Hi Jens,
There are several options. But I personally believe that you should put
the user-manager jar in to the esb lib directory and you are ready to
go. If not you can write a custom assembly script to create the jar file
of your mediator, which is not that easy. You may need to look at the
synapse distribution assembly file (bin.xml) if you have chosen the former.
Thanks,
Ruwan
Jens Goldhammer wrote:
Hello Ruwan,
how can I include the usermanager-core-jar into the generated jar-file
by using the pom-file? Or should I put the required libs like
usermanager into the esb-lib-directory?
I have tried to change the scope of the dependcy, but I don´t think
that´s the right way. Maybe I should buy a book which explains maven2.
Can you advise me one?
Thanks,
Jens
Ruwan Linton schrieb:
Hi Jens,
Find my comments inline,
Jens Goldhammer wrote:
Hello Ruwan,
how can I integrate that url into my pom-file? Or is this configured
maven-wide?
You have to specify the usermanager as a dependency in the pom file
as follows;
<dependencies>
<dependency>
<groupId>org.wso2.commons.usermanager</groupId>
<artifactId>usermanager-core</artifactId>
<version>SNAPSHOT</version>
</dependency>
</dependencies>
Further, you need to add the wso2-m2 repository in to the list of
repositories in the pom.xml as follows;
<repositories>
<repository>
<id>wso2-m2</id>
<name>WSO2 Maven 2 Repository</name>
<url>http://dist.wso2.org/maven2/</url>
<releases>
<updatePolicy>never</updatePolicy>
</releases>
<snapshots>
<updatePolicy>daily</updatePolicy>
</snapshots>
</repository>
</repositories>
yes, you are right- I want to build a role based authentification
with caching-mechanism!
My ideas are:
- change the usermanager to provide permissions for a role/user on
service and/or operation level. Maybe I can use the ressource and
action column of the permissions table.
- determine in the mediation which service is used by looking at the
provided published wsdl or by looking at the soap-message. What do
you think is better?
I think it is better to look at the soap message because publish wsdl
does not guarantee the fact that a particular message is going to
that service. Basically even though you publish a WSDL from the ESB
point you can post any valid soap message to that proxy service.
I think I have to look which service the user wants to call, or is
this a wrong approach?
yeah you are right. (or may be the operation if on the operation level)
- extract the user-crediantials of the ws-security-header and proof
if he is authorized. (by looking first at the user-permissions- if
they are not provided at the role-permissions)
- if no security header is used, I can inspect the http-header with
basic authentification. Do I have access to it from the messageContext?
Yes, you do have access to the transport headers from the synapse
message context
Axis2MessageContext axis2smc = (Axis2MessageContext) synCtx;
org.apache.axis2.context.MessageContext axis2MessageCtx =
axis2smc.getAxis2MessageContext();
Object headers =
axis2MessageCtx.getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
- maybe the used mechanism can be configured by a property...
That sounds good, so that it is configurable.
- if no user-information is provided, the role based
authentification cannot be used- fault back to the client...
- give back a fault if the permission for the user has not been found
Any other ideas from your side?
I think this idea is fine may be Dimuthu can add some comments on the
UM side.
Thanks,
Ruwan
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
