Hi Darshana,
Can you please explain about the difference between Group and Role. In the
permission meeting Sanjiva said they are different but I don't see it from
the code.
>From semantic point of view
User has both getGroups and getRoles
Both Group and Role has getUsers
>From implementation point of view
getGroup code in IdentityStore is almost identical to getRole code in
AuthorizationStore
On Tue, May 24, 2016 at 2:35 AM, Darshana Gunawardana <[email protected]>
wrote:
> Hi Jayanga,
>
> Almost all APIs need to provide entryID and the relevant storeID. For
> example,
>
> - IdentityStore has getUserAttributeValues(String userID, String
> userStoreId);
> - IdentityStore has getUsersOfGroup(String groupID, String userStoreId)
> - AuthorizationStore has getGroupsOfRole(String roleId, String
> authorizationStoreId);
>
> If we take getUserAttributeValues()as an example, the API consumer should
> have,
> I. retrieve relevant User object before calling getUserAttributeValues()
> method
> II. extract userID and userStoreId from the User object
> III. pass those values to getUserAttributeValues() method
>
> Wouldn't it be more convenient for developers and more cleaner the API, if
> the API accept the entry object directly rather than entryID and storeID
> seperately?
>
> Thanks,
>
> On Wed, May 4, 2016 at 12:45 PM, Omindu Rathnaweera <[email protected]>
> wrote:
>
>> The following snippet shows how authentication and authorization can be
>> done using the user APIs. We use a similar approach in jaas as well [1][2].
>>
>> NameCallback usernameCallback = new NameCallback("username");
>>> PasswordCallback passwordCallback = new PasswordCallback("password",
>>> false);
>>> usernameCallback.setName("admin");
>>> passwordCallback.setPassword(new char[]{'a', 'd', 'm', 'i', 'n'};
>>> Callback[] callbacks = {usernameCallback, passwordCallback};
>>> try {
>>> //Authentication
>>> AuthenticationContext authenticationContext = CarbonSecurityDataHolder.
>>> getInstance().getCarbonRealmService()
>>> .getCredentialStore().authenticate(callbacks);
>>> user = authenticationContext.getUser();
>>> //Authorization
>>> user.isAuthorized(new Permission(carbonPermission.getName(),
>>> carbonPermission.getActions()));
>>> } catch (AuthenticationFailure authenticationFailure) {
>>> throw new LoginException("Authentication failure.");
>>> }
>>
>>
>> [1] -
>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/jaas/modules/UsernamePasswordLoginModule.java#L108-L114
>> [2] -
>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/jaas/CarbonPrincipal.java#L76-L82
>>
>> Regards,
>> Omindu.
>>
>> On Tue, May 3, 2016 at 7:40 PM, Kishanthan Thangarajah <
>> [email protected]> wrote:
>>
>>> Can you provide a code sample on how the user authorization is done (the
>>> flow) based on the above explanation?
>>>
>>> On Tue, May 3, 2016 at 2:31 PM, Jayanga Kaushalya <[email protected]>
>>> wrote:
>>>
>>>> Hi Kishanthan,
>>>>
>>>> Respective store ids are available through the respective beans. For
>>>> example User bean has the identity store id and the credential store id. To
>>>> call an API which requires a store id, you needs to have the respective
>>>> bean first. For example by authenticating an user via calling authenticate
>>>> method will return an User bean with it's identity store id and the
>>>> credential store id. Or otherwise by calling getUser(username) method you
>>>> can get the User bean. Most of the operations which requires an store id
>>>> can be directly called from the bean it self. For example isUserAuthorized
>>>> can be called like User.isAuthorized(Permission).
>>>>
>>>> Thanks!
>>>>
>>>> *Jayanga Kaushalya*
>>>> Software Engineer
>>>> Mobile: +94777860160
>>>> WSO2 Inc. | http://wso2.com
>>>> lean.enterprise.middleware
>>>>
>>>> On Tue, May 3, 2016 at 11:56 AM, Kishanthan Thangarajah <
>>>> [email protected]> wrote:
>>>>
>>>>> Most of the API methods we could see that we need to pass the
>>>>> identityStoreId like below.
>>>>>
>>>>> public boolean isUserAuthorized(String userId, Permission permission,
>>>>> String identityStoreId)
>>>>>
>>>>> How do we identify this store-id before calling?
>>>>>
>>>>> On Sat, Apr 30, 2016 at 10:12 PM, Jayanga Kaushalya <[email protected]
>>>>> > wrote:
>>>>>
>>>>>> Hi Darshana,
>>>>>>
>>>>>> Yes, those links are correct. We have changed the package name from
>>>>>> org.wso2.carbon.security to org.wso2.carbon.security.caas since that is
>>>>>> the
>>>>>> name we are going to use in future.
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> *Jayanga Kaushalya*
>>>>>> Software Engineer
>>>>>> Mobile: +94777860160
>>>>>> WSO2 Inc. | http://wso2.com
>>>>>> lean.enterprise.middleware
>>>>>>
>>>>>> On Sat, Apr 30, 2016 at 6:49 PM, Darshana Gunawardana <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> I assume these should be the correct links. @Jayanga please correct
>>>>>>> me if I'm wrong.
>>>>>>>
>>>>>>> [1]
>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/user/core/service/RealmService.java
>>>>>>> [2]
>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/user/core/common/CarbonRealmServiceImpl.java
>>>>>>> [3]
>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/user/core/store/AuthorizationStore.java
>>>>>>> [4]
>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/user/core/store/CredentialStore.java
>>>>>>> [5]
>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security.caas/src/main/java/org/wso2/carbon/security/caas/user/core/store/IdentityStore.java
>>>>>>>
>>>>>>> Regards,
>>>>>>> Darshana
>>>>>>>
>>>>>>> On Fri, Apr 29, 2016 at 11:36 PM, Kishanthan Thangarajah <
>>>>>>> [email protected]> wrote:
>>>>>>>
>>>>>>>> Can you send the correct git-hub links to these API's? Provided
>>>>>>>> links are either wrong or packages/modules have been renamed.
>>>>>>>>
>>>>>>>> On Fri, Apr 29, 2016 at 6:35 PM, Jayanga Kaushalya <
>>>>>>>> [email protected]> wrote:
>>>>>>>>
>>>>>>>>> Hi all,
>>>>>>>>>
>>>>>>>>> User core related authentication and authorization operations can
>>>>>>>>> be accessed through RealmService. Bellow diagram explains the brief
>>>>>>>>> outlook
>>>>>>>>> of the Realm service and respective stores.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> *RealmService*
>>>>>>>>>
>>>>>>>>> Realm service is the User Core API which is exposed to external
>>>>>>>>> users. Each store can be accessed through the realm service. API is
>>>>>>>>> available in [1]
>>>>>>>>>
>>>>>>>>> *CarbonRealmServiceImpl*
>>>>>>>>>
>>>>>>>>> Implementation of the realm service. API is available in [2]
>>>>>>>>>
>>>>>>>>> *IdentityStore*
>>>>>>>>>
>>>>>>>>> Identity store contains all identity management related read only
>>>>>>>>> operations. All CRUD operations related to identity management will be
>>>>>>>>> available through extended version of the user core and which will be
>>>>>>>>> available through carbon identity repository.
>>>>>>>>> API details are available in the [5].
>>>>>>>>>
>>>>>>>>> *CredentialStore*
>>>>>>>>>
>>>>>>>>> Credential store contains all credential management related read
>>>>>>>>> only operations. All CRUD operations related to the credential
>>>>>>>>> management
>>>>>>>>> will be available through extended version of the user core and which
>>>>>>>>> will
>>>>>>>>> be available through carbon identity repository.
>>>>>>>>> API details are available in the [4]
>>>>>>>>>
>>>>>>>>> *AuthorizationStore*
>>>>>>>>>
>>>>>>>>> All authorization related CRUD operations will be available
>>>>>>>>> through the authorization store. API details are available in the [3]
>>>>>>>>>
>>>>>>>>> [1]
>>>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security/src/main/java/org/wso2/carbon/security/user/core/service/RealmService.java
>>>>>>>>>
>>>>>>>>> [2]
>>>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security/src/main/java/org/wso2/carbon/security/user/core/common/CarbonRealmServiceImpl.java
>>>>>>>>> [3]
>>>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security/src/main/java/org/wso2/carbon/security/user/core/store/AuthorizationStore.java
>>>>>>>>> [4]
>>>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security/src/main/java/org/wso2/carbon/security/user/core/store/CredentialStore.java
>>>>>>>>> [5]
>>>>>>>>> https://github.com/wso2/carbon-security/blob/master/components/org.wso2.carbon.security/src/main/java/org/wso2/carbon/security/user/core/store/IdentityStore.java
>>>>>>>>>
>>>>>>>>
>>>>>>>>> *Jayanga Kaushalya*
>>>>>>>>> Software Engineer
>>>>>>>>> Mobile: +94777860160
>>>>>>>>> WSO2 Inc. | http://wso2.com
>>>>>>>>> lean.enterprise.middleware
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Architecture mailing list
>>>>>>>>> [email protected]
>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> *Kishanthan Thangarajah*
>>>>>>>> Associate Technical Lead,
>>>>>>>> Platform Technologies Team,
>>>>>>>> WSO2, Inc.
>>>>>>>> lean.enterprise.middleware
>>>>>>>>
>>>>>>>> Mobile - +94773426635
>>>>>>>> Blog - *http://kishanthan.wordpress.com
>>>>>>>> <http://kishanthan.wordpress.com>*
>>>>>>>> Twitter - *http://twitter.com/kishanthan
>>>>>>>> <http://twitter.com/kishanthan>*
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Architecture mailing list
>>>>>>>> [email protected]
>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>>
>>>>>>>
>>>>>>> *Darshana Gunawardana*Senior Software Engineer
>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>
>>>>>>> *E-mail: [email protected] <[email protected]>*
>>>>>>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise .
>>>>>>> Middleware
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Architecture mailing list
>>>>>>> [email protected]
>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> *Kishanthan Thangarajah*
>>>>> Associate Technical Lead,
>>>>> Platform Technologies Team,
>>>>> WSO2, Inc.
>>>>> lean.enterprise.middleware
>>>>>
>>>>> Mobile - +94773426635
>>>>> Blog - *http://kishanthan.wordpress.com
>>>>> <http://kishanthan.wordpress.com>*
>>>>> Twitter - *http://twitter.com/kishanthan
>>>>> <http://twitter.com/kishanthan>*
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> *Kishanthan Thangarajah*
>>> Associate Technical Lead,
>>> Platform Technologies Team,
>>> WSO2, Inc.
>>> lean.enterprise.middleware
>>>
>>> Mobile - +94773426635
>>> Blog - *http://kishanthan.wordpress.com
>>> <http://kishanthan.wordpress.com>*
>>> Twitter - *http://twitter.com/kishanthan
>>> <http://twitter.com/kishanthan>*
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> [email protected]
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> Omindu Rathnaweera
>> Software Engineer, WSO2 Inc.
>> Mobile: +94 771 197 211
>>
>> _______________________________________________
>> Architecture mailing list
>> [email protected]
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Senior Software Engineer
> WSO2 Inc.; http://wso2.com
>
> *E-mail: [email protected] <[email protected]>*
> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware
>
> _______________________________________________
> Architecture mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
--
With regards,
*Manu*ranga Perera.
phone : 071 7 70 20 50
mail : [email protected]
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
