So, userStoreManager.authenticate(username, password) and userStoreManager.authenticate(access key, secret key) should yield the same result?
Thanks, Danushka On Tue, Mar 15, 2011 at 5:52 PM, Paul Fremantle <[email protected]> wrote: > > > On 15 March 2011 12:02, Danushka Menikkumbura <[email protected]> wrote: > >> The access key cannot be the username because it is a 20 digit key. See >>> >>> http://docs.amazonwebservices.com/AWSSimpleQueueService/2009-02-01/SQSGettingStartedGuide/ >>> So we need to do something to make it fit that. >>> >> >> When you sign up for an AWS account you get an auto-generated access key >> and a secret key. >> >> I'm still not clear if the secret key is stored separately or just >>> something we calculate from their existing password? >>> >> >> We have to deal with two scenarios here IMO. Those who come through the WS >> API and those who need to use Messageboxes in their Carbon components. For >> the former I think we need to have a provisioning mechanism similar to AWS >> account sign up. >> >> > We don't need *provisioning*. We already provision users. We just need a > simple way that an existing user with an existing account can find out what > their access key/secret key is. > > Paul > > >> The bottom line is that auth/authz is handled by Qpid underneath using >> Carbon user store manager and authorization manager. So the credentials >> created at the time of SQS account creation (if we are going to support >> that) should be transparent to the user store manager and the authz manager. >> > > > > >> >> Thanks, >> Danushka >> > > > > -- > Paul Fremantle > CTO and Co-Founder, WSO2 > OASIS WS-RX TC Co-chair, VP, Apache Synapse > > Office: +44 844 484 8143 > Cell: +44 798 447 4618 > > blog: http://pzf.fremantle.org > twitter.com/pzfreo > [email protected] > > wso2.com Lean Enterprise Middleware > > Disclaimer: This communication may contain privileged or other confidential > information and is intended exclusively for the addressee/s. If you are not > the intended recipient/s, or believe that you may have received this > communication in error, please reply to the sender indicating that fact and > delete the copy you received and in addition, you should not print, copy, > retransmit, disseminate, or otherwise use the information contained in this > communication. Internet communications cannot be guaranteed to be timely, > secure, error or virus-free. The sender does not accept liability for any > errors or omissions. >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
