Hi all, I am implementing $subject. The original requirement is to send notifications to external PEP endpoints on an event of cache invalidation. As per the discussion with Asela, sending notifications to PEP endpoints on cache invalidation due to cache timeout is not essential. Sending notifications when changes to identities are made is sufficient.
Below is a summery of the implementation Requirement - IS needs to issue a cache invalidation notification when changes are made to identities and permissions - implemented a user management listener for this. On all post user operation methods, this listener clear all following three caches which are in entitlement component. 1) PIP_ATTRIBUTE_CACHE 2) PDP_DECISION_INVALIDATION_CACHE 3) ENTITLEMENT_POLICY_INVALIDATION_CACHE Requirement - WSO2 callback authentication. IS is a client that sends cache invalidation requests to PEP cache RESTful service. The notification sender should be authenticated. - The PEP endpoints are read from entitlement.properties and usernames and passwords also read from property file. On an event of cache invalidation due to user operation, a simple post requests are sent to the configured endpoints. Basic Authentication will be used as the authentication method for PEP endpoints. A configuration builder takes care of reading endpoints from a given method. Current implementation is the default implementation which reads configuration from entitlement.property file.
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
