Thanks Thanuja. @Rasika,@SajithAR Any idea on defining the resources and actions (permission tree)?
Regards, Vinod On Fri, Aug 12, 2016 at 11:41 AM, Thanuja Jayasinghe <[email protected]> wrote: > Hi Vinod, > > You have to use the JAAS authorization API, instead calling CarbonPrincipa > l.isAuthorized. As an example, let say we have a CarbonPrincipal. So we > can use that principal to build a Subject. > > Subject subject = new Subject(); > > subject.getPrincipals().add(carbonPrincipal); > > Then we can use this Subject to call the authorization API, > > private boolean isAuthorized(Subject subject, final CarbonPermission > carbonPermission) { > > final SecurityManager securityManager; > > if (System.getSecurityManager() == null) { > securityManager = new SecurityManager(); > } else { > securityManager = System.getSecurityManager(); > } > > try { > Subject.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> { > securityManager.checkPermission(carbonPermission); > return null; > }, null); > return true; > } catch (AccessControlException | PrivilegedActionException e) { > if (log.isDebugEnabled()) { > log.debug("Authorization Failed", e); > } > return false; > } > } > > Thanks, > Thanuja > > On Fri, Aug 12, 2016 at 11:18 AM, Manuranga Perera <[email protected]> wrote: > >> HI Vinod, shouldn't this be asked in a new thread? >> Hi Rasika, Sajith, You did this recently, right, Can you please help? >> >> On Fri, Aug 12, 2016 at 10:26 AM, Vinod Kavinda <[email protected]> wrote: >> >>> Hi Jayanga, >>> I'm trying to authorize the current user with a particular action. I >>> have used the following code snippet, Is this correct? >>> >>> public static boolean isUserAuthorized(String resource, String action) { >>> CarbonPermission carbonPermission = new CarbonPermission(resource, >>> action); >>> return ((CarbonPrincipal) PrivilegedCarbonContext.getCur >>> rentContext().getUserPrincipal()) >>> .isAuthorized(carbonPermission); >>> } >>> >>> Further, how do we define a set of Resources and Actions for them? Any >>> documentation on this? >>> >>> Regards, >>> Vinod >>> >>> On Wed, Aug 10, 2016 at 10:46 PM, Jayanga Kaushalya <[email protected]> >>> wrote: >>> >>>> Hi Prabushi, >>>> >>>> Actually there will be no permissions that directly assigned to the >>>> user. All permissions are assigned through roles. By calling the above >>>> method in user will indirectly get all permissions through roles which are >>>> assigned to that particular user. If you need to get permissions for >>>> specific role, then you can use the same method in role. >>>> >>>> Thanks! >>>> >>>> *Jayanga Kaushalya* >>>> Software Engineer >>>> Mobile: +94777860160 >>>> WSO2 Inc. | http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> On Wed, Aug 10, 2016 at 10:31 PM, Prabushi Samarakoon < >>>> [email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> Thank you for the clarifications Darshana and Jayanga. >>>>> >>>>> On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya <[email protected]> >>>>> wrote: >>>>> >>>>>> On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> 1. Is there an API method to get all the resources permitted to a >>>>>>> particular user or a role? >>>>>>> >>>>>> >>>>>> Yes. You can use the method getPermissions(Action action) [1] in User >>>>>> to retrieve all the permissions assigned to that particular user filtered >>>>>> by the action. Permission is a resource + action. So permissions filtered >>>>>> by the action is a list of permitted resources. >>>>>> >>>>> >>>>> Ah great, now I understood that part. Can we use the same way for a >>>>> role also? But in that case we might get duplicates of the resources >>>>> right? >>>>> >>>>>> >>>>>>> 2. With this permission model, are we going to introduce the email >>>>>>> based authentication for the products, or remain with the username >>>>>>> model? >>>>>>> >>>>>>> 3. In our current management console, we have one view to create the >>>>>>> user, and another view to create the user profile according to the given >>>>>>> http://wso2.org/claims. Is there a particular reason to have the >>>>>>> user profile in a separate view? Do we need to have two views for user >>>>>>> creation and profile in C5 model also? >>>>>>> >>>>>>> Any clarification on above matters is appreciated. >>>>>>> >>>>>>> Thanks and Regards, >>>>>>> Prabushi >>>>>>> >>>>>>> -- >>>>>>> *Prabushi Samarakoon* >>>>>>> Software Engineer >>>>>>> Mobile: +94715434580 >>>>>>> Email: [email protected] >>>>>>> >>>>>> >>>>>> [1] https://github.com/wso2/carbon-security/blob/master/comp >>>>>> onents/org.wso2.carbon.security.caas/src/main/java/org/wso2/ >>>>>> carbon/security/caas/user/core/bean/User.java#L188 >>>>>> >>>>>> Thanks! >>>>>> >>>>> >>>>> >>>>> Thanks and Regards. >>>>> -- >>>>> *Prabushi Samarakoon* >>>>> Software Engineer >>>>> Mobile: +94715434580 >>>>> Email: [email protected] >>>>> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> Vinod Kavinda >>> Software Engineer >>> *WSO2 Inc. - lean . enterprise . middleware <http://www.wso2.com>.* >>> Mobile : +94 (0) 712 415544 >>> Blog : http://soatechflicks.blogspot.com/ >>> [image: http://wso2.com/signature] >>> <http://wso2.com/signature> >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> With regards, >> *Manu*ranga Perera. >> >> phone : 071 7 70 20 50 >> mail : [email protected] >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Thanuja Lakmal* > Senior Software Engineer > WSO2 Inc. http://wso2.com/ > *lean.enterprise.middleware* > Mobile: +94715979891 +94758009992 > -- Vinod Kavinda Software Engineer *WSO2 Inc. - lean . enterprise . middleware <http://www.wso2.com>.* Mobile : +94 (0) 712 415544 Blog : http://soatechflicks.blogspot.com/ [image: http://wso2.com/signature] <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
