The following snippet shows how authentication and authorization can be
done using the user APIs. We use a similar approach in jaas as well [1][2].
NameCallback usernameCallback = new NameCallback("username");
> PasswordCallback passwordCallback = new PasswordCallback("password", false
> );
> usernameCallback.setName("admin");
> passwordCallback.setPassword(new char[]{'a', 'd', 'm', 'i', 'n'};
> Callback[] callbacks = {usernameCallback, passwordCallback};
> try {
> //Authentication
> AuthenticationContext authenticationContext = CarbonSecurityDataHolder.
> getInstance().getCarbonRealmService()
> .getCredentialStore().authenticate(callbacks);
> user = authenticationContext.getUser();
> //Authorization
> user.isAuthorized(new Permission(carbonPermission.getName(),
> carbonPermission.getActions()));
> } catch (AuthenticationFailure authenticationFailure) {
> throw new LoginException("Authentication failure.");
> }
[1] -
https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/jaas/modules/UsernamePasswordLoginModule.java#L108-L114
[2] -
https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/jaas/CarbonPrincipal.java#L76-L82
Regards,
Omindu.
On Tue, May 3, 2016 at 7:40 PM, Kishanthan Thangarajah <[email protected]>
wrote:
> Can you provide a code sample on how the user authorization is done (the
> flow) based on the above explanation?
>
> On Tue, May 3, 2016 at 2:31 PM, Jayanga Kaushalya <[email protected]>
> wrote:
>
>> Hi Kishanthan,
>>
>> Respective store ids are available through the respective beans. For
>> example User bean has the identity store id and the credential store id. To
>> call an API which requires a store id, you needs to have the respective
>> bean first. For example by authenticating an user via calling authenticate
>> method will return an User bean with it's identity store id and the
>> credential store id. Or otherwise by calling getUser(username) method you
>> can get the User bean. Most of the operations which requires an store id
>> can be directly called from the bean it self. For example isUserAuthorized
>> can be called like User.isAuthorized(Permission).
>>
>> Thanks!
>>
>> *Jayanga Kaushalya*
>> Software Engineer
>> Mobile: +94777860160
>> WSO2 Inc. | http://wso2.com
>> lean.enterprise.middleware
>>
>> On Tue, May 3, 2016 at 11:56 AM, Kishanthan Thangarajah <
>> [email protected]> wrote:
>>
>>> Most of the API methods we could see that we need to pass the
>>> identityStoreId like below.
>>>
>>> public boolean isUserAuthorized(String userId, Permission permission,
>>> String identityStoreId)
>>>
>>> How do we identify this store-id before calling?
>>>
>>> On Sat, Apr 30, 2016 at 10:12 PM, Jayanga Kaushalya <[email protected]>
>>> wrote:
>>>
>>>> Hi Darshana,
>>>>
>>>> Yes, those links are correct. We have changed the package name from
>>>> org.wso2.carbon.security to org.wso2.carbon.security.caas since that is the
>>>> name we are going to use in future.
>>>>
>>>> Thanks!
>>>>
>>>> *Jayanga Kaushalya*
>>>> Software Engineer
>>>> Mobile: +94777860160
>>>> WSO2 Inc. | http://wso2.com
>>>> lean.enterprise.middleware
>>>>
>>>> On Sat, Apr 30, 2016 at 6:49 PM, Darshana Gunawardana <
>>>> [email protected]> wrote:
>>>>
>>>>> I assume these should be the correct links. @Jayanga please correct me
>>>>> if I'm wrong.
>>>>>
>>>>> [1]
>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/user/core/service/RealmService.java
>>>>> [2]
>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/user/core/common/CarbonRealmServiceImpl.java
>>>>> [3]
>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/user/core/store/AuthorizationStore.java
>>>>> [4]
>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/user/core/store/CredentialStore.java
>>>>> [5]
>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/user/core/store/IdentityStore.java
>>>>>
>>>>> Regards,
>>>>> Darshana
>>>>>
>>>>> On Fri, Apr 29, 2016 at 11:36 PM, Kishanthan Thangarajah <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Can you send the correct git-hub links to these API's? Provided links
>>>>>> are either wrong or packages/modules have been renamed.
>>>>>>
>>>>>> On Fri, Apr 29, 2016 at 6:35 PM, Jayanga Kaushalya <[email protected]
>>>>>> > wrote:
>>>>>>
>>>>>>> Hi all,
>>>>>>>
>>>>>>> User core related authentication and authorization operations can be
>>>>>>> accessed through RealmService. Bellow diagram explains the brief
>>>>>>> outlook of
>>>>>>> the Realm service and respective stores.
>>>>>>>
>>>>>>>
>>>>>>> *RealmService*
>>>>>>>
>>>>>>> Realm service is the User Core API which is exposed to external
>>>>>>> users. Each store can be accessed through the realm service. API is
>>>>>>> available in [1]
>>>>>>>
>>>>>>> *CarbonRealmServiceImpl*
>>>>>>>
>>>>>>> Implementation of the realm service. API is available in [2]
>>>>>>>
>>>>>>> *IdentityStore*
>>>>>>>
>>>>>>> Identity store contains all identity management related read only
>>>>>>> operations. All CRUD operations related to identity management will be
>>>>>>> available through extended version of the user core and which will be
>>>>>>> available through carbon identity repository.
>>>>>>> API details are available in the [5].
>>>>>>>
>>>>>>> *CredentialStore*
>>>>>>>
>>>>>>> Credential store contains all credential management related read
>>>>>>> only operations. All CRUD operations related to the credential
>>>>>>> management
>>>>>>> will be available through extended version of the user core and which
>>>>>>> will
>>>>>>> be available through carbon identity repository.
>>>>>>> API details are available in the [4]
>>>>>>>
>>>>>>> *AuthorizationStore*
>>>>>>>
>>>>>>> All authorization related CRUD operations will be available through
>>>>>>> the authorization store. API details are available in the [3]
>>>>>>>
>>>>>>> [1]
>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security/src/main/java/org/wso2/carbon/security/user/core/service/RealmService.java
>>>>>>>
>>>>>>> [2]
>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security/src/main/java/org/wso2/carbon/security/user/core/common/CarbonRealmServiceImpl.java
>>>>>>> [3]
>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security/src/main/java/org/wso2/carbon/security/user/core/store/AuthorizationStore.java
>>>>>>> [4]
>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security/src/main/java/org/wso2/carbon/security/user/core/store/CredentialStore.java
>>>>>>> [5]
>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security/src/main/java/org/wso2/carbon/security/user/core/store/IdentityStore.java
>>>>>>>
>>>>>>
>>>>>>> *Jayanga Kaushalya*
>>>>>>> Software Engineer
>>>>>>> Mobile: +94777860160
>>>>>>> WSO2 Inc. | http://wso2.com
>>>>>>> lean.enterprise.middleware
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Architecture mailing list
>>>>>>> [email protected]
>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> *Kishanthan Thangarajah*
>>>>>> Associate Technical Lead,
>>>>>> Platform Technologies Team,
>>>>>> WSO2, Inc.
>>>>>> lean.enterprise.middleware
>>>>>>
>>>>>> Mobile - +94773426635
>>>>>> Blog - *http://kishanthan.wordpress.com
>>>>>> <http://kishanthan.wordpress.com>*
>>>>>> Twitter - *http://twitter.com/kishanthan
>>>>>> <http://twitter.com/kishanthan>*
>>>>>>
>>>>>> _______________________________________________
>>>>>> Architecture mailing list
>>>>>> [email protected]
>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>>
>>>>>
>>>>> *Darshana Gunawardana*Senior Software Engineer
>>>>> WSO2 Inc.; http://wso2.com
>>>>>
>>>>> *E-mail: [email protected] <[email protected]>*
>>>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>>>>>
>>>>> _______________________________________________
>>>>> Architecture mailing list
>>>>> [email protected]
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> *Kishanthan Thangarajah*
>>> Associate Technical Lead,
>>> Platform Technologies Team,
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - +94773426635
>>> Blog - *http://kishanthan.wordpress.com
>>> <http://kishanthan.wordpress.com>*
>>> Twitter - *http://twitter.com/kishanthan
>>> <http://twitter.com/kishanthan>*
>>>
>>
>>
>
>
> --
> *Kishanthan Thangarajah*
> Associate Technical Lead,
> Platform Technologies Team,
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - +94773426635
> Blog - *http://kishanthan.wordpress.com <http://kishanthan.wordpress.com>*
> Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>*
>
> _______________________________________________
> Architecture mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
--
Omindu Rathnaweera
Software Engineer, WSO2 Inc.
Mobile: +94 771 197 211
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
