On Mon, Jan 9, 2017 at 2:21 PM, Thanuja Jayasinghe <than...@wso2.com> wrote:
> > > On Mon, Jan 9, 2017 at 1:34 PM, SajithAR Ariyarathna <sajit...@wso2.com> > wrote: > >> Currently, we are in the process of refactoring the carbon-security >>> source and hope to release a 1.0.0-m3 soon. With this release, CAAS User >>> implementation will only provide authorization functionalities. In order to >>> consume identity store related functionalities, you need to use the User >>> class provided by carbon-identity-mgt[1]. Also, both classes will implement >>> Serializable. >>> >>> [1] - https://github.com/thanujalk/carbon-identity-mgt/blob/mast >>> er/components/org.wso2.carbon.identity.mgt/src/main/java/ >>> org/wso2/carbon/identity/mgt/User.java >>> >> So, which class will provide the isAuthorized(Permission permission) >> method? >> >> It is the class which we have inside the CAAS. Basically User class in > the carbon-identity-mgt is a child of CAAS User. > Thanuja, are we not removing the user.core implementation from carbon-security and just have it in carbon-identity-mgt? I thought in IS 6.0.0 M1 release that is how it will be. So we will only have one User class hereafter. Is my understanding wrong? > On Mon, Jan 9, 2017 at 1:05 PM, Thanuja Jayasinghe <than...@wso2.com> >> wrote: >> >>> Hi Sajith, >>> >>> Currently, we are in the process of refactoring the carbon-security >>> source and hope to release a 1.0.0-m3 soon. With this release, CAAS User >>> implementation will only provide authorization functionalities. In order to >>> consume identity store related functionalities, you need to use the User >>> class provided by carbon-identity-mgt[1]. Also, both classes will implement >>> Serializable. >>> >>> [1] - https://github.com/thanujalk/carbon-identity-mgt/blob/mast >>> er/components/org.wso2.carbon.identity.mgt/src/main/java/ >>> org/wso2/carbon/identity/mgt/User.java >>> >>> Thanks, >>> Thanuja >>> >>> On Mon, Jan 9, 2017 at 12:45 PM, SajithAR Ariyarathna <sajit...@wso2.com >>> > wrote: >>> >>>> Hi Johann, >>>> >>>> Once you login using CAAS (carbon authentication and authorization >>>>> service) components you will get a CAAS User object [1]. This User object >>>>> is a proxy object which can be used to call all the underlying identity >>>>> store and authorization store methods. Ideally you will store this User >>>>> object in the user's logged in session and perform those operations when >>>>> necessary. >>>>> >>>>> [1] https://github.com/wso2/carbon-security/blob/release-1.0 >>>>> .0-m2/components/org.wso2.carbon.security.caas/src/main/java >>>>> /org/wso2/carbon/security/caas/user/core/bean/User.java >>>>> >>>> This means that we need to store the User object in the UUF session. >>>> In order to that the User class needs to be serializable. However User >>>> class does not implements Serializable interface. >>>> >>>> On Wed, Jan 4, 2017 at 3:13 PM, Tanya Madurapperuma <ta...@wso2.com> >>>> wrote: >>>> >>>>> Hi Dilan, >>>>> >>>>> On Wed, Jan 4, 2017 at 2:48 PM, Dilan Udara Ariyaratne < >>>>> dil...@wso2.com> wrote: >>>>> >>>>>> Hi Tania, >>>>>> >>>>>> Are we going to keep one dashboard permission or multiple ? The >>>>>> reason that I am asking this is if we can allow multiple, we can >>>>>> separate out access for critical functions like dashboard view, edit >>>>>> and manage via those permissions. >>>>>> >>>>> As explained offline each dashboard will have its own permission for >>>>> view , edit/ update, delete. The only difference in this with the previous >>>>> versions is that instead of the role we will use permissions. >>>>> >>>>>> >>>>>> Also, have you looked into the scenario of restricting access of >>>>>> dashboards for different users ? >>>>>> >>>>> A permission is resource + action. So we can restrict access with the >>>>> permission. >>>>> >>>>>> AFAIU, it's only by having multiple permissions, we can do this. >>>>>> >>>>> >>>>> Thanks, >>>>> Tanya >>>>> >>>>>> >>>>>> Cheers, >>>>>> Dilan. >>>>>> >>>>>> *Dilan U. Ariyaratne* >>>>>> Senior Software Engineer >>>>>> WSO2 Inc. <http://wso2.com/> >>>>>> Mobile: +94766405580 <%2B94766405580> >>>>>> lean . enterprise . middleware >>>>>> >>>>>> >>>>>> On Wed, Jan 4, 2017 at 1:56 PM, Johann Nallathamby <joh...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> >>>>>>> >>>>>>> On Wed, Jan 4, 2017 at 1:04 PM, Nipuna Chandradasa <nipu...@wso2.com >>>>>>> > wrote: >>>>>>> >>>>>>>> [+adding Sajith] >>>>>>>> Please find the my questions and suggestions in line.... >>>>>>>> >>>>>>>>> >>>>>>>>>>> Based on the above model we have following questions. >>>>>>>>>>> 1. How can we call the isAuthorized method from dashboard >>>>>>>>>>> component ? >>>>>>>>>>> >>>>>>>>>> >>>>>>>> Isn't this isAuthorized method should be exposed through UUF as >>>>>>>> dashboard component is basically a UUF component? It might not be good >>>>>>>> to >>>>>>>> expose a such a functionality through a UI framework but it'll be lot >>>>>>>> cleaner than invoking a OSGI service inside our component. >>>>>>>> >>>>>>> >>>>>>> Once you login using CAAS (carbon authentication and authorization >>>>>>> service) components you will get a CAAS User object [1]. This User >>>>>>> object >>>>>>> is a proxy object which can be used to call all the underlying identity >>>>>>> store and authorization store methods. Ideally you will store this User >>>>>>> object in the user's logged in session and perform those operations when >>>>>>> necessary. >>>>>>> >>>>>>> [1] https://github.com/wso2/carbon-security/blob/release-1.0 >>>>>>> .0-m2/components/org.wso2.carbon.security.caas/src/main/java >>>>>>> /org/wso2/carbon/security/caas/user/core/bean/User.java >>>>>>> >>>>>>> Regards, >>>>>>> Johann. >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> 2. Is there any standard / approval process for permission strings >>>>>>>>>>> ? >>>>>>>>>>> >>>>>>>>>> 3. How should we register the permissions dynamically at the time >>>>>>>>>>> of creating a dashboard? >>>>>>>>>>> >>>>>>>>>>> Appreciate your insight. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> Thank you, >>>>>>>> >>>>>>>> -- >>>>>>>> Nipuna Marcus >>>>>>>> *Software Engineer* >>>>>>>> WSO2 Inc. >>>>>>>> http://wso2.com/ - "lean . enterprise . middleware" >>>>>>>> Mobile : +94 (0) 713 667906 <+94%2071%20366%207906> >>>>>>>> nipu...@wso2.com >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Thanks & Regards, >>>>>>> >>>>>>> *Johann Dilantha Nallathamby* >>>>>>> Technical Lead & Product Lead of WSO2 Identity Server >>>>>>> Governance Technologies Team >>>>>>> WSO2, Inc. >>>>>>> lean.enterprise.middleware >>>>>>> >>>>>>> Mobile - *+94777776950* >>>>>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Architecture mailing list >>>>>>> Architecture@wso2.org >>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> Architecture@wso2.org >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Tanya Madurapperuma >>>>> >>>>> Senior Software Engineer, >>>>> WSO2 Inc. : wso2.com >>>>> Mobile : +94718184439 <+94%2071%20818%204439> >>>>> Blog : http://tanyamadurapperuma.blogspot.com >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> Architecture@wso2.org >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Sajith Janaprasad Ariyarathna >>>> Software Engineer; WSO2, Inc.; http://wso2.com/ >>>> <https://wso2.com/signature> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Thanuja Lakmal* >>> Senior Software Engineer >>> WSO2 Inc. http://wso2.com/ >>> *lean.enterprise.middleware* >>> Mobile: +94715979891 +94758009992 >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Sajith Janaprasad Ariyarathna >> Software Engineer; WSO2, Inc.; http://wso2.com/ >> <https://wso2.com/signature> >> > > > > -- > *Thanuja Lakmal* > Senior Software Engineer > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 +94758009992 > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
