Hi Ruwan,
> I guess the following values defines the correlation between component and
> the authorizer.
@Component(name = "some.component.exposing.Authorizer,
> ...
authorizer: "some.component.exposing.Authorizer"
>
>
No, As a convention, we have the fully qualified class name as the OSGi
component name. The OSGi component name has nothing to do when it comes to
loading an Authorizer.
When loading an Authorizer, Carbon UUF uses the fully qualified class name
specified in the app.yaml configuration. In OSGi mode, Carbon UUF locates
the Authorizer instance from activated bundles. In the non-OSGi mode,
Carbon UUF creates an instance of the given class name in the
configuration. You may refer to [1] on how Carbon UUF plugs in an
Authorizer in OSGi mode and non-OSGI mode.
However, in the OSGi mode, you have to specify service class as highlighted
in bold below:
@Component(name = "some.component.exposing.Authorizer",
*service = Authorizer.**class**,*
immediate = true
)
[1]
https://github.com/wso2/carbon-uuf/blob/master/components/uuf-core/src/main/java/org/wso2/carbon/uuf/internal/deployment/OsgiPluginProvider.java
Best Regards,
Vidura Nanayakkara
On Fri, May 12, 2017 at 5:43 PM, Ruwan Abeykoon <[email protected]> wrote:
> Hi Vidura,
> Thanks for the information,
>
> I guess the following values defines the correlation between component and
> the authorizer.
>
> @Component(name = "some.component.exposing.Authorizer,
> ...
> authorizer: "some.component.exposing.Authorizer"
>
> Cheers,
> Ruwan
>
> On Fri, May 12, 2017 at 5:34 PM, Vidura Nanayakkara <[email protected]>
> wrote:
>
>> Hi Ruwan,
>>
>> This supports OSGI mode as well. In that case, you have to add the
>> @Component annotation to the implemented class.
>>
>> e.g:
>>
>> @Component(name = "org.wso2.carbon.uuf.sample.si
>> mpleauth.bundle.api.auth.CaasAuthorizer",
>>
>> service = Authorizer.class,
>> immediate = true
>> )
>> public class CaasAuthorizer implements Authorizer {
>>
>> @Override
>> public boolean hasPermission(User user, Permission permission) {
>> *// Some logic here.*
>> }
>> }
>>
>>
>> Best Regards,
>> Vidura Nanayakkara
>>
>> On Fri, May 12, 2017 at 5:24 PM, Ruwan Abeykoon <[email protected]> wrote:
>>
>>> Hi All,
>>> >>
>>> # Authorizer for this app
>>> authorizer: "org.wso2.carbon.uuf.sample.simpleauth.bundle.api.auth.CaasA
>>> uthorizer"
>>>
>>>
>>> Does this means UUF uses reflection to instantiate the class given by
>>> the "authorizer" property? If this is the case, could you make it using
>>> OSGI service instead.
>>>
>>> Cheers,
>>> Ruwan
>>>
>>> On Fri, May 12, 2017 at 5:17 PM, Vidura Nanayakkara <[email protected]>
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> The following changes will be made to the UUF framework in order to
>>>> archive the above.
>>>>
>>>> - You now have to implement the `Authorizer` interface in order to
>>>> plug in any type of `Authorizer` you want. `Authorizer` interface will
>>>> have
>>>> the following methods:
>>>>
>>>> boolean hasPermission(User user, Permission permission);
>>>>
>>>>
>>>> - In order to plug in the `Authorizer`, the `Authorizer`
>>>> implementation needs to be specified in the `app.yaml` configuration of
>>>> the
>>>> particular UUF app.
>>>>
>>>> ...
>>>>
>>>> # Authorizer for this app
>>>> authorizer:
>>>> "org.wso2.carbon.uuf.sample.simpleauth.bundle.api.auth.CaasAuthorizer"
>>>> ...
>>>>
>>>> Please note that if you do not specify this value, the app will not have
>>>> an `Authorizer` and will return `false` every time the `hasPermission()`
>>>> method is called.
>>>>
>>>>
>>>> - Instead of the `User` interface, we now have introduced a
>>>> concrete `User` class.
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, May 3, 2017 at 10:34 PM, Rasika Perera <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi Sajith,
>>>>>
>>>>> I am +1 to allow custom authorizers. But not bit convinced with the
>>>>> reason provided.
>>>>>
>>>>> Java allows non-serializable properties on the objects with "transient"
>>>>> keyword. At the time of deserialize these properties will be in default
>>>>> values (i.e. objects will be null). Then you can override "
>>>>> readResolve()" method to fetch & assign the current state of the
>>>>> system for those properties.
>>>>>
>>>>> Best Regards,
>>>>> Rasika
>>>>>
>>>>> On Wed, May 3, 2017 at 10:47 AM, SajithAR Ariyarathna <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> We are in the process of introducing an extensible authorizer for
>>>>>> Carbon UUF.
>>>>>>
>>>>>> At the moment authorization is done via the
>>>>>> org.wso2.carbon.uuf.spi.auth.User interface [1]. When creating an
>>>>>> user session, implementation of the User interface (e.g. CaasUser [2])
>>>>>> should
>>>>>> be passed. The main drawback of this approach is, the logic in the
>>>>>> hasPermission() method has to be serializable. Usually this is
>>>>>> difficult to achieve because in order to evaluate permissions one might
>>>>>> need to access some user management services (e.g. Realm Service) which
>>>>>> cannot be serialized. Hence moving the hasPermission() method out of
>>>>>> the User class and allowing to plug-in a custom authorizer would be
>>>>>> a better approach.
>>>>>>
>>>>>> WDYT?
>>>>>>
>>>>>> [1] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/compo
>>>>>> nents/uuf-core/src/main/java/org/wso2/carbon/uuf/spi/auth/Us
>>>>>> er.java#L28
>>>>>> [2] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/sampl
>>>>>> es/osgi-bundles/org.wso2.carbon.uuf.sample.simple-auth.bundl
>>>>>> e/src/main/java/org/wso2/carbon/uuf/sample/simpleauth/bundle
>>>>>> /CaasUser.java
>>>>>>
>>>>>> Thanks.
>>>>>> --
>>>>>> Sajith Janaprasad Ariyarathna
>>>>>> Senior Software Engineer; WSO2, Inc.; http://wso2.com/
>>>>>> <https://wso2.com/signature>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Architecture mailing list
>>>>>> [email protected]
>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> With Regards,
>>>>>
>>>>> *Rasika Perera*
>>>>> Senior Software Engineer
>>>>> LinkedIn: http://lk.linkedin.com/in/rasika90
>>>>>
>>>>> <http://wso2.com/signature>
>>>>>
>>>>> WSO2 Inc. www.wso2.com
>>>>> lean.enterprise.middleware
>>>>>
>>>>> _______________________________________________
>>>>> Architecture mailing list
>>>>> [email protected]
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Best Regards,
>>>>
>>>> *Vidura Nanayakkara*
>>>> Software Engineer
>>>>
>>>> Email : [email protected]
>>>> Mobile : +94 (0) 717 919277 <+94%2071%20791%209277>
>>>> Web : http://wso2.com
>>>> Blog : https://medium.com/@viduran <http://wso2.com/>
>>>> LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara
>>>> <http://wso2.com/>
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> [email protected]
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> *Ruwan Abeykoon*
>>> *Associate Director/Architect**,*
>>> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
>>> *lean.enterprise.middleware.*
>>>
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> [email protected]
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> Best Regards,
>>
>> *Vidura Nanayakkara*
>> Software Engineer
>>
>> Email : [email protected]
>> Mobile : +94 (0) 717 919277 <+94%2071%20791%209277>
>> Web : http://wso2.com
>> Blog : https://medium.com/@viduran <http://wso2.com/>
>> LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara
>> <http://wso2.com/>
>>
>
>
>
> --
>
> *Ruwan Abeykoon*
> *Associate Director/Architect**,*
> *WSO2, Inc. http://wso2.com <https://wso2.com/signature> *
> *lean.enterprise.middleware.*
>
>
--
Best Regards,
*Vidura Nanayakkara*
Software Engineer
Email : [email protected]
Mobile : +94 (0) 717 919277
Web : http://wso2.com
Blog : https://medium.com/@viduran <http://wso2.com/>
LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara <http://wso2.com/>
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
