Hi Sajith, Currently, we are in the process of refactoring the carbon-security source and hope to release a 1.0.0-m3 soon. With this release, CAAS User implementation will only provide authorization functionalities. In order to consume identity store related functionalities, you need to use the User class provided by carbon-identity-mgt[1]. Also, both classes will implement Serializable.
[1] - https://github.com/thanujalk/carbon-identity-mgt/blob/master/components/org.wso2.carbon.identity.mgt/src/main/java/org/wso2/carbon/identity/mgt/User.java Thanks, Thanuja On Mon, Jan 9, 2017 at 12:45 PM, SajithAR Ariyarathna <sajit...@wso2.com> wrote: > Hi Johann, > > Once you login using CAAS (carbon authentication and authorization >> service) components you will get a CAAS User object [1]. This User object >> is a proxy object which can be used to call all the underlying identity >> store and authorization store methods. Ideally you will store this User >> object in the user's logged in session and perform those operations when >> necessary. >> >> [1] https://github.com/wso2/carbon-security/blob/release-1.0 >> .0-m2/components/org.wso2.carbon.security.caas/src/main/java >> /org/wso2/carbon/security/caas/user/core/bean/User.java >> > This means that we need to store the User object in the UUF session. In > order to that the User class needs to be serializable. However User class > does not implements Serializable interface. > > On Wed, Jan 4, 2017 at 3:13 PM, Tanya Madurapperuma <ta...@wso2.com> > wrote: > >> Hi Dilan, >> >> On Wed, Jan 4, 2017 at 2:48 PM, Dilan Udara Ariyaratne <dil...@wso2.com> >> wrote: >> >>> Hi Tania, >>> >>> Are we going to keep one dashboard permission or multiple ? The reason >>> that I am asking this is if we can allow multiple, we can >>> separate out access for critical functions like dashboard view, edit and >>> manage via those permissions. >>> >> As explained offline each dashboard will have its own permission for view >> , edit/ update, delete. The only difference in this with the previous >> versions is that instead of the role we will use permissions. >> >>> >>> Also, have you looked into the scenario of restricting access of >>> dashboards for different users ? >>> >> A permission is resource + action. So we can restrict access with the >> permission. >> >>> AFAIU, it's only by having multiple permissions, we can do this. >>> >> >> Thanks, >> Tanya >> >>> >>> Cheers, >>> Dilan. >>> >>> *Dilan U. Ariyaratne* >>> Senior Software Engineer >>> WSO2 Inc. <http://wso2.com/> >>> Mobile: +94766405580 <%2B94766405580> >>> lean . enterprise . middleware >>> >>> >>> On Wed, Jan 4, 2017 at 1:56 PM, Johann Nallathamby <joh...@wso2.com> >>> wrote: >>> >>>> >>>> >>>> On Wed, Jan 4, 2017 at 1:04 PM, Nipuna Chandradasa <nipu...@wso2.com> >>>> wrote: >>>> >>>>> [+adding Sajith] >>>>> Please find the my questions and suggestions in line.... >>>>> >>>>>> >>>>>>>> Based on the above model we have following questions. >>>>>>>> 1. How can we call the isAuthorized method from dashboard component >>>>>>>> ? >>>>>>>> >>>>>>> >>>>> Isn't this isAuthorized method should be exposed through UUF as >>>>> dashboard component is basically a UUF component? It might not be good to >>>>> expose a such a functionality through a UI framework but it'll be lot >>>>> cleaner than invoking a OSGI service inside our component. >>>>> >>>> >>>> Once you login using CAAS (carbon authentication and authorization >>>> service) components you will get a CAAS User object [1]. This User object >>>> is a proxy object which can be used to call all the underlying identity >>>> store and authorization store methods. Ideally you will store this User >>>> object in the user's logged in session and perform those operations when >>>> necessary. >>>> >>>> [1] https://github.com/wso2/carbon-security/blob/release-1.0 >>>> .0-m2/components/org.wso2.carbon.security.caas/src/main/java >>>> /org/wso2/carbon/security/caas/user/core/bean/User.java >>>> >>>> Regards, >>>> Johann. >>>> >>>> >>>> >>>>> >>>>> >>>>>> 2. Is there any standard / approval process for permission strings ? >>>>>>>> >>>>>>> 3. How should we register the permissions dynamically at the time of >>>>>>>> creating a dashboard? >>>>>>>> >>>>>>>> Appreciate your insight. >>>>>>>> >>>>>>> >>>>>>> >>>>> Thank you, >>>>> >>>>> -- >>>>> Nipuna Marcus >>>>> *Software Engineer* >>>>> WSO2 Inc. >>>>> http://wso2.com/ - "lean . enterprise . middleware" >>>>> Mobile : +94 (0) 713 667906 <+94%2071%20366%207906> >>>>> nipu...@wso2.com >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> >>>> *Johann Dilantha Nallathamby* >>>> Technical Lead & Product Lead of WSO2 Identity Server >>>> Governance Technologies Team >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - *+94777776950* >>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Tanya Madurapperuma >> >> Senior Software Engineer, >> WSO2 Inc. : wso2.com >> Mobile : +94718184439 <+94%2071%20818%204439> >> Blog : http://tanyamadurapperuma.blogspot.com >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Sajith Janaprasad Ariyarathna > Software Engineer; WSO2, Inc.; http://wso2.com/ > <https://wso2.com/signature> > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Thanuja Lakmal* Senior Software Engineer WSO2 Inc. http://wso2.com/ *lean.enterprise.middleware* Mobile: +94715979891 +94758009992
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
