On Mon, Nov 22, 2010 at 9:09 PM, Sanjiva Weerawarana <sanj...@wso2.com>wrote:
> I thought the plan was to do Amazon authn/z later? If we are doing it then
> it must be done right as a common authn and authz thing with full
> integration to the usual Carbon auth as Paul noted.
Authentication is done through the carbon frame work. InMemory
implementation gets the logged in user from the MessageContext. when we add
the SQS authentication then carbon framework picks the user from that and
hence no change to the code.
As I mentioned before this Autherization we have done only to ImMemory
implementation which won't go for production.
We need to use the Trusted authentication mechanism which Paul suggested
when doing the Qpid implementation. And also have to implement
authorization.
Since ImMemory work and other components done, we can start with the Qpid
implementation.
thanks,
Amila.
>
> Sanjiva.
>
> On Mon, Nov 22, 2010 at 6:10 PM, Manjula Rathnayake <manju...@wso2.com>wrote:
>
>> Hi all,
>>
>> In Simple Queue Service(SQS) we can share queues with other users who have
>> AWS accounts registered.
>> And they don't need to sign up with SQS. We can set permission to actions
>> involved with queue services
>> as an example, SendMessage, DeleteMessage and so on.
>>
>> According to the SQS wsdl, sharing a queue with other users is done by
>> AddPermission() method which
>> takes input parameters as
>> LabelName - String
>> AWSAccountIds - String[]
>> ActionNames - String[]
>>
>> To remove permissions we can use,
>> removePermission(String LabelName)
>>
>> So, It is assumed that for each AWSAccountIds has been given permission
>> to all ActionNames.
>> Is this assumption correct? please have a look and give your comments.
>>
>> Assuming above understanding is correct, checking user permissions to do
>> actions on queue is
>> implemented as below.
>>
>> public class PermissionLabel {
>> private List<String> sharedUserList;
>> private List<String> operationList;
>>
>> public PermissionLabel(List<String> sharedUserList,
>> List<String> operationList) {
>> this.sharedUserList = sharedUserList;
>> this.operationList = operationList;
>> }
>>
>> public List<String> getSharedUserList() {
>> return sharedUserList;
>> }
>>
>> public boolean isSharedForOperation(String loggedInUser, String
>> operation) {
>> if (sharedUserList.contains(loggedInUser) &&
>> operationList.contains(operation)) {
>> return true;
>> } else {
>> return false;
>> }
>> }
>> }
>>
>>
>> More details of these operations is available at [1] and in the attached
>> file.
>> [1].
>> http://docs.amazonwebservices.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/index.html?acp-overview.html#PermissionTypes
>>
>>
>> --
>> Manjula Rathnayaka
>> Software Engineer
>> WSO2, Inc.
>> Mobile:+94 77 743 1987
>>
>> _______________________________________________
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>
>
> --
> Sanjiva Weerawarana, Ph.D.
> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/
> email: sanj...@wso2.com; phone: +94 11 763 9622; cell: +94 77 787 6880 |
> +1 650 265 8311
> blog: http://sanjiva.weerawarana.org/
>
> Lean . Enterprise . Middleware
>
_______________________________________________
Carbon-dev mailing list
Carbon-dev@wso2.org
https://wso2.org/cgi-bin/mailman/listinfo/carbon-dev
