On Thu, Jul 11, 2013 at 2:43 PM, Amila Suriarachchi <[email protected]> wrote:
> > > > On Thu, Jul 11, 2013 at 12:47 PM, Prabath Siriwardena <[email protected]>wrote: > >> No. Users roles coming from the UserStoreManager. AuthorizationManager is >> about permissions. > > > yes that is how it has written but roles are related to access control > (Authorisation). > > I just look at the tomcat relam[1] and that seems to be the realm object > used in Jboss as well. I can understand that we have more requirements > compared to what is given there. But IMHO add/delete/edit functionality has > to go to separate admin APIs. Those apis just to manage the user store. But > what other components needs is just authentication and authorisation. > Here is another example. Registry has following method. This method is used to check whether a given user in admin role and allow some permissions (see the usage of this method) to user. If we have an hasRole method as in here[1] we shall not require this method and code would have written as userRealm.hasRole(userName, "admin"); public static boolean hasAdminAuthorizations(String userName, UserRealm userRealm) throws RegistryException { try { UserStoreManager userStoreReader = userRealm.getUserStoreManager(); RealmConfiguration realmConfig; try { realmConfig = userRealm.getRealmConfiguration(); } catch (UserStoreException e) { String msg = "Failed to retrieve realm configuration."; log.error(msg, e); throw new RegistryException(msg, e); } String systemUser = CarbonConstants.REGISTRY_SYSTEM_USERNAME; if (systemUser.equals(userName)) { return true; } String adminUser = realmConfig.getAdminUserName(); if (adminUser.equals(userName)) { return true; } String[] roles = userStoreReader.getRoleListOfUser(userName); String adminRoleName = realmConfig.getAdminRoleName(); if (containsString(adminRoleName, roles)) { return true; } } catch (UserStoreException e) { String msg = "Failed to check authorization level of user " + userName + ". Caused by: " + e.getMessage(); log.error(msg, e); throw new RegistryException(msg, e); } return false; } thanks, Amila. [1] http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/Realm.html > > With C5 we can keep such a simple API at core level and put admin > functionality to carbon components. > > thanks, > Amila. > > > [1] > http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/Realm.html > >> >> Thanks & regards, >> -Prabath >> >> >> On Thu, Jul 11, 2013 at 12:42 PM, Amila Suriarachchi <[email protected]>wrote: >> >>> >>> >>> >>> On Thu, Jul 11, 2013 at 10:21 AM, Prabath Siriwardena >>> <[email protected]>wrote: >>> >>>> UserStoreManager API is not clean at all.. There so many stuff can >>>> remove... Also maintain two interfaces one in the core and another in API. >>>> We need to get rid of the interface in core.. >>>> >>>> On Thu, Jul 11, 2013 at 10:06 AM, Asela Pathberiya <[email protected]>wrote: >>>> >>>>> Hi All, >>>>> >>>>> I am not sure why we are keeping following method in the API... Sorry, >>>>> if i have missed any thing.... If there are on any usage, we can remove >>>>> them... >>>>> >>>>> 1. String[] getAllSecondaryRoles() >>>>> >>>>> Why we need only the roles of secondary user store? >>>>> >>>> >>>> This is useful.. In a multi-tenanted environment - primary user store >>>> is governed by the super tenant.. It's also better to have a method >>>> getRoles(String userStoreDomain). >>>> >>> >>> This is wrong. You should not try to get the roles from the UserStore. >>> Roles has to come from the Authorization manager. >>> >>> thanks, >>> Amila. >>> >>>> >>>> Thanks & regards, >>>> -Prabath >>>> >>>> >>>>> >>>>> 2. int getTenantId(String username) >>>>> >>>>> Once user is authenticated, we knows the tenant Id. Else why we need >>>>> to get the tenant id of a user who is not in its tenant space ? >>>>> >>>>> 3. int getUserId(String username) >>>>> >>>>> What is the use of user id? It seems to this is auto increment value >>>>> of UM_USER table >>>>> >>>>> 4. int getTenantId() >>>>> >>>>> I guess, tenant Id is not need to expose via user store manager API, >>>>> it is available with carbon context >>>>> >>>>> Thanks, >>>>> Asela. >>>>> >>>>> -- >>>>> Thanks & Regards, >>>>> Asela >>>>> >>>>> Mobile : +94 777 625 933 >>>>> >>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> Prabath >>>> >>>> Mobile : +94 71 809 6732 >>>> >>>> http://blog.facilelogin.com >>>> http://RampartFAQ.com >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> *Amila Suriarachchi* >>> >>> Software Architect >>> WSO2 Inc. ; http://wso2.com >>> lean . enterprise . middleware >>> >>> phone : +94 71 3082805 >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > -- > *Amila Suriarachchi* > > Software Architect > WSO2 Inc. ; http://wso2.com > lean . enterprise . middleware > > phone : +94 71 3082805 > -- *Amila Suriarachchi* Software Architect WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 71 3082805
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
