> > Currently, we are in the process of refactoring the carbon-security source > and hope to release a 1.0.0-m3 soon. With this release, CAAS User > implementation will only provide authorization functionalities. In order to > consume identity store related functionalities, you need to use the User > class provided by carbon-identity-mgt[1]. Also, both classes will implement > Serializable. > > [1] - https://github.com/thanujalk/carbon-identity-mgt/ > blob/master/components/org.wso2.carbon.identity.mgt/src/ > main/java/org/wso2/carbon/identity/mgt/User.java > So, which class will provide the isAuthorized(Permission permission) method?
On Mon, Jan 9, 2017 at 1:05 PM, Thanuja Jayasinghe <than...@wso2.com> wrote: > Hi Sajith, > > Currently, we are in the process of refactoring the carbon-security source > and hope to release a 1.0.0-m3 soon. With this release, CAAS User > implementation will only provide authorization functionalities. In order to > consume identity store related functionalities, you need to use the User > class provided by carbon-identity-mgt[1]. Also, both classes will implement > Serializable. > > [1] - https://github.com/thanujalk/carbon-identity-mgt/ > blob/master/components/org.wso2.carbon.identity.mgt/src/ > main/java/org/wso2/carbon/identity/mgt/User.java > > Thanks, > Thanuja > > On Mon, Jan 9, 2017 at 12:45 PM, SajithAR Ariyarathna <sajit...@wso2.com> > wrote: > >> Hi Johann, >> >> Once you login using CAAS (carbon authentication and authorization >>> service) components you will get a CAAS User object [1]. This User object >>> is a proxy object which can be used to call all the underlying identity >>> store and authorization store methods. Ideally you will store this User >>> object in the user's logged in session and perform those operations when >>> necessary. >>> >>> [1] https://github.com/wso2/carbon-security/blob/release-1.0 >>> .0-m2/components/org.wso2.carbon.security.caas/src/main/java >>> /org/wso2/carbon/security/caas/user/core/bean/User.java >>> >> This means that we need to store the User object in the UUF session. In >> order to that the User class needs to be serializable. However User >> class does not implements Serializable interface. >> >> On Wed, Jan 4, 2017 at 3:13 PM, Tanya Madurapperuma <ta...@wso2.com> >> wrote: >> >>> Hi Dilan, >>> >>> On Wed, Jan 4, 2017 at 2:48 PM, Dilan Udara Ariyaratne <dil...@wso2.com> >>> wrote: >>> >>>> Hi Tania, >>>> >>>> Are we going to keep one dashboard permission or multiple ? The reason >>>> that I am asking this is if we can allow multiple, we can >>>> separate out access for critical functions like dashboard view, edit >>>> and manage via those permissions. >>>> >>> As explained offline each dashboard will have its own permission for >>> view , edit/ update, delete. The only difference in this with the previous >>> versions is that instead of the role we will use permissions. >>> >>>> >>>> Also, have you looked into the scenario of restricting access of >>>> dashboards for different users ? >>>> >>> A permission is resource + action. So we can restrict access with the >>> permission. >>> >>>> AFAIU, it's only by having multiple permissions, we can do this. >>>> >>> >>> Thanks, >>> Tanya >>> >>>> >>>> Cheers, >>>> Dilan. >>>> >>>> *Dilan U. Ariyaratne* >>>> Senior Software Engineer >>>> WSO2 Inc. <http://wso2.com/> >>>> Mobile: +94766405580 <%2B94766405580> >>>> lean . enterprise . middleware >>>> >>>> >>>> On Wed, Jan 4, 2017 at 1:56 PM, Johann Nallathamby <joh...@wso2.com> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Wed, Jan 4, 2017 at 1:04 PM, Nipuna Chandradasa <nipu...@wso2.com> >>>>> wrote: >>>>> >>>>>> [+adding Sajith] >>>>>> Please find the my questions and suggestions in line.... >>>>>> >>>>>>> >>>>>>>>> Based on the above model we have following questions. >>>>>>>>> 1. How can we call the isAuthorized method from dashboard >>>>>>>>> component ? >>>>>>>>> >>>>>>>> >>>>>> Isn't this isAuthorized method should be exposed through UUF as >>>>>> dashboard component is basically a UUF component? It might not be good to >>>>>> expose a such a functionality through a UI framework but it'll be lot >>>>>> cleaner than invoking a OSGI service inside our component. >>>>>> >>>>> >>>>> Once you login using CAAS (carbon authentication and authorization >>>>> service) components you will get a CAAS User object [1]. This User object >>>>> is a proxy object which can be used to call all the underlying identity >>>>> store and authorization store methods. Ideally you will store this User >>>>> object in the user's logged in session and perform those operations when >>>>> necessary. >>>>> >>>>> [1] https://github.com/wso2/carbon-security/blob/release-1.0 >>>>> .0-m2/components/org.wso2.carbon.security.caas/src/main/java >>>>> /org/wso2/carbon/security/caas/user/core/bean/User.java >>>>> >>>>> Regards, >>>>> Johann. >>>>> >>>>> >>>>> >>>>>> >>>>>> >>>>>>> 2. Is there any standard / approval process for permission strings ? >>>>>>>>> >>>>>>>>> >>>>>>>> 3. How should we register the permissions dynamically at the time >>>>>>>>> of creating a dashboard? >>>>>>>>> >>>>>>>>> Appreciate your insight. >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>> Thank you, >>>>>> >>>>>> -- >>>>>> Nipuna Marcus >>>>>> *Software Engineer* >>>>>> WSO2 Inc. >>>>>> http://wso2.com/ - "lean . enterprise . middleware" >>>>>> Mobile : +94 (0) 713 667906 <+94%2071%20366%207906> >>>>>> nipu...@wso2.com >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> >>>>> *Johann Dilantha Nallathamby* >>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>> Governance Technologies Team >>>>> WSO2, Inc. >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile - *+94777776950* >>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> Architecture@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Tanya Madurapperuma >>> >>> Senior Software Engineer, >>> WSO2 Inc. : wso2.com >>> Mobile : +94718184439 <+94%2071%20818%204439> >>> Blog : http://tanyamadurapperuma.blogspot.com >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Sajith Janaprasad Ariyarathna >> Software Engineer; WSO2, Inc.; http://wso2.com/ >> <https://wso2.com/signature> >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Thanuja Lakmal* > Senior Software Engineer > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 +94758009992 > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Sajith Janaprasad Ariyarathna Software Engineer; WSO2, Inc.; http://wso2.com/ <https://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture