> > Any idea on defining the resources and actions (permission tree)? > We are still working on the UI (user management UI component) for this. Until it is completed you can define permission via CAAS APIs.
Thanks. On Fri, Aug 12, 2016 at 12:02 PM, Vinod Kavinda <[email protected]> wrote: > Thanks Thanuja. > @Rasika,@SajithAR > Any idea on defining the resources and actions (permission tree)? > > Regards, > Vinod > > On Fri, Aug 12, 2016 at 11:41 AM, Thanuja Jayasinghe <[email protected]> > wrote: > >> Hi Vinod, >> >> You have to use the JAAS authorization API, instead calling >> CarbonPrincipal.isAuthorized. As an example, let say we have a >> CarbonPrincipal. So we can use that principal to build a Subject. >> >> Subject subject = new Subject(); >> >> subject.getPrincipals().add(carbonPrincipal); >> >> Then we can use this Subject to call the authorization API, >> >> private boolean isAuthorized(Subject subject, final CarbonPermission >> carbonPermission) { >> >> final SecurityManager securityManager; >> >> if (System.getSecurityManager() == null) { >> securityManager = new SecurityManager(); >> } else { >> securityManager = System.getSecurityManager(); >> } >> >> try { >> Subject.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> { >> securityManager.checkPermission(carbonPermission); >> return null; >> }, null); >> return true; >> } catch (AccessControlException | PrivilegedActionException e) { >> if (log.isDebugEnabled()) { >> log.debug("Authorization Failed", e); >> } >> return false; >> } >> } >> >> Thanks, >> Thanuja >> >> On Fri, Aug 12, 2016 at 11:18 AM, Manuranga Perera <[email protected]> wrote: >> >>> HI Vinod, shouldn't this be asked in a new thread? >>> Hi Rasika, Sajith, You did this recently, right, Can you please help? >>> >>> On Fri, Aug 12, 2016 at 10:26 AM, Vinod Kavinda <[email protected]> wrote: >>> >>>> Hi Jayanga, >>>> I'm trying to authorize the current user with a particular action. I >>>> have used the following code snippet, Is this correct? >>>> >>>> public static boolean isUserAuthorized(String resource, String action) { >>>> CarbonPermission carbonPermission = new CarbonPermission(resource, >>>> action); >>>> return ((CarbonPrincipal) PrivilegedCarbonContext.getCur >>>> rentContext().getUserPrincipal()) >>>> .isAuthorized(carbonPermission); >>>> } >>>> >>>> Further, how do we define a set of Resources and Actions for them? Any >>>> documentation on this? >>>> >>>> Regards, >>>> Vinod >>>> >>>> On Wed, Aug 10, 2016 at 10:46 PM, Jayanga Kaushalya <[email protected]> >>>> wrote: >>>> >>>>> Hi Prabushi, >>>>> >>>>> Actually there will be no permissions that directly assigned to the >>>>> user. All permissions are assigned through roles. By calling the above >>>>> method in user will indirectly get all permissions through roles which are >>>>> assigned to that particular user. If you need to get permissions for >>>>> specific role, then you can use the same method in role. >>>>> >>>>> Thanks! >>>>> >>>>> *Jayanga Kaushalya* >>>>> Software Engineer >>>>> Mobile: +94777860160 >>>>> WSO2 Inc. | http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>>> On Wed, Aug 10, 2016 at 10:31 PM, Prabushi Samarakoon < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> Thank you for the clarifications Darshana and Jayanga. >>>>>> >>>>>> On Wed, Aug 10, 2016 at 8:08 PM, Jayanga Kaushalya <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> On Wed, Aug 10, 2016 at 5:56 PM, Prabushi Samarakoon < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> 1. Is there an API method to get all the resources permitted to a >>>>>>>> particular user or a role? >>>>>>>> >>>>>>> >>>>>>> Yes. You can use the method getPermissions(Action action) [1] in >>>>>>> User to retrieve all the permissions assigned to that particular user >>>>>>> filtered by the action. Permission is a resource + action. So >>>>>>> permissions >>>>>>> filtered by the action is a list of permitted resources. >>>>>>> >>>>>> >>>>>> Ah great, now I understood that part. Can we use the same way for a >>>>>> role also? But in that case we might get duplicates of the resources >>>>>> right? >>>>>> >>>>>>> >>>>>>>> 2. With this permission model, are we going to introduce the email >>>>>>>> based authentication for the products, or remain with the username >>>>>>>> model? >>>>>>>> >>>>>>>> 3. In our current management console, we have one view to create >>>>>>>> the user, and another view to create the user profile according to the >>>>>>>> given http://wso2.org/claims. Is there a particular reason to have >>>>>>>> the user profile in a separate view? Do we need to have two views for >>>>>>>> user >>>>>>>> creation and profile in C5 model also? >>>>>>>> >>>>>>>> Any clarification on above matters is appreciated. >>>>>>>> >>>>>>>> Thanks and Regards, >>>>>>>> Prabushi >>>>>>>> >>>>>>>> -- >>>>>>>> *Prabushi Samarakoon* >>>>>>>> Software Engineer >>>>>>>> Mobile: +94715434580 >>>>>>>> Email: [email protected] >>>>>>>> >>>>>>> >>>>>>> [1] https://github.com/wso2/carbon-security/blob/master/comp >>>>>>> onents/org.wso2.carbon.security.caas/src/main/java/org/wso2/ >>>>>>> carbon/security/caas/user/core/bean/User.java#L188 >>>>>>> >>>>>>> Thanks! >>>>>>> >>>>>> >>>>>> >>>>>> Thanks and Regards. >>>>>> -- >>>>>> *Prabushi Samarakoon* >>>>>> Software Engineer >>>>>> Mobile: +94715434580 >>>>>> Email: [email protected] >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Dev mailing list >>>>> [email protected] >>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>>> >>>>> >>>> >>>> >>>> -- >>>> Vinod Kavinda >>>> Software Engineer >>>> *WSO2 Inc. - lean . enterprise . middleware <http://www.wso2.com>.* >>>> Mobile : +94 (0) 712 415544 >>>> Blog : http://soatechflicks.blogspot.com/ >>>> [image: http://wso2.com/signature] >>>> <http://wso2.com/signature> >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> [email protected] >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> >>> >>> -- >>> With regards, >>> *Manu*ranga Perera. >>> >>> phone : 071 7 70 20 50 >>> mail : [email protected] >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> *Thanuja Lakmal* >> Senior Software Engineer >> WSO2 Inc. http://wso2.com/ >> *lean.enterprise.middleware* >> Mobile: +94715979891 +94758009992 >> > > > > -- > Vinod Kavinda > Software Engineer > *WSO2 Inc. - lean . enterprise . middleware <http://www.wso2.com>.* > Mobile : +94 (0) 712 415544 > Blog : http://soatechflicks.blogspot.com/ > [image: http://wso2.com/signature] > <http://wso2.com/signature> > > -- Sajith Janaprasad Ariyarathna Software Engineer; WSO2, Inc.; http://wso2.com/ <https://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
