Hi Vinod,
You have to use the JAAS authorization API, instead calling CarbonPrincipal.
isAuthorized. As an example, let say we have a CarbonPrincipal. So we can
use that principal to build a Subject.
Subject subject = new Subject();
subject.getPrincipals().add(carbonPrincipal);
Then we can use this Subject to call the authorization API,
private boolean isAuthorized(Subject subject, final CarbonPermission
carbonPermission) {
final SecurityManager securityManager;
if (System.getSecurityManager() == null) {
securityManager = new SecurityManager();
} else {
securityManager = System.getSecurityManager();
}
try {
Subject.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> {
securityManager.checkPermission(carbonPermission);
return null;
}, null);
return true;
} catch (AccessControlException | PrivilegedActionException e) {
if (log.isDebugEnabled()) {
log.debug("Authorization Failed", e);
}
return false;
}
}
Thanks,
Thanuja
On Fri, Aug 12, 2016 at 11:18 AM, Manuranga Perera <[email protected]> wrote:
> HI Vinod, shouldn't this be asked in a new thread?
> Hi Rasika, Sajith, You did this recently, right, Can you please help?
>
> On Fri, Aug 12, 2016 at 10:26 AM, Vinod Kavinda <[email protected]> wrote:
>
>> Hi Jayanga,
>> I'm trying to authorize the current user with a particular action. I have
>> used the following code snippet, Is this correct?
>>
>> public static boolean isUserAuthorized(String resource, String action) {
>> CarbonPermission carbonPermission = new CarbonPermission(resource,
>> action);
>> return ((CarbonPrincipal) PrivilegedCarbonContext.getCur
>> rentContext().getUserPrincipal())
>> .isAuthorized(carbonPermission);
>> }
>>
>> Further, how do we define a set of Resources and Actions for them? Any
>> documentation on this?
>>
>> Regards,
>> Vinod
>>
>> On Wed, Aug 10, 2016 at 10:46 PM, Jayanga Kaushalya <[email protected]>
>> wrote:
>>
>>> Hi Prabushi,
>>>
>>> Actually there will be no permissions that directly assigned to the
>>> user. All permissions are assigned through roles. By calling the above
>>> method in user will indirectly get all permissions through roles which are
>>> assigned to that particular user. If you need to get permissions for
>>> specific role, then you can use the same method in role.
>>>
>>> Thanks!
>>>
>>> *Jayanga Kaushalya*
>>> Software Engineer
>>> Mobile: +94777860160
>>> WSO2 Inc. | http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> On Wed, Aug 10, 2016 at 10:31 PM, Prabushi Samarakoon <
>>> [email protected]> wrote:
>>>
>>>> Hi,
>>>>
>>>> Thank you for the clarifications Darshana and Jayanga.
>>>>
>>>> On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya <[email protected]>
>>>> wrote:
>>>>
>>>>> On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon <
>>>>> [email protected]> wrote:
>>>>>
>>>>>>
>>>>>> Hi All,
>>>>>>
>>>>>> 1. Is there an API method to get all the resources permitted to a
>>>>>> particular user or a role?
>>>>>>
>>>>>
>>>>> Yes. You can use the method getPermissions(Action action) [1] in User
>>>>> to retrieve all the permissions assigned to that particular user filtered
>>>>> by the action. Permission is a resource + action. So permissions filtered
>>>>> by the action is a list of permitted resources.
>>>>>
>>>>
>>>> Ah great, now I understood that part. Can we use the same way for a
>>>> role also? But in that case we might get duplicates of the resources right?
>>>>
>>>>>
>>>>>> 2. With this permission model, are we going to introduce the email
>>>>>> based authentication for the products, or remain with the username model?
>>>>>>
>>>>>> 3. In our current management console, we have one view to create the
>>>>>> user, and another view to create the user profile according to the given
>>>>>> http://wso2.org/claims. Is there a particular reason to have the
>>>>>> user profile in a separate view? Do we need to have two views for user
>>>>>> creation and profile in C5 model also?
>>>>>>
>>>>>> Any clarification on above matters is appreciated.
>>>>>>
>>>>>> Thanks and Regards,
>>>>>> Prabushi
>>>>>>
>>>>>> --
>>>>>> *Prabushi Samarakoon*
>>>>>> Software Engineer
>>>>>> Mobile: +94715434580
>>>>>> Email: [email protected]
>>>>>>
>>>>>
>>>>> [1] https://github.com/wso2/carbon-security/blob/master/comp
>>>>> onents/org.wso2.carbon.security.caas/src/main/java/org/wso2/
>>>>> carbon/security/caas/user/core/bean/User.java#L188
>>>>>
>>>>> Thanks!
>>>>>
>>>>
>>>>
>>>> Thanks and Regards.
>>>> --
>>>> *Prabushi Samarakoon*
>>>> Software Engineer
>>>> Mobile: +94715434580
>>>> Email: [email protected]
>>>>
>>>
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [email protected]
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Vinod Kavinda
>> Software Engineer
>> *WSO2 Inc. - lean . enterprise . middleware <http://www.wso2.com>.*
>> Mobile : +94 (0) 712 415544
>> Blog : http://soatechflicks.blogspot.com/
>> [image: http://wso2.com/signature]
>> <http://wso2.com/signature>
>>
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> With regards,
> *Manu*ranga Perera.
>
> phone : 071 7 70 20 50
> mail : [email protected]
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
*Thanuja Lakmal*
Senior Software Engineer
WSO2 Inc. http://wso2.com/
*lean.enterprise.middleware*
Mobile: +94715979891 +94758009992
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
