Hello Ruwan,
how can I integrate that url into my pom-file? Or is this configured
maven-wide?
yes, you are right- I want to build a role based authentification with
caching-mechanism!
My ideas are:
- change the usermanager to provide permissions for a role/user on
service and/or operation level. Maybe I can use the ressource and action
column of the permissions table.
- determine in the mediation which service is used by looking at the
provided published wsdl or by looking at the soap-message. What do you
think is better?
I think I have to look which service the user wants to call, or is this
a wrong approach?
- extract the user-crediantials of the ws-security-header and proof if
he is authorized. (by looking first at the user-permissions- if they are
not provided at the role-permissions)
- if no security header is used, I can inspect the http-header with
basic authentification. Do I have access to it from the messageContext?
- maybe the used mechanism can be configured by a property...
- if no user-information is provided, the role based authentification
cannot be used- fault back to the client...
- give back a fault if the permission for the user has not been found
Any other ideas from your side?
Jens
Ruwan Linton schrieb:
Hi Jens,
I think it is OK to host the jar files, but wonder why you didn't get
these online, because the usermanager jar files are available under
the wso2 maven2 repository :-(
http://dist.wso2.org/maven2/org/wso2/commons/usermanager/usermanager-core/
BTW: what you are trying to do is absolutely fine from my point of
view, I think what you are trying to do is enabling the Role based
authentication, isn't it?
Thanks,
Ruwan
Jens Goldhammer wrote:
Hello,
I have tried the mediator examples with StockQuote
(http://wso2.org/library/2936), builded it with maven and run it...
Very well so far!
Now I want to integrate the wso2 common usermanager libs into my own
mediation component because I want to use it for my proxy services...
How can I do that with maven? I cannot make a dependcy to it because
the libs are not online. Can I put it into the maven repository on my
environment?
Sorry, I am totally new to Maven!
I want to write a mediator which authentificates a user (maybe I will
do this by ws-security) and want to proof if the user is allowed to
do that action.
Do you think it make sense?
Thanks,
Jens
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
