On Friday, October 27, 2017, Mushthaq Rumy <musht...@wso2.com> wrote:

> Hi Thanuja,
>
> Thanks for the clarification. One more thing. Is there a way that we can
> avoid specific users to login to the Management Console who has "
> permission/admin/login" permission?
>

Can we identify these users based on their role or some other attribute?



> Thanks & Regards,
> Mushthaq
>
> On Thu, Oct 26, 2017 at 7:28 PM, Thanuja Jayasinghe <than...@wso2.com
> <javascript:_e(%7B%7D,'cvml','than...@wso2.com');>> wrote:
>
>> Hi Mushthaq,
>>
>> UserAccountAssociationService.switchLoggedInUser() service method is
>> only useful for users who has logged in session. Because this feature
>> provides support for switch between associated user accounts in that logged
>> in session. In order to create a session we need to call A
>> uthenticationAdmin.login() and in this service method, we do check
>> whether the user has permission/admin/login permission[1]. So it is a
>> must to have permission/admin/login permission for any user who is using
>> switchLoggedInUser method.
>>
>> I think this gives the rationality for other methods which have the same
>> permission level.
>>
>> [1] - https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.
>> wso2.carbon.core.services/src/main/java/org/wso2/carbon/core
>> /services/authentication/AuthenticationAdmin.java#L110
>>
>> Thanks,
>> Thanuja
>>
>> On Thu, Oct 26, 2017 at 6:18 PM, Mushthaq Rumy <musht...@wso2.com
>> <javascript:_e(%7B%7D,'cvml','musht...@wso2.com');>> wrote:
>>
>>> Hi All,
>>>
>>> Is there a specific reason to have "/permission/admin/login" in some of
>>> the operations in UserAccountAssociationService?
>>>
>>> This permission will allow the users to login to the Management Console
>>> and In case, if someone wants to use these operations of
>>> UserAccountAssociationService in a separate client application and he/she
>>> does not want to the users of this application to login to the Management
>>> Console, what would be the work around and how can we solve this?
>>>
>>> Your thoughts on this is highly appreciated.
>>>
>>> Thanks & Regards,
>>> Mushthaq
>>> --
>>> Mushthaq Rumy
>>> *Software Engineer*
>>> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
>>> Email : musht...@wso2.com
>>> <javascript:_e(%7B%7D,'cvml','musht...@wso2.com');>
>>> WSO2, Inc.; http://wso2.com/
>>> lean . enterprise . middleware.
>>>
>>> <http://wso2.com/signature>
>>>
>>
>>
>>
>> --
>> *Thanuja Lakmal*
>> Associate Technical Lead
>> WSO2 Inc. http://wso2.com/
>> *lean.enterprise.middleware*
>> Mobile: +94715979891
>>
>
>
>
> --
> Mushthaq Rumy
> *Software Engineer*
> Mobile : +94 (0) 779 492140 <%2B94%20%280%29%20773%20451194>
> Email : musht...@wso2.com
> <javascript:_e(%7B%7D,'cvml','musht...@wso2.com');>
> WSO2, Inc.; http://wso2.com/
> lean . enterprise . middleware.
>
> <http://wso2.com/signature>
>


-- 
Farasath Ahamed
Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: +94777603866
Blog: blog.farazath.com
Twitter: @farazath619 <https://twitter.com/farazath619>
<http://wso2.com/signature>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to