On Mon, Nov 22, 2010 at 8:26 PM, Paul Fremantle <p...@wso2.com> wrote:
> Prabath
>
> Do you think we need to tie this into our permission store? Or treat it as
> "application level" permissions.
I think we can get this fit in to the Carbon authorization model - I will
have a chat this afternoon with Manjula...
Thanks & regards,
-Prabath
> The issue is that if we treat it as special for SQS then this can be
> bypassed by accessing AMQP or JMS for the same queues.
>
> Paul
>
> On 22 November 2010 12:40, Manjula Rathnayake <manju...@wso2.com> wrote:
>
>> Hi all,
>>
>> In Simple Queue Service(SQS) we can share queues with other users who have
>> AWS accounts registered.
>> And they don't need to sign up with SQS. We can set permission to actions
>> involved with queue services
>> as an example, SendMessage, DeleteMessage and so on.
>>
>> According to the SQS wsdl, sharing a queue with other users is done by
>> AddPermission() method which
>> takes input parameters as
>> LabelName - String
>> AWSAccountIds - String[]
>> ActionNames - String[]
>>
>> To remove permissions we can use,
>> removePermission(String LabelName)
>>
>> So, It is assumed that for each AWSAccountIds has been given permission
>> to all ActionNames.
>> Is this assumption correct? please have a look and give your comments.
>>
>> Assuming above understanding is correct, checking user permissions to do
>> actions on queue is
>> implemented as below.
>>
>> public class PermissionLabel {
>> private List<String> sharedUserList;
>> private List<String> operationList;
>>
>> public PermissionLabel(List<String> sharedUserList,
>> List<String> operationList) {
>> this.sharedUserList = sharedUserList;
>> this.operationList = operationList;
>> }
>>
>> public List<String> getSharedUserList() {
>> return sharedUserList;
>> }
>>
>> public boolean isSharedForOperation(String loggedInUser, String
>> operation) {
>> if (sharedUserList.contains(loggedInUser) &&
>> operationList.contains(operation)) {
>> return true;
>> } else {
>> return false;
>> }
>> }
>> }
>>
>>
>> More details of these operations is available at [1] and in the attached
>> file.
>> [1].
>> http://docs.amazonwebservices.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/index.html?acp-overview.html#PermissionTypes
>>
>>
>> --
>> Manjula Rathnayaka
>> Software Engineer
>> WSO2, Inc.
>> Mobile:+94 77 743 1987
>>
>> _______________________________________________
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>
>
> --
> Paul Fremantle
> CTO and Co-Founder, WSO2
> OASIS WS-RX TC Co-chair, VP, Apache Synapse
>
> Office: +44 844 484 8143
> Cell: +44 798 447 4618
>
> blog: http://pzf.fremantle.org
> twitter.com/pzfreo
> p...@wso2.com
>
> wso2.com Lean Enterprise Middleware
>
> Disclaimer: This communication may contain privileged or other confidential
> information and is intended exclusively for the addressee/s. If you are not
> the intended recipient/s, or believe that you may have received this
> communication in error, please reply to the sender indicating that fact and
> delete the copy you received and in addition, you should not print, copy,
> retransmit, disseminate, or otherwise use the information contained in this
> communication. Internet communications cannot be guaranteed to be timely,
> secure, error or virus-free. The sender does not accept liability for any
> errors or omissions.
>
> _______________________________________________
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
--
Thanks & Regards,
Prabath Siriwardena
http://blog.facilelogin.com
http://RampartFAQ.com
_______________________________________________
Carbon-dev mailing list
Carbon-dev@wso2.org
https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
