Following improvements have been added to the feature. Email and REST (XML and JSON) notifications are supported. Currently this module can be configured for one of the notification types. Notification types include EMAIL, REST XML or REST JSON. Notifications can be generated for both PAP policy store and PDP policy store.
Currently Notification can contain policy identifier, user (the user who perform the action on the policy) and action name (whether the action is –> add, update, delete, enable) On the part of notifications on User operations, A user operation listener is registered, and this listener will take care of sending notification to external end points on a user operation. Notification types include EMAIL , REST XML or REST JSON. In this implementation, email notification functionality can be enabled in spite of whether you are using one of the other two notification types. These two parts (notification generation for user operations and notification generation for PAP policy store and PDP policy store) are strongly decoupled, since the notification generation for user operation action is a general requirement (Not related to XACML). On Mon, Sep 22, 2014 at 5:58 PM, Hasintha Indrajee <[email protected]> wrote: > Hi all, > > I am implementing $subject. The original requirement is to send > notifications to external PEP endpoints on an event of cache invalidation. > As per the discussion with Asela, sending notifications to PEP endpoints on > cache invalidation due to cache timeout is not essential. Sending > notifications when changes to identities are made is sufficient. > > Below is a summery of the implementation > > Requirement - IS needs to issue a cache invalidation notification when > changes are made to identities and permissions - implemented a user > management listener for this. On all post user operation methods, this > listener clear all following three caches which are in entitlement > component. > > 1) PIP_ATTRIBUTE_CACHE > 2) PDP_DECISION_INVALIDATION_CACHE > 3) ENTITLEMENT_POLICY_INVALIDATION_CACHE > > Requirement - WSO2 callback authentication. IS is a client that sends > cache invalidation requests to PEP cache RESTful service. The notification > sender should be authenticated. - The PEP endpoints are read from > entitlement.properties and usernames and passwords also read from property > file. On an event of cache invalidation due to user operation, a simple > post requests are sent to the configured endpoints. Basic Authentication > will be used as the authentication method for PEP endpoints. A > configuration builder takes care of reading endpoints from a given method. > Current implementation is the default implementation which reads > configuration from entitlement.property file. > > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
