That is for fine-grained authorization with XACML. I was talking about the role-permission based authorization we have for all our admin service stuff which comes from user.core and is part of all the products.
On Mon, Nov 17, 2014 at 10:19 AM, Danesh Kuruppu <[email protected]> wrote: > Hi Johann, > > Are we need separate Identity Server instance running as PDP for this > approach. I have gone through the AS sample [1], there we need to start IS > instance. > > [1] > https://docs.wso2.com/display/AS521/Checking+the+Authorization+of+WebApp+Requests > > Can we setup PDP in the product(e.g: GREG Product) itself rather using > separate IS instance as PDP ? > > Thanks > Danesh > > > On Sun, Nov 16, 2014 at 7:20 AM, Danesh Kuruppu <[email protected]> wrote: > >> Thanks Johann, I will check >> >> On Sat, Nov 15, 2014 at 7:37 AM, Johann Nallathamby <[email protected]> >> wrote: >> >>> >>> >>> On Sat, Nov 15, 2014 at 7:32 AM, Johann Nallathamby <[email protected]> >>> wrote: >>> >>>> Carbon products follow a fine-grained permission based approach. So >>>> first you should define relevant set of permissions for your webapp. Then >>>> you should be able to enforce access control using the authentication and >>>> authorization facilities provided by the OSGi realm service. >>>> >>> >>> Actually not the OSGi service, but you can get it from CarbonConext as >>> follows. >>> >>> CarbonContext.getThreadLocalCarbonContext().getUserRealm() >>> >>>> >>>> On Fri, Nov 14, 2014 at 8:08 AM, Danesh Kuruppu <[email protected]> >>>> wrote: >>>> >>>>> Hi all, >>>>> >>>>> I am currently working on upgrading the solr in registry indexing. >>>>> with the proposed design, we are going to deploy solr webapp in the carbon >>>>> server and use it for registry indexing and we need to allow accessing >>>>> solr >>>>> web app only for admin users. >>>>> >>>>> What is the best way I could follow to restrict the web app access in >>>>> carbon server. >>>>> >>>>> Thanks >>>>> -- >>>>> >>>>> Danesh Kuruppu >>>>> Software Engineer >>>>> WSO2 Inc, >>>>> Mobile: +94 (77) 1690552 >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Thanks & Regards, >>>> >>>> *Johann Dilantha Nallathamby* >>>> Associate Technical Lead & Product Lead of WSO2 Identity Server >>>> Integration Technologies Team >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile - *+94777776950* >>>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>>> >>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Associate Technical Lead & Product Lead of WSO2 Identity Server >>> Integration Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>* >>> >> >> >> >> -- >> >> Danesh Kuruppu >> Software Engineer >> WSO2 Inc, >> Mobile: +94 (77) 1690552 >> > > > > -- > > Danesh Kuruppu > Software Engineer > WSO2 Inc, > Mobile: +94 (77) 1690552 > -- Thanks & Regards, *Johann Dilantha Nallathamby* Associate Technical Lead & Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
