Not all security scenarios require the roles. For example, the Sign-Only security scenarios only requires the keystores. Better verify the allowRoles parameter for all the scenario that do require it though.
On Tue, Mar 24, 2015 at 2:31 PM, Sohani Weerasinghe <[email protected]> wrote: > Hi Chanaka, > > I have implemented creating security policy files via Developer Studio and > user role implementation hasn't completed yet since I am waiting for IS > team's input on this. I have discussed this issue @architecture "Implementing > User Roles configurations for security policies with Developer Studio" and > based on the IS team's update, we can continue our implementation. > > Also, I'll check the parameter which Susinda mentioned for all the > scenarios and if we can use this parameter I think we can proceed with this. > > Thanks, > Sohani > > Sohani Weerasinghe > Software Engineer > WSO2, Inc: http://wso2.com > > Mobile : +94 716439774 > Blog :http://christinetechtips.blogspot.com/ > Twitter : https://twitter.com/sohanichristine > > On Tue, Mar 24, 2015 at 2:21 PM, Chanaka Fernando <[email protected]> > wrote: > >> Hi Susinda, >> >> That would be great if we can get this done by using this parameter. But >> we need to check whether there are any other meta information needed for >> other security mechanisms. >> >> Thanks, >> Chanaka >> >> On Tue, Mar 24, 2015 at 2:13 PM, Susinda Perera <[email protected]> wrote: >> >>> Hi Chanaka >>> >>> On Tue, Mar 24, 2015 at 2:00 PM, Chanaka Fernando <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> I am writing this mail to take the discussions related to $subject in >>>> to a single place. With the ESB 4.9.0 release, we are removing the UI >>>> capability of applying security policies from the management console. Going >>>> forward, users can only apply security policies to ESB proxy services using >>>> developer studio. Even though this functionality is already available in >>>> the Developer Studio, it has some edge cases when we use that approach. One >>>> such limitation is that there is no place to select the users/roles in the >>>> developer studio when applying the security policy. Currently, this >>>> information is stored in meta files and with the 4.9.0 version, service >>>> meta files are removed. Plan is to store this information in registry and >>>> access from their. From the Developer Studio also, it will create the >>>> registry file when applying security policies. >>>> >>> Recently i came across a issue where i had to add UTTokenPolicy from >>> DevStudio, i was able to get this done by adding <parameter >>> name="allowRoles">admin</parameter> to the proxy config. Wouldnt this >>> be easy than storing them in registry and accessing again. >>> >>>> >>>> This would be a necessary feature for ESB 4.9.0 release since this will >>>> effect the entire security applying process going forward. >>>> >>>> @Godwin: Please add if I have missed anything and give us some update >>>> on the status from the security side. >>>> >>>> @Sohani/DevS team: Please give us some update on this implementation. >>>> >>>> >>>> Thanks, >>>> Chanaka >>>> >>>> >>>> -- >>>> -- >>>> Chanaka Fernando >>>> Technical Lead >>>> WSO2, Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> mobile: +94 773337238 >>>> Blog : http://soatutorials.blogspot.com >>>> LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>> Twitter:https://twitter.com/chanakaudaya >>>> Wordpress:http://chanakaudaya.wordpress.com >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> *Susinda Perera* >>> Software Engineer >>> Mobile:(+94)716049075 >>> >>> WSO2 Inc. http://wso2.com/ >>> Tel : 94 11 214 5345 Fax :94 11 2145300 >>> >>> >> >> >> -- >> -- >> Chanaka Fernando >> Technical Lead >> WSO2, Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: +94 773337238 >> Blog : http://soatutorials.blogspot.com >> LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >> Twitter:https://twitter.com/chanakaudaya >> Wordpress:http://chanakaudaya.wordpress.com >> >> >> >> > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Kasun Gajasinghe*Senior Software Engineer, WSO2 Inc. email: kasung AT spamfree wso2.com linked-in: http://lk.linkedin.com/in/gajasinghe blog: http://kasunbg.org
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
