+1
On Wed, Jul 22, 2015 at 5:43 PM, Danushka Fernando <[email protected]>
wrote:
> We can do something like thos
>
> @Override
> public void doUpdateCredentialByAdmin(String userName, Object
> newCredential)
> throws UserStoreException {
> if (newCredential != null && !newCredential.equals("")) {
> super.doUpdateCredentialByAdmin(userName,
> newCredential);
> }
> }
>
> Thanks & Regards
> Danushka Fernando
> Senior Software Engineer
> WSO2 inc. http://wso2.com/
> Mobile : +94716332729
>
> On Wed, Jul 22, 2015 at 5:40 PM, Amila Maha Arachchi <[email protected]>
> wrote:
>
>>
>>
>> On Wed, Jul 22, 2015 at 12:49 PM, Manjula Rathnayake <[email protected]>
>> wrote:
>>
>>> Hi all,
>>>
>>> Let me add bit more context here.
>>>
>>> Registering an organization(creating a tenant) was originated from AF in
>>> app cloud. By upon receiving a tenant registration request to AF node, AF
>>> node trigger tenant creation in Stratos nodes(namely Dev,Test,Prod Stratos
>>> manager nodes). All above nodes make use of a single LDAP and tenant admin
>>> user is created only by AF node. But other nodes kept updating the password
>>> of this tenant admin with the same value received from initial tenant
>>> registration flow.
>>>
>>> In cloud setup, we are changing the tenant creation flow as below.
>>> 1. Tenant creation is initiated by cloud management application upon
>>> organization registration. This create a tenant structure in LDAP and
>>> userstore database.
>>> 2. Tenant admin logins and click on app cloud. This triggers tenant
>>> creation process in Stratos nodes.
>>>
>>> Based on above flow, we do not have the tenant admin password in 2nd
>>> step above.
>>>
>>> I am +1 on coming up with a custom userstore manager due to
>>> 1. Minimal changes on existing flow where new userstore manager is
>>> plugged in with config changes.
>>> 2. Cloud already making use of a custom userstore manager, hence
>>> introduction of new method is simple.
>>> 3. Cloud management application already validates the password
>>> requirements in front-end layers, hence ignoring the empty password update
>>> at the backend is acceptable rather patching the kernel with API changes.
>>>
>>
>> IIUC this custom userstore manager needs to be used at stratos manager,
>> correct? In our setup, we already have a custom userstore manager and we
>> will have to override the method you have mentioned, correct?
>>
>> If so, what will happen when we use the same userstore manager in AF
>> instance or the appserver where tenant creation happens?
>>
>> Feels like I am missing something. May be the logic on how to decide to
>> not to update the password?
>>
>>>
>>> thank you.
>>>
>>>
>>>
>>> On Wed, Jul 22, 2015 at 12:13 PM, Punnadi Gunarathna <[email protected]>
>>> wrote:
>>>
>>>> hi All,
>>>>
>>>> In AF latest deployment, AF has a separate UM and Registry database
>>>> where as Straos side has a separate UM and registry database. All are
>>>> pointing to same LDAP.
>>>>
>>>> Once the tenant get registered, login to AF side and click on app
>>>> cloud, a listener will be invoked in Stratos side which does addTenant
>>>> process. Since the user is logged in, the tenant password is set to a
>>>> garbage value and it will be sent to Stratos side. This will update the
>>>> tenant admin password to a garbage value with persistTenant method in
>>>> TenantPesistor [1] (Line no 204).
>>>>
>>>> We thought of writing a custom userstore and override
>>>> updateCredentialByAdmin as follows:
>>>>
>>>> Send either an empty password or a constant from AF side and password
>>>> update will not happen in override method by checking that condition.
>>>>
>>>> Please share your thoughts.
>>>>
>>>>
>>>> [1]
>>>> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/stratos/tenant-mgt/org.wso2.carbon.tenant.mgt.core/2.2.0/src/main/java/org/wso2/carbon/tenant/mgt/core/
>>>> --
>>>> Thanks and Regards,
>>>>
>>>> Punnadi Gunarathna
>>>> Senior Software Engineer,
>>>> WSO2, Inc.; http://wso2.com <http://wso2>
>>>> Blog: http://hi-my-world.blogspot.com/
>>>> Tel : 94 11 214 5345
>>>> Fax :94 11 2145300
>>>>
>>>>
>>>>
>>>> <http://lalajisureshika.blogspot.com/>
>>>>
>>>
>>>
>>>
>>> --
>>> Manjula Rathnayaka
>>> Associate Technical Lead
>>> WSO2, Inc.
>>> Mobile:+94 77 743 1987
>>>
>>
>>
>>
>> --
>> *Amila Maharachchi*
>> Senior Technical Lead
>> WSO2, Inc.; http://wso2.com
>>
>> Blog: http://maharachchi.blogspot.com
>> Mobile: +94719371446
>>
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
--
*Amila Maharachchi*
Senior Technical Lead
WSO2, Inc.; http://wso2.com
Blog: http://maharachchi.blogspot.com
Mobile: +94719371446
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
