+1 for the approach.. 'login' is a permission for the Management Console.. - so I believe BE services shouldn't be coupled with it..
If you develop your own clients using the BE services - then you can have your own permissions.... So - we need to treat our FE - one of those clients - who will handle 'login' permission.. Thanks & regards, -Prabath On Wed, Feb 15, 2012 at 10:25 PM, Amila Jayasekara <[email protected]> wrote: > Hi All, > > As i mentioned in the initial mail we will get rid of "login" call to > AuthenticationAdmin and will authenticate users only through provided > authenticators. During this change i realise that we were authorising > (checking whether users have login permission) users at the same time > we authenticate users. IMO the authentication process should not do > any permission checks rather it should only validate the user is a > legitimate user within the system. > > If we need to authorise users we need to make a separate call (We are > yet to identify which component is going to handle authorization). I > will be changing code accordingly. > > If you have any concerns / feedback please let me know. > > Thanks > AmilaJ > > On Wed, Feb 15, 2012 at 8:33 AM, Manjula Rathnayake <[email protected]> > wrote: > > > > > > On Tue, Feb 14, 2012 at 10:14 PM, Sameera Jayasoma <[email protected]> > wrote: > >> > >> https://wso2.org/jira/browse/CARBON-12378 > >> > >> Thanks, > >> Sameera. > >> > >> > >> On Tue, Feb 14, 2012 at 9:50 PM, Amila Jayasekara <[email protected]> > wrote: > >>> > >>> On Tue, Feb 14, 2012 at 9:32 PM, Sameera Jayasoma <[email protected]> > >>> wrote: > >>> > Hi Amila, > >>> > > >>> > +1 for the proposed changes. Please see my comments below. > >>> > > >>> > On Tue, Feb 14, 2012 at 3:22 PM, Amila Jayasekara <[email protected]> > >>> > wrote: > >>> >> > >>> >> Hi All, > >>> >> > >>> >> We had a review discussion on Carbon Authenticators and following > are > >>> >> the review notes. > >>> >> > >>> >> 1. There are some common logic that should be implemented in every > >>> >> authenticator. Currently invoking this logic is duplicated among > >>> >> authenticators. So to avoid that we are planning to come up with an > >>> >> abstract Authenticator implementation. > >>> >> 2. As per now AuthenticationHandler first invokes > AuthenticationAdmin > >>> >> and then it calls chain of authenticators. The AuthenticationAdmin > >>> >> call is not necessary. We need to refactor code in such a way that > >>> >> authenticator it self will only handle authenticating logic (Rather > >>> >> than within the Handler). > >>> >> 3. Properly implement authenticator chaining pattern. Make use > >>> >> “isHandle”, “priority”, “isAuthenticated” methods and make only > >>> >> authenticator aware about the logic. > >>> >> 4. After cleaning up the API, implement “Basic Auth” authenticator. > >>> >> (As first step) > >>> > > >>> > > >>> > 5. Cleanup Carbon.UI framework to improve the plugability of custom > >>> > authenticators. I recently wrote an authenticator, but I had to hard > >>> > code > >>> > some URLs in the CarbonSecurityHttpContext class. Please have a look > at > >>> > the > >>> > following method in this class. > >>> > > >>> > private boolean skipSSOSessionInvalidation(String requestedURI) { > >>> > boolean skipSessionInvalidation = false; > >>> > if ((requestedURI.indexOf("/samlsso") > -1) > >>> > || (requestedURI.indexOf("sso-saml/login.jsp") > -1) > >>> > || > >>> > (requestedURI.indexOf("stratos-sso/login_ajaxprocessor.jsp") > -1) > >>> > || > >>> > (requestedURI.indexOf("sso-saml/redirect_ajaxprocessor.jsp") > -1) > >>> > || > >>> > (requestedURI.indexOf("stratos-sso/redirect_ajaxprocessor.jsp") > -1) > >>> > || > >>> > (requestedURI.indexOf("sso-acs/redirect_ajaxprocessor.jsp") > -1) > >>> > || > >>> > (requestedURI.indexOf("stratos-auth/redirect_ajaxprocessor.jsp") > > -1)) > >>> > { > >>> > skipSessionInvalidation = true; > >>> > } > >>> > return skipSessionInvalidation; > >>> > } > >>> > > >>> > As a part of this effort, lets refactor this bit of code as well. > > > > > > I have looked into this already, I will come up with set of handler > > implementations(same as axis2 handlers) to clean up that lengthy method. > We > > will discuss once I am done with the code. > > > > Thank you. > >>> > >>> > >>> +1. Will take above into consideration as well. If possible please > >>> create a carbon Jira and assigned to me. > >>> > >>> Thanks > >>> AmilaJ > >>> > >>> > > >>> > Thanks, > >>> > Sameera. > >>> > > >>> >> > >>> >> Thanks > >>> >> AmilaJ > >>> >> > >>> >> -- > >>> >> Mobile : +94773330538 > >>> >> > >>> >> _______________________________________________ > >>> >> Carbon-dev mailing list > >>> >> [email protected] > >>> >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>> > > >>> > > >>> > > >>> > > >>> > -- > >>> > Sameera Jayasoma > >>> > Technical Lead and Product Manager, WSO2 Carbon > >>> > > >>> > WSO2, Inc. (http://wso2.com) > >>> > email: [email protected] > >>> > blog: http://tech.jayasoma.org > >>> > > >>> > > >>> > Lean . Enterprise . Middleware > >>> > > >>> > _______________________________________________ > >>> > Carbon-dev mailing list > >>> > [email protected] > >>> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>> > > >>> > >>> > >>> > >>> -- > >>> Mobile : +94773330538 > >>> _______________________________________________ > >>> Carbon-dev mailing list > >>> [email protected] > >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >> > >> > >> > >> > >> -- > >> Sameera Jayasoma > >> Technical Lead and Product Manager, WSO2 Carbon > >> > >> WSO2, Inc. (http://wso2.com) > >> email: [email protected] > >> blog: http://tech.jayasoma.org > >> > >> Lean . Enterprise . Middleware > >> > >> _______________________________________________ > >> Carbon-dev mailing list > >> [email protected] > >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >> > > > > > > > > -- > > Manjula Rathnayaka > > Software Engineer > > WSO2, Inc. > > Mobile:+94 77 743 1987 > > > > _______________________________________________ > > Carbon-dev mailing list > > [email protected] > > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > > > > > -- > Mobile : +94773330538 > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
