Hi, Currently ClaimManagerFactory[1] have following method,
ClaimManager createClaimManager(int tenantId); Wouldn't it better to have the tenantDomain as the parameter of above method instead of tenantId? [1] https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.user.core/src/main/java/org/wso2/carbon/user/core/claim/ClaimManagerFactory.java#L29 Thanks, On Thu, Mar 10, 2016 at 4:45 PM, Maduranga Siriwardena <[email protected]> wrote: > Hi, > > We want to add this feature to an upcoming kernel 4.4.x release. Following > are the reasons: > > 1. Current claim management design is becoming more and more problematic > for us. Users are finding lot of issues in configuring claim mappings for > service providers. > 2. This new implementation will be part of C5 based identity-framework > which will be used by other products releasing this year on C5. > > Obviously since this needs some kernel changes we did a test to see if we > can add this to kernel 4.4.x without breaking backward compatibility. In > the process we had to do following two changes. > > - We have added setter methods for ClaimManager in DefaultRealm and > UserStoreManager. These methods had to be public, however these will only > be invoked from inside user.core. Since these are method additions they > should be backward compatible. > - We have added a backward compatible property to user-mgt.xml and > based on this property ClaimManager will be initialized to the new > implementation or the previous implementation in DefaultRealm. Only IS will > go with this property set to true. Other products can remain as they are. > > We are looking forward for a positive response. > > On Thu, Aug 13, 2015 at 3:35 PM, Chanuka Dissanayake <[email protected]> > wrote: > >> >> Hi All, >> >> I have completed the implementations on $subject and the following >> content contains the details about it. >> >> Target Version: IS 5.2.0 >> >> >> *Problems* >> >> >> - >> >> Right now we must define mapped attribute for each non-wso2 claim in >> order to work. Ideally when we say claim mappings, the relationship must >> be >> between 2 claims - wso2 and non-wso2. Mapped attributes should be defined >> only for wso2 claim, and transitively it becomes the mapped attribute for >> non-wso2 claims. >> >> >> >> - >> >> Custom meta data cannot be added for the claim. Only default meta >> data are available for every claim. Which are, >> - >> >> Display Name >> - >> >> Description >> - >> >> Regular Expression >> - >> >> Display Order >> - >> >> Supported by Default >> - >> >> Required >> - >> >> Read-only >> >> *Objectives* >> >> >> - >> >> Remove the attribute/claim mapping for non-wso2 dialects. Only WSO2 >> dialect will have the attribute mapping. Rest of the dialects will refer >> the WSO2 claim dialect When creating a new dialect or new claims, wso2 >> claim should be selected as the mapped attribute for that claim.Therefore >> we can have claim-to-claim mappings between wso2 dialect and other >> dialects. >> - >> >> Allow custom meta data to defined for each claim other than the >> default metadata. >> - >> >> Keep only file based claim mapping on the user.core side and decouple >> the database claim mapping from user.core and move to identity.claim.mgt >> side. Only identity.claim.mgt will be aware about the metadata info. >> - >> >> Improve claim management UI for user store based claims. >> >> >> ImplementationClaim Manager implementation. >> >> [image: Class Diagram - ClaimManager.jpg] >> >> >> >> - >> >> ClaimManagerFactory will register as an osgi service and >> ClaimManagerFactory will return a separate ClaimManager instance for each >> tenant. >> - >> >> user.core will check whether there are any ClaimManagerFactory >> services registered, if not it will return a new DefaultClaimManager, >> otherwise it will return an IdentityMgtClaimManager for each tenant. >> >> >> >> >> [image: Factory class.png] >> >> >> >> - >> >> From user.core, the dao functionalities will be removed and moved to >> Identity claim management. >> - >> >> The user.core claims will be stored in memory. DefaultClaimManager >> will be a file based claim manager. >> - >> >> Reading the claim-config.xml and parsing it as claimConfig object >> will be done by the user.core. >> - >> >> All the CRUD operations with the database will be handled by the >> identity.claim.mgt. >> - >> >> Once the claims are received from the user.core, Identity claim >> manager will categorize the claims (local and additional claims) and >> prepare claim mappings. >> >> >> Database level changes >> >> - >> >> UM_CLAIM table normalized into four tables >> >> >> [image: 1.png] >> >> >> - >> >> UM_CLAIM >> >> >> [image: 2.png] >> >> >> - >> >> UM_CLAIM_MAPPING, will hold the relationship between local claims and >> other claims >> >> >> [image: 3.png] >> >> >> >> >> - >> >> UM_CLAIM_MAPPED_ATTRIBUTE, will hold the mapped attributes of local >> claims >> >> >> [image: 4.png] >> >> >> - >> >> UM_CLAIM_META_DATA , will hold the metadata information of claims >> >> >> [image: 5.png] >> >> user.api changes >> >> - >> >> Claim (C)- only contains claimUri to uniquely identify a given claim >> and the value of the claim. Which previously contains, >> >> >> >> - private String *claimUri*; >> - private boolean readOnly; >> - private boolean checkedAttribute; >> - private String displayTag; >> - private String description; >> - private boolean supportedByDefault; >> - private boolean required; >> - private String regEx; >> - private String dialectURI; >> - private String *value*; >> - private int displayOrder; >> >> >> >> >> - ClaimManager (I)- Some methods are removed which were involved with >> dialects and meta data retrieval. Which are, >> >> >> - ClaimMapping[] getAllRequiredClaimMappings(). >> - ClaimMapping[] getAllSupportClaimMappingsByDefault(). >> - ClaimMapping[] getAllClaimMappings(String dialectUri) >> >> user.core changes >> >> + FileBasedClaimbuilder (C) - read claimConfig.xml and prepare >> claimConfig objects with claim and meta data information. >> >> + ClaimManagerFactory (I) - to return tenant-specific claim manager >> object. >> >> + ClaimConfig (C) - to hold the claim and meta data info. >> identtity.claim.mgt.ui >> >> - >> >> When creating a new dialect or new(non-wso2) claim, a wso2(local) >> claim needs to be selected from the list. >> >> >> >> [image: 6.png] >> >> >> >> - >> >> Improved claim management UI for user store based claims. >> >> >> [image: Untitled-2 copy1.jpg] >> >> Thanks and Regards, Chanuka. >> -- >> Chanuka Dissanayake >> *Software Engineer | **WSO2 Inc.*; http://wso2.com >> >> Mobile: +94 71 33 63 596 >> Email: [email protected] >> >> -- >> Chanuka Dissanayake >> *Software Engineer | **WSO2 Inc.*; http://wso2.com >> >> Mobile: +94 71 33 63 596 >> Email: [email protected] >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Maduranga Siriwardena > Software Engineer > WSO2 Inc. > > email: [email protected] > mobile: +94718990591 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Regards, *Darshana Gunawardana*Senior Software Engineer WSO2 Inc.; http://wso2.com *E-mail: [email protected] <[email protected]>* *Mobile: +94718566859*Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
