Hi Isuru Yes I have started working on it and after the initial discussion following are the approaches that were planned to implement so far.
- Using password and access files - Using custom authentication with CAAS [1] to replace the password file and using the access file for authorization If you have any requirements please share so we can discuss and seek possibilities to satisfy them. [1] https://github.com/this/carbon-uuf/tree/master/samples/ osgi-bundles/org.wso2.carbon.uuf.sample.simple-auth.bundle/ src/main/java/org/wso2/carbon/uuf/sample/simpleauth/bundle Thank you Regards, Asma On Tue, Apr 25, 2017 at 8:19 PM, Isuru Perera <[email protected]> wrote: > Hi Asma, > > Did you start working on this? > > On Fri, Apr 7, 2017 at 6:07 PM, Asma Jabir <[email protected]> wrote: > >> Hi >> >> With regard to the $subject issue in the c5 repo [1], we could use >> several ways to implement a role based access control. >> >> 1. Using the password and access files >> >> - This is the inbuilt mechanism in JMX for monitoring and management >> which uses 2 properties based text files to restrict access to readOnly or >> readWrite to users. The password file contains username/password pairs >> which is used to authenticate and the access file contains >> username/privilege pairs which authorizes with readOnly or readWrite >> access. >> - A user will get either the *control over all* processes *or* just *a >> view of all* depending on the access level. >> - SSL is enabled by default for remote monitoring and thus the SSL >> should be configured properly after setting up a digital certificate. >> System properties for keystore and truststore should be set in the server. >> >> 2. Using custom authorization >> >> - If the completely readOnly or readWrite approach is not >> appropriate, a fine-grained authorization can be done using either of the >> following in lieu of the access file: >> >> i. Java Policy file - The file should be supplied as a system property >> on server startup. >> >> ii. Custom authorization using a server-side code >> >> >> 3. Using custom authentication >> >> - JMXAuthenticator [2] interface is based on JAAS login module. Thus, >> a custom JAAS authentication can be used for authentication in lieu of the >> password file. >> - The access file or one of the methods stated in *2.* can be used >> for authorization. >> - The JAAS configurations should be loaded on server startup by >> setting a system property. >> >> [1] https://github.com/wso2/carbon-kernel/issues/1247 >> [2] http://docs.oracle.com/javase/7/docs/api/javax/managemen >> t/remote/JMXAuthenticator.html >> >> Thank you >> >> Regards, >> Asma >> -- >> Asma Zinneera Jabir >> Software Engineer >> WSO2 Inc: http://wso2.com/ >> Contact No: +94 77 332 4752 <+94%2077%20332%204752> >> >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Isuru Perera > Technical Lead | WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > > about.me/chrishantha > Contact: +IsuruPereraWSO2 <https://www.google.com/+IsuruPereraWSO2/about> > -- Asma Zinneera Jabir Software Engineer WSO2 Inc: http://wso2.com/ Contact No: +94 77 332 4752 <+94%2077%20332%204752>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
