Hi Imesh, Thanks Vidura! Would you mind explaining why each product has to implement > it's own authorizer?
At the moment, AFAIK there is no common permission model for WSO2 products. For WSO2 Identity Server, we have [1] and there is currently a discussion going on regarding the permission model for WSO2 Message Broker 4 in [2]. If we are to decide on a common permission model for WSO2 products then we can provide a default Authorizer that would be packaged with Carbon UUF. Even in this case we should not use the implemented default Authorizer if it is not explicitly specified in the 'app.yaml' configuration. The reason for this is that Carbon UUF is an UI framework and should be able to be reused by any other product (should be loosely coupled). WDYT? Also, should we have a common permission model across the platform? [1] https://github.com/wso2/carbon-identity-mgt [2] Architecture mail thread "C5 based permission model for MB-4" Best Regards, Vidura Nanayakkara On Wed, May 17, 2017 at 4:30 PM, Imesh Gunaratne <[email protected]> wrote: > > > On Wed, May 17, 2017 at 11:57 AM, Vidura Nanayakkara <[email protected]> > wrote: > > >> Since we are not aware of the 'Authorizer' implementations that can be in >> a product (persisting and retrieving permissions logic) we cannot provide a >> default implementation to the 'Authorizer'. >> > > Thanks Vidura! Would you mind explaining why each product has to implement > it's own authorizer? > > Thanks > Imesh > > >> This has been documented in the 'Authorizer' interface [1]. >> >> [1] https://github.com/wso2/carbon-uuf/blob/3fbf10907747806d >> 6311acef2095e5a8b623e339/components/uuf-core/src/main/ >> java/org/wso2/carbon/uuf/spi/auth/Authorizer.java >> >> Best Regards, >> Vidura Nanayakkara >> >> On Wed, May 17, 2017 at 10:27 AM, Chandana Napagoda <[email protected]> >> wrote: >> >>> Hi Imesh, >>> >>> I think during the offline meeting, we have already discussed about the >>> default implementation. >>> >>> @ViduraN, Can you please elaborate it in here? >>> >>> Regards, >>> Chandana >>> >>> On Wed, May 17, 2017 at 10:08 AM, Imesh Gunaratne <[email protected]> >>> wrote: >>> >>>> As we discussed offline I think it would be better to provide a default >>>> implementation for $subject while providing the extension point. >>>> >>>> Thanks >>>> >>>> On Wed, May 3, 2017 at 10:47 AM, SajithAR Ariyarathna < >>>> [email protected]> wrote: >>>> >>>>> Hi All, >>>>> >>>>> We are in the process of introducing an extensible authorizer for >>>>> Carbon UUF. >>>>> >>>>> At the moment authorization is done via the org.wso2.carbon.uuf.spi.au >>>>> th.User interface [1]. When creating an user session, implementation >>>>> of the User interface (e.g. CaasUser [2]) should be passed. The main >>>>> drawback of this approach is, the logic in the hasPermission() method >>>>> has to be serializable. Usually this is difficult to achieve because in >>>>> order to evaluate permissions one might need to access some user >>>>> management >>>>> services (e.g. Realm Service) which cannot be serialized. Hence moving the >>>>> hasPermission() method out of the User class and allowing to plug-in >>>>> a custom authorizer would be a better approach. >>>>> >>>>> WDYT? >>>>> >>>>> [1] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/compo >>>>> nents/uuf-core/src/main/java/org/wso2/carbon/uuf/spi/auth/Us >>>>> er.java#L28 >>>>> [2] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/sampl >>>>> es/osgi-bundles/org.wso2.carbon.uuf.sample.simple-auth.bundl >>>>> e/src/main/java/org/wso2/carbon/uuf/sample/simpleauth/bundle >>>>> /CaasUser.java >>>>> >>>>> Thanks. >>>>> -- >>>>> Sajith Janaprasad Ariyarathna >>>>> Senior Software Engineer; WSO2, Inc.; http://wso2.com/ >>>>> <https://wso2.com/signature> >>>>> >>>> >>>> >>>> >>>> -- >>>> *Imesh Gunaratne* >>>> WSO2 Inc: http://wso2.com >>>> T: +94 11 214 5345 M: +94 77 374 2057 <+94%2077%20374%202057> >>>> W: https://medium.com/@imesh TW: @imesh >>>> lean. enterprise. middleware >>>> >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Chandana Napagoda* >>> Associate Technical Lead >>> WSO2 Inc. - http://wso2.org >>> >>> *Email : [email protected] <[email protected]>**Mobile : +94718169299 >>> <+94%2071%20816%209299>* >>> >>> *Blog : http://cnapagoda.blogspot.com >>> <http://cnapagoda.blogspot.com> | http://chandana.napagoda.com >>> <http://chandana.napagoda.com>* >>> >>> *Linkedin : http://www.linkedin.com/in/chandananapagoda >>> <http://www.linkedin.com/in/chandananapagoda>* >>> >>> >> >> >> -- >> Best Regards, >> >> *Vidura Nanayakkara* >> Software Engineer >> >> Email : [email protected] >> Mobile : +94 (0) 717 919277 <+94%2071%20791%209277> >> Web : http://wso2.com >> Blog : https://medium.com/@viduran <http://wso2.com/> >> LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara >> <http://wso2.com/> >> > > > > -- > *Imesh Gunaratne* > WSO2 Inc: http://wso2.com > T: +94 11 214 5345 M: +94 77 374 2057 <+94%2077%20374%202057> > W: https://medium.com/@imesh TW: @imesh > lean. enterprise. middleware > > -- Best Regards, *Vidura Nanayakkara* Software Engineer Email : [email protected] Mobile : +94 (0) 717 919277 Web : http://wso2.com Blog : https://medium.com/@viduran LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
