Hi All, We are in the process of introducing an extensible authorizer for Carbon UUF.
At the moment authorization is done via the org.wso2.carbon.uuf.spi.auth.User interface [1]. When creating an user session, implementation of the User interface (e.g. CaasUser [2]) should be passed. The main drawback of this approach is, the logic in the hasPermission() method has to be serializable. Usually this is difficult to achieve because in order to evaluate permissions one might need to access some user management services (e.g. Realm Service) which cannot be serialized. Hence moving the hasPermission() method out of the User class and allowing to plug-in a custom authorizer would be a better approach. WDYT? [1] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/components/uuf-core/src/main/java/org/wso2/carbon/uuf/spi/auth/User.java#L28 [2] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/samples/osgi-bundles/org.wso2.carbon.uuf.sample.simple-auth.bundle/src/main/java/org/wso2/carbon/uuf/sample/simpleauth/bundle/CaasUser.java Thanks. -- Sajith Janaprasad Ariyarathna Senior Software Engineer; WSO2, Inc.; http://wso2.com/ <https://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture