Hi, The broker supports basic authentication and authorization based on scopes and user groups. Extension points are provided to plug in custom authenticator and authorizer for connecting to different user stores. Here are existing interfaces users can extend to provide $Subject.
public interface Authenticator { void initialize(StartupContext startupContext, Map<String, Object> properties) throws Exception; AuthResult authenticate(String username, char[] password) throws BrokerAuthException; } public interface Authorizer { void initialize(StartupContext startupContext, Map<String, Object> properties) throws Exception; * Set<String> getUserGroupsList(String userId) throws BrokerAuthException;*} The authenticator will authenticate given username and password and provide auth result which contains the userId and authentication success result. Authorizer will be used to retrieve the user groups to authorize using broker authorization model. Implementations of these extensions can be plugin using broker configuration. The default configuration can be found as below. # Broker auth related configurations. wso2.broker.auth: # Broker authentication related configurations. authentication: # Enable the authentication enabled: true authenticator: # Authenticator implemetation className: org.wso2.broker.auth.authentication.authenticator.impl.JaasAuthenticator # Optional properties properties: loginModule: org.wso2.broker.auth.authentication.jaas.UserStoreLoginModule userStoreConnector: org.wso2.broker.auth.user.impl.FileBasedUserStoreConnector # Broker authorization related configurations. authorization: # Enable the authorization enabled: true authorizer: # Authorizer implemetation className: org.wso2.broker.auth.authorization.authorizer.file.FileBasedUserStoreAuthorizer # Optional properties properties: Appreciate any suggestions. Thanks, Waruna -- Regards, Waruna Lakshitha Jayaweera Senior Software Engineer WSO2 Inc; http://wso2.com phone: +94713255198 http://waruapz.blogspot.com/
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture