserRegistrationService[2] (through > UserRegistrationAdminService from APIM) to register the user and suggested > to use that same method for tenant user signup as well (Shariq has modified > this so that tenant-wise roles can be taken from the registry and assign > them to the tenant user ). But with that modification, This method cannot > be used for tenant signup with the current user signup workflow in the api > manager. > > When signing up an user to super user store, first add a user by calling > adduser method (from this method, user is assigned with default > internal/identity role from UserRegistrationService) and then follow the > signup workflow and finally add the role to that user. In the signup > workflow, user approval process is managed and till then the user cannot > log in. But when addUser method is called for tenant signup, a tenant user > is created and all his roles are assigned to him at the creation point. As > a result, second point (approval process) cannot be done. (user can log in > before the approval process is done). As a result, method to assign roles > by using '/_system/governance/repository/identity/sign-up-config' > (mentioned in 'User roles for tenants' in my first mail ) cannot be used in > this case. > > *Modified method to add user roles for tenants* > > As a result of above mentioned problem, a registry entry in > /_system/governance/repository/identity/sign-up-config won't be created as > mentioned in the first mail. Without this config, all the tenants created > using addUser method will have default internal/identity role. Registry > resource similar to 'sign-up-config' is created in seperate registry > location and this entry can be used to add roles to the tenant during the > final step. as a result approval process can be carried out during the > second step. > > > [1] > https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/apimgt/org.wso2.carbon.apimgt.hostobjects/1.2.3/src/main/java/org/wso2/carbon/apimgt/hostobjects/APIStoreHostObject.java > [2] > https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.user.registration/4.2.2/src/main/java/org/wso2/carbon/identity/user/registration/UserRegistrationService.java > > > Thanks, > Chamila. > > > On Thu, Sep 4, 2014 at 12:15 AM, Amila De Silva <[email protected]> wrote: > >> Hi Chamila, >> >> I think you have to start the TenantFlow and set the ID for the tenant >> correctly before fetching the configuration. In the method >> jsFunction_resumeWorkflow, this is done by calling >> PrivilegedCarbonContext.startTenantFlow(); >> >> PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain, >> true); >> >> >> >> On Wed, Sep 3, 2014 at 10:47 PM, Chamila Adhikarinayake < >> [email protected]> wrote: >> >>> Actually the tasks are created with that executor for other tenants as >>> well. but not inside the correct tenant domain in the BPS. They are created >>> in carbon.super tenant domain and the related task can be viewed in >>> workflow-admin ui only by login as super user. >>> >>> following is the reason I think that causes this. >>> >>> In the method jsFunction_addUser() in APIStoreHostObject following code >>> is there to create the workflow >>> >>> WorkflowExecutor userSignUpWFExecutor = >>> WorkflowExecutorFactory.getInstance() >>> >>> .getWorkflowExecutor(WorkflowConstants.WF_TYPE_AM_USER_SIGNUP); >>> >>> This WorkflowExecutor is created using carbon.super user configuration >>> information in the registry. In the 'getWorkflowConfigurations()' method in >>> WorkflowExecutorFactory class >>> PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); is >>> used to get the domain name. (aslo tenant id). So even though there is a >>> different tenant domain, these values do not change. So superuser conf is >>> used and the request is sent to the carbon.super tenant in BPS. not to the >>> tenant's one. So I'm working on passing the correct domain info to this >>> >>> >>> On Wed, Sep 3, 2014 at 9:06 PM, Nuwan Dias <[email protected]> wrote: >>> >>>> On Wed, Sep 3, 2014 at 9:02 PM, Chamila Adhikarinayake < >>>> [email protected]> wrote: >>>> >>>>> Hi all, >>>>> I'm creating user self signup feature for tenant store in API Manager. >>>>> Current api manager provides only self signup facility for carbon.super >>>>> store. To add tenant users, tenant admin has to manually add it through >>>>> the >>>>> carbon console. >>>>> >>>>> Following parts will be implemented >>>>> >>>>> *UI changes* (see attached images) >>>>> >>>>> 1. enable the sign-up button for tenant user store >>>>> 2. add the domain name extension for the user name field in the user >>>>> registration form. (this is appended to the user name) >>>>> >>>>> *User roles for tenants * >>>>> >>>>> Tenant signup configuration will be moved to the registry location >>>>> '/_system/governance/repository/identity/sign-up-config'. This part is >>>>> already implemented by Shariq for a IS component(See discussion in the >>>>> thread "Provide support for self signup for tenants' APIStores" for more >>>>> info on the configuration). But this resource needed to be created >>>>> manually. So as a part of the implementation, This resource will be added >>>>> with default values when creating a tenant. Default value will be >>>>> >>>>> <SelfSignUp> >>>>> <SignUpDomain>PRIMARY</SignUpDomain> >>>>> <SignUpRole> >>>>> <RoleName>subscriber</RoleName> >>>>> <IsExternalRole>false</IsExternalRole> >>>>> </SignUpRole> >>>>> </SelfSignUp> >>>>> >>>>> >>>>> *Modification to current work-flow for tenant sign-up. * >>>>> >>>>> The current implemented method does not work when >>>>> UserSignUpWSWorkflowExecutor is used in the work-flow. this can be only >>>>> used with tenants signups for superuser. Existing code uses configuration >>>>> in the carbon super user's registry entry >>>>> '/_system/governance/apimgt/applicationdata/workflow-extensions.xml' for >>>>> tenants as well ( see jsFunction_addUser() in >>>>> org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject class. ). When >>>>> registering a tenant user for different tenant, configuration in the >>>>> tenant's workflow-extensions.xml needed to be used. >>>>> >>>>> I have implemented basic functionality[1] as requested by AmilaM >>>>> (Users can signup for tenant stores. But Tenant admin has to manually add >>>>> the registry entry with user roles to the given location. If this entry is >>>>> not there, a default 'identity' user role is assigned to the user. Only >>>>> UserSignUpSimpleWorkflowExecutor for the workflow can be used with this. >>>>> If >>>>> UserSignUpWSWorkflowExecutor is used to connect to the BPS, the tenant >>>>> approval tasks are not created properly) >>>>> >>>> >>>> Do we know the reason for the tasks of the BPS not being created when >>>> the UserSignUpWSWorkflowExecutor is used? We will need to dig into that >>>> IMO. >>>> >>>>> >>>>> [1] https://wso2.org/jira/browse/APIMANAGER-2785 >>>>> >>>>> Comments are highly appreciated >>>>> Thanks, >>>>> Chamila. >>>>> >>>>> -- >>>>> Regards, >>>>> Chamila Adhikarinayake >>>>> Software Engineer >>>>> WSO2, Inc. >>>>> Mobile - +94712346437 >>>>> Email - [email protected] >>>>> >>>> >>>> >>>> >>>> -- >>>> Nuwan Dias >>>> >>>> Associate Tech Lead - WSO2, Inc. http://wso2.com >>>> email : [email protected] >>>> Phone : +94 777 775 729 >>>> >>> >>> >>> >>> -- >>> Regards, >>> Chamila Adhikarinayake >>> Software Engineer >>> WSO2, Inc. >>> Mobile - +94712346437 >>> Email - [email protected] >>> >> >> >> >> -- >> *Amila De Silva* >> >> WSO2 Inc. >> mobile :(+94) 775119302 >> >> > > > -- > Regards, > Chamila Adhikarinayake > Software Engineer > WSO2, Inc. > Mobile - +94712346437 > Email - [email protected] > -- Regards, Chamila Adhikarinayake Software Engineer WSO2, Inc. Mobile - +94712346437 Email - [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
