Thanks for the clarifications Sajith and Vidura!! On Wed, May 17, 2017 at 5:46 PM, Vidura Nanayakkara <[email protected]> wrote:
> Hi Imesh, > > Thanks Vidura! Would you mind explaining why each product has to implement >> it's own authorizer? > > > At the moment, AFAIK there is no common permission model for WSO2 > products. For WSO2 Identity Server, we have [1] and there is currently a > discussion going on regarding the permission model for WSO2 Message Broker > 4 in [2]. If we are to decide on a common permission model for WSO2 > products then we can provide a default Authorizer that would be packaged > with Carbon UUF. Even in this case we should not use the implemented > default Authorizer if it is not explicitly specified in the 'app.yaml' > configuration. The reason for this is that Carbon UUF is an UI framework > and should be able to be reused by any other product (should be loosely > coupled). > > WDYT? > > Also, should we have a common permission model across the platform? > > [1] https://github.com/wso2/carbon-identity-mgt > [2] Architecture mail thread "C5 based permission model for MB-4" > > Best Regards, > Vidura Nanayakkara > > On Wed, May 17, 2017 at 4:30 PM, Imesh Gunaratne <[email protected]> wrote: > >> >> >> On Wed, May 17, 2017 at 11:57 AM, Vidura Nanayakkara <[email protected]> >> wrote: >> >> >>> Since we are not aware of the 'Authorizer' implementations that can be >>> in a product (persisting and retrieving permissions logic) we cannot >>> provide a default implementation to the 'Authorizer'. >>> >> >> Thanks Vidura! Would you mind explaining why each product has to >> implement it's own authorizer? >> >> Thanks >> Imesh >> >> >>> This has been documented in the 'Authorizer' interface [1]. >>> >>> [1] https://github.com/wso2/carbon-uuf/blob/3fbf10907747806d >>> 6311acef2095e5a8b623e339/components/uuf-core/src/main/java/ >>> org/wso2/carbon/uuf/spi/auth/Authorizer.java >>> >>> Best Regards, >>> Vidura Nanayakkara >>> >>> On Wed, May 17, 2017 at 10:27 AM, Chandana Napagoda <[email protected]> >>> wrote: >>> >>>> Hi Imesh, >>>> >>>> I think during the offline meeting, we have already discussed about the >>>> default implementation. >>>> >>>> @ViduraN, Can you please elaborate it in here? >>>> >>>> Regards, >>>> Chandana >>>> >>>> On Wed, May 17, 2017 at 10:08 AM, Imesh Gunaratne <[email protected]> >>>> wrote: >>>> >>>>> As we discussed offline I think it would be better to provide a >>>>> default implementation for $subject while providing the extension point. >>>>> >>>>> Thanks >>>>> >>>>> On Wed, May 3, 2017 at 10:47 AM, SajithAR Ariyarathna < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> We are in the process of introducing an extensible authorizer for >>>>>> Carbon UUF. >>>>>> >>>>>> At the moment authorization is done via the >>>>>> org.wso2.carbon.uuf.spi.auth.User interface [1]. When creating an >>>>>> user session, implementation of the User interface (e.g. CaasUser [2]) >>>>>> should >>>>>> be passed. The main drawback of this approach is, the logic in the >>>>>> hasPermission() method has to be serializable. Usually this is >>>>>> difficult to achieve because in order to evaluate permissions one might >>>>>> need to access some user management services (e.g. Realm Service) which >>>>>> cannot be serialized. Hence moving the hasPermission() method out of >>>>>> the User class and allowing to plug-in a custom authorizer would be >>>>>> a better approach. >>>>>> >>>>>> WDYT? >>>>>> >>>>>> [1] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/compo >>>>>> nents/uuf-core/src/main/java/org/wso2/carbon/uuf/spi/auth/Us >>>>>> er.java#L28 >>>>>> [2] https://github.com/wso2/carbon-uuf/blob/v1.0.0-m14/sampl >>>>>> es/osgi-bundles/org.wso2.carbon.uuf.sample.simple-auth.bundl >>>>>> e/src/main/java/org/wso2/carbon/uuf/sample/simpleauth/bundle >>>>>> /CaasUser.java >>>>>> >>>>>> Thanks. >>>>>> -- >>>>>> Sajith Janaprasad Ariyarathna >>>>>> Senior Software Engineer; WSO2, Inc.; http://wso2.com/ >>>>>> <https://wso2.com/signature> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Imesh Gunaratne* >>>>> WSO2 Inc: http://wso2.com >>>>> T: +94 11 214 5345 M: +94 77 374 2057 <+94%2077%20374%202057> >>>>> W: https://medium.com/@imesh TW: @imesh >>>>> lean. enterprise. middleware >>>>> >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Chandana Napagoda* >>>> Associate Technical Lead >>>> WSO2 Inc. - http://wso2.org >>>> >>>> *Email : [email protected] <[email protected]>**Mobile : >>>> +94718169299 <+94%2071%20816%209299>* >>>> >>>> *Blog : http://cnapagoda.blogspot.com >>>> <http://cnapagoda.blogspot.com> | http://chandana.napagoda.com >>>> <http://chandana.napagoda.com>* >>>> >>>> *Linkedin : http://www.linkedin.com/in/chandananapagoda >>>> <http://www.linkedin.com/in/chandananapagoda>* >>>> >>>> >>> >>> >>> -- >>> Best Regards, >>> >>> *Vidura Nanayakkara* >>> Software Engineer >>> >>> Email : [email protected] >>> Mobile : +94 (0) 717 919277 <+94%2071%20791%209277> >>> Web : http://wso2.com >>> Blog : https://medium.com/@viduran <http://wso2.com/> >>> LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara >>> <http://wso2.com/> >>> >> >> >> >> -- >> *Imesh Gunaratne* >> WSO2 Inc: http://wso2.com >> T: +94 11 214 5345 M: +94 77 374 2057 <+94%2077%20374%202057> >> W: https://medium.com/@imesh TW: @imesh >> lean. enterprise. middleware >> >> > > > -- > Best Regards, > > *Vidura Nanayakkara* > Software Engineer > > Email : [email protected] > Mobile : +94 (0) 717 919277 <+94%2071%20791%209277> > Web : http://wso2.com > Blog : https://medium.com/@viduran > LinkedIn : https://lk.linkedin.com/in/vidura-nanayakkara > -- *Imesh Gunaratne* WSO2 Inc: http://wso2.com T: +94 11 214 5345 M: +94 77 374 2057 W: https://medium.com/@imesh TW: @imesh lean. enterprise. middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
