On Fri, Jul 23, 2010 at 2:28 PM, Amila Suriarachchi <[email protected]> wrote:
> > > On Fri, Jul 23, 2010 at 9:00 AM, Danushka Menikkumbura > <[email protected]>wrote: > >> Amila, >> >> Anyways the issue is not about negative permissions. It can even be >> something like "let role A create queues that have names starting with >> Temp_" as you just mentioned. How can we have something like that in our >> permission model?. >> > > IMHO what is important is this, > > > "There is an authorization manager that takes care of this." > > At least in theory any authorization manager should have this method. > > isUserAllowed(<userName>, "Permission"); > > From the given rules it should find out the the roles for a particular > permission and from some way it should know the roles for the given user > name. So basically you need to find out how to do that. Generally you need > to implement a Realm interface given by JMS. > In Apache Active Directory, it has its own Authorization manager and there is an Active Directory specific way of writing permissions for objects. Obviously we can not integrate these permission models. The only thing we need to do is to share the User store between components. In Active Directory case Carbon uses Active Directory users. But here I think you need to let JMS Queue to use Carbon users and roles. thanks, Amila. > > thanks, > Amila. > > >> >> Thanks, >> Danushka >> >> On Thu, Jul 22, 2010 at 9:13 PM, Danushka Menikkumbura <[email protected] >> > wrote: >> >>> Hi Amila, >>> >>> >>>> I think first of all you should not try to write deny rules with >>>> security. >>>> >>> >>> In ACL you can write deny statements. I do not understand why we should >>> not anyway. >>> >>> >>>> Generally you can not hard code the user name in a software. >>>> >>> >>> Sorry for using an irrelevent statement. Obviously it has to be a role >>> ;-). >>> >>> Do you need to give the current users to JMS Object and will it evaluate >>>> the rule with any action? >>>> >>> >>> There is an authorization manager that takes care of this. >>> >>> Danushka >>> >> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> >
_______________________________________________ Carbon-dev mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
