Hi,
I'm using below code to check whether a given user is authorized with
respect to a specific permission which is stored in the registry.
boolean isUserAuthorized =
CarbonContext.getThreadLocalCarbonContext().getUserRealm().
getAuthorizationManager().isUserAuthorized(username,
permission, permissionMethod);
for an example, if I check with following parameters, it returns *true*.
usernameadminpermission
/_system/governance/permission/admin/device-mgt/enrollmentpermissionMethod
write
return*true*
However, even if I check a permission which is actually not stored in the
registry at the moment also returns *true* for an user who is having an
admin role.
ex:
usernameadminpermissionaaaaaaaaabbbbbbbb
permissionMethodwrite
return*true*
Is this an expected
behaviour?
Regards,
--
*Milan Harindu Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: [email protected] <[email protected]> | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
