User manager.xml thanks, Amila.
On Tue, May 17, 2011 at 9:19 AM, Amila Suriarachchi <[email protected]> wrote: > > > On Mon, May 16, 2011 at 6:58 PM, Dimuthu Leelarathne <[email protected]>wrote: > >> hi, >> >> On Mon, May 16, 2011 at 8:23 AM, Amila Suriarachchi <[email protected]>wrote: >> >>> hi, >>> >>> This is regarding this issue[1]. >>> >>> Can we change the admin role name? if so what is the meaning of the >>> ADMIN_ROLE = "admin" in >>> org.wso2.carbon.utils.ServerConstants? >>> >>> >> We don't have a hard-coded admin rolename. >> +1 for removing it or if it is used for some other purpose rename it. >> > > I renamed the admin and every one Roles. But still see the admin role as. > > Please see the attachments. > > thanks, > Amila, > >> >> tx, >> dimuthul >> >> >>> And also, >>> >>> userRealm.getAuthorizationManager().isUserAuthorized( >>> loggedInUser, topicResourcePath, >>> EventBrokerConstants.EB_PERMISSION_CHANGE_PERMISSION) >>> >>> returns false if user is not explicitly given the permission to that >>> resource. But in carbon there is a convention to >>> allow any user in admin role to do any activity. Then why don't we add >>> that rule too to the user manager. >>> >>> Then everyone does not have to repeat admin role check every where. >>> >>> thanks, >>> Amila. >>> >>> >>> [1] https://wso2.org/jira/browse/CARBON-9959 >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> >
<!-- ~ Copyright 2005-2007 WSO2, Inc. (http://wso2.com) ~ ~ Licensed under the Apache License, Version 2.0 (the "License"); ~ you may not use this file except in compliance with the License. ~ You may obtain a copy of the License at ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, software ~ distributed under the License is distributed on an "AS IS" BASIS, ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the License for the specific language governing permissions and ~ limitations under the License. --> <UserManager> <Realm> <Configuration> <AdminRole>adminRole</AdminRole> <AdminUser> <UserName>admin</UserName> <Password>admin</Password> </AdminUser> <EveryOneRoleName>everyoneRole</EveryOneRoleName> <!-- By default users in this role sees the registry root --> <Property name="url">jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE</Property> <Property name="userName">wso2carbon</Property> <Property name="password">wso2carbon</Property> <Property name="driverName">org.h2.Driver</Property> <Property name="maxActive">50</Property> <Property name="maxWait">60000</Property> <Property name="minIdle">5</Property> </Configuration> <!-- Following is the default user store manager. This user store manager is based on embedded-apacheds LDAP. It reads/writes users and roles into the default apacheds LDAP user store. Descriptions about each of the following properties can be found in user management documentation of the respective product. Note: Do not comment within UserStoreManager tags. Cause, specific tag names are used as tokens when building configurations for products. --> <UserStoreManager class="org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager"> <Property name="ReadOnly">false</Property> <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">admin</Property> <Property name="passwordHashMethod">SHA</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserEntryObjectClass">wso2Person</Property> <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="PasswordJavaScriptRegEx">[\\S]{5,30}</Property> <Property name="UsernameJavaScriptRegEx">[\\S]{3,30}</Property> <Property name="UsernameJavaRegEx">^[^~!@#$;%^*+={}\\|\\\\<>]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">[\\S]{3,30}</Property> <Property name="RolenameJavaRegEx">^[^~!@#$;%^*+={}\\|\\\\<>]{3,30}$</Property> <Property name="ReadLDAPGroups">true</Property> <Property name="WriteLDAPGroups">true</Property> <Property name="EmptyRolesAllowed">true</Property> <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupEntryObjectClass">groupOfNames</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="MembershipAttribute">member</Property> </UserStoreManager> <!-- Following is the configuration for internal JDBC user store. This user store manager is based on JDBC. In case if application needs to manage passwords externally set property <Property name="PasswordsExternallyManaged">true</Property>. Furthermore properties, IsEmailUserName and DomainCalculation are readonly properties. Note: Do not comment within UserStoreManager tags. Cause, specific tag names are used as tokens when building configurations for products. --> <!--UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> <Property name="ReadOnly">false</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="IsEmailUserName">false</Property> <Property name="DomainCalculation">default</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="UserNameUniqueAcrossTenants">false</Property> <Property name="PasswordJavaRegEx">[\S]{5,30}$</Property> <Property name="PasswordJavaScriptRegEx">[\\S]{5,30}</Property> <Property name="UsernameJavaRegEx">^[^~!@#$;%^*+={}\\|\\\\<>]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">[\\S]{3,30}</Property> <Property name="RolenameJavaRegEx">^[^~!@#$;%^*+={}\\|\\\\<>]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">[\\S]{3,30}</Property> </UserStoreManager--> <!-- If product is using an external LDAP as the user store in read only mode, use following user manager --> <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> <Property name="ReadOnly">true</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="ConnectionURL">ldap://localhost:10389</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">admin123</Property> <Property name="UserSearchBase">ou=system</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserNameAttribute">uid</Property> <Property name="ReadLDAPGroups">false</Property> <Property name="GroupSearchBase">ou=system</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="MembershipAttribute">member</Property> </UserStoreManager--> <!-- Active directory configuration is as follows. This only operates under read mode. --> <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.LDAPUserStoreManager"> <Property name="ReadOnly">true</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="ConnectionURL">ldap://10.100.1.211:389</Property> <Property name="ConnectionName">cn=Administrator,cn=users,dc=wso2,dc=lk</Property> <Property name="ConnectionPassword">admin123</Property> <Property name="UserSearchBase">cn=users,dc=wso2,dc=lk</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserNameAttribute">sAMAccountName</Property> <Property name="ReadLDAPGroups">true</Property> <Property name="GroupSearchBase">cn=users,dc=wso2,dc=lk</Property> <Property name="GroupNameListFilter">(objectcategory=group)</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="MemberOfAttribute">memberOf</Property> </UserStoreManager --> <!-- If product is using an external LDAP as the user store in read/write mode, use following user manager --> <!--UserStoreManager class="org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager"> <Property name="ReadOnly">false</Property> <Property name="ConnectionURL">ldap://localhost:10389</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">secret</Property> <Property name="passwordHashMethod">SHA</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserEntryObjectClass">inetOrgPerson</Property> <Property name="UserSearchBase">ou=system</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="PasswordJavaScriptRegEx">[\\S]{5,30}</Property> <Property name="ReadLDAPGroups">true</Property> <Property name="WriteLDAPGroups">true</Property> <Property name="EmptyRolesAllowed">false</Property> <Property name="GroupSearchBase">ou=system</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupEntryObjectClass">groupOfNames</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="MembershipAttribute">member</Property> </UserStoreManager--> <!-- Following user manager is used by Identity Server (IS) as its default user manager. IS will do token replacement when building the product. Therefore do not change the syntax. If "kdcEnabled" parameter is true, IS will allow service principle management. Thus "ServicePasswordJavaRegEx", "ServiceNameJavaRegEx" properties control the service name format and service password formats. --> <!--ISUserStoreManager class="org.wso2.carbon.user.core.ldap.ApacheDSUserStoreManager"> <Property name="defaultRealmName">WSO2.ORG</Property> <Property name="kdcEnabled">false</Property> <Property name="ReadOnly">false</Property> <Property name="ConnectionURL">ldap://localhost:${Ports.EmbeddedLDAP.LDAPServerPort}</Property> <Property name="ConnectionName">uid=admin,ou=system</Property> <Property name="ConnectionPassword">admin</Property> <Property name="passwordHashMethod">SHA</Property> <Property name="UserNameListFilter">(objectClass=person)</Property> <Property name="UserEntryObjectClass">wso2Person</Property> <Property name="UserSearchBase">ou=Users,dc=wso2,dc=org</Property> <Property name="UserNameSearchFilter">(&(objectClass=person)(uid=?))</Property> <Property name="UserNameAttribute">uid</Property> <Property name="PasswordJavaScriptRegEx">[\\S]{5,30}</Property> <Property name="ServicePasswordJavaRegEx">[\\S]{5,30}</Property> <Property name="ServiceNameJavaRegEx">[\\S]{2,30}/[\\S]{2,30}</Property> <Property name="ReadLDAPGroups">true</Property> <Property name="WriteLDAPGroups">true</Property> <Property name="EmptyRolesAllowed">true</Property> <Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=org</Property> <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property> <Property name="GroupEntryObjectClass">groupOfNames</Property> <Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property> <Property name="GroupNameAttribute">cn</Property> <Property name="MembershipAttribute">member</Property> </ISUserStoreManager--> <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"> <Property name="AdminRoleManagementPermissions">/permission</Property> </AuthorizationManager> <!-- * This configuration is used when Single Sign-on is enabled across Carbon Servers. 1. Login Page : Login Page of the server. Eg : - /carbon/admin/login.jsp for Carbon and /carbon/tenant-login/login_ajaxprocessor.jsp for Stratos 2. ServiceProviderID : A unique id for the server. this needs to be matched with the Issuer ID set at the Identity Provider end. 3. IdentityProviderSSOServiceURL : SSO service URL at the Identity Provider --> <!-- <SAML2SSOConfiguration> <LoginPage>/carbon/admin/login.jsp</LoginPage> <ServiceProviderID>carbonServer</ServiceProviderID> <IdentityProviderSSOServiceURL>https://localhost:9443/samlsso</IdentityProviderSSOServiceURL> </SAML2SSOConfiguration> --> </Realm> </UserManager>
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
