Hi Imesh, On Wed, May 17, 2017 at 4:30 PM, Imesh Gunaratne <im...@wso2.com> wrote:
> > > On Wed, May 17, 2017 at 11:57 AM, Vidura Nanayakkara <vidu...@wso2.com> > wrote: > > >> Since we are not aware of the 'Authorizer' implementations that can be in >> a product (persisting and retrieving permissions logic) we cannot provide a >> default implementation to the 'Authorizer'. >> > > Thanks Vidura! Would you mind explaining why each product has to implement > it's own authorizer? > > Every product doesn't need to implement their own Authorizer. For example, IoT product can use the SSO Authorizer provided by the IS. However webapp developer needs to configure the desired Authorizer for their webapp. Thanks. > Thanks > Imesh > > >> This has been documented in the 'Authorizer' interface [1]. >> >> [1] https://github.com/wso2/carbon-uuf/blob/3fbf10907747806d >> 6311acef2095e5a8b623e339/components/uuf-core/src/main/ >> java/org/wso2/carbon/uuf/spi/auth/Authorizer.java >> >> Best Regards, >> Vidura Nanayakkara >> >> On Wed, May 17, 2017 at 10:27 AM, Chandana Napagoda <chand...@wso2.com> >> wrote: >> >>> Hi Imesh, >>> >>> I think during the offline meeting, we have already discussed about the >>> default implementation. >>> >>> @ViduraN, Can you please elaborate it in here? >>> >>> Regards, >>> Chandana >>> >>> On Wed, May 17, 2017 at 10:08 AM, Imesh Gunaratne <im...@wso2.com> >>> wrote: >>> >>>> As we discussed offline I think it would be better to provide a default >>>> implementation for $subject while providing the extension point. >>>> >>>> Thanks >>>> >>>> On Wed, May 3, 2017 at 10:47 AM, SajithAR Ariyarathna < >>>> sajit...@wso2.com> wrote: >>>> >>>>> Hi All, >>>>> >>>>> We are in the process of introducing an extensible authorizer for >>>>> Carbon UUF. >>>>> >>>>> At the moment authorization is done via the org.wso2.carbon.uuf.spi.au >>>>> th.User interface [1]. When creating an user session, implementation >>>>> of the User interface (e.g. CaasUser [2]) should be passed. The main >>>>> drawback of this approach is, the logic in the hasPermission() method >>>>> has to be serializable. Usually this is difficult to achieve because in >>>>> order to evaluate permissions one might need to access some user >>>>> management >>>>> services (e.g. Realm Service) which cannot be serialized. Hence moving the >>>>> hasPermission() method out of the User class and allowing to plug-in >>>>> a custom authorizer would be a better approach. >>>>> >>>>> WDYT? >>>>> >>>>> [1] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/compo >>>>> nents/uuf-core/src/main/java/org/wso2/carbon/uuf/spi/auth/Us >>>>> er.java#L28 >>>>> [2] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/sampl >>>>> es/osgi-bundles/org.wso2.carbon.uuf.sample.simple-auth.bundl >>>>> e/src/main/java/org/wso2/carbon/uuf/sample/simpleauth/bundle >>>>> /CaasUser.java >>>>> >>>>> Thanks. >>>>> -- >>>>> Sajith Janaprasad Ariyarathna >>>>> Senior Software Engineer; WSO2, Inc.; http://wso2.com/ >>>>> <https://wso2.com/signature> >>>>> >>>> >>>> >>>> >>>> -- >>>> *Imesh Gunaratne* >>>> WSO2 Inc: http://wso2.com >>>> T: +94 11 214 5345 M: +94 77 374 2057 <+94%2077%20374%202057> >>>> W: https://medium.com/@imesh TW: @imesh >>>> lean. enterprise. middleware >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Chandana Napagoda* >>> Associate Technical Lead >>> WSO2 Inc. - http://wso2.org >>> >>> *Email : chand...@wso2.com <chand...@wso2.com>**Mobile : +94718169299 >>> <+94%2071%20816%209299>* >>> >>> *Blog : http://cnapagoda.blogspot.com >>> <http://cnapagoda.blogspot.com> | http://chandana.napagoda.com >>> <http://chandana.napagoda.com>* >>> >>> *Linkedin : http://www.linkedin.com/in/chandananapagoda >>> <http://www.linkedin.com/in/chandananapagoda>* >>> >>> >> >> >> -- >> Best Regards, >> >> *Vidura Nanayakkara* >> Software Engineer >> >> Email : vidu...@wso2.com >> Mobile : +94 (0) 717 919277 <+94%2071%20791%209277> >> Web : http://wso2.com >> Blog : https://medium.com/@viduran <http://wso2.com/> >> LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara >> <http://wso2.com/> >> > > > > -- > *Imesh Gunaratne* > WSO2 Inc: http://wso2.com > T: +94 11 214 5345 M: +94 77 374 2057 <+94%2077%20374%202057> > W: https://medium.com/@imesh TW: @imesh > lean. enterprise. middleware > > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Sajith Janaprasad Ariyarathna Senior Software Engineer; WSO2, Inc.; http://wso2.com/ <https://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
