On Fri, Jul 23, 2010 at 9:00 AM, Danushka Menikkumbura <[email protected]>wrote:
> Amila, > > Anyways the issue is not about negative permissions. It can even be > something like "let role A create queues that have names starting with > Temp_" as you just mentioned. How can we have something like that in our > permission model?. > IMHO what is important is this, "There is an authorization manager that takes care of this." At least in theory any authorization manager should have this method. isUserAllowed(<userName>, "Permission"); >From the given rules it should find out the the roles for a particular permission and from some way it should know the roles for the given user name. So basically you need to find out how to do that. Generally you need to implement a Realm interface given by JMS. thanks, Amila. > > Thanks, > Danushka > > On Thu, Jul 22, 2010 at 9:13 PM, Danushka Menikkumbura > <[email protected]>wrote: > >> Hi Amila, >> >> >>> I think first of all you should not try to write deny rules with >>> security. >>> >> >> In ACL you can write deny statements. I do not understand why we should >> not anyway. >> >> >>> Generally you can not hard code the user name in a software. >>> >> >> Sorry for using an irrelevent statement. Obviously it has to be a role >> ;-). >> >> Do you need to give the current users to JMS Object and will it evaluate >>> the rule with any action? >>> >> >> There is an authorization manager that takes care of this. >> >> Danushka >> > > > _______________________________________________ > Carbon-dev mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >
_______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
