Re: [Dev] [IS] Clarification on isUserAuthorized method

2016-05-13 Thread Milan Perera 
Hi Tharindu,

Thanks for the info. It worked.

Regards,

On Fri, May 13, 2016 at 12:56 PM, Tharindu Edirisinghe 
wrote:

> Hi Milan,
>
> You can use MultitenantUtils.getTenantAwareUsername [1] method here.
>
> boolean status = authorizationManager.isUserAuthorized(
> *MultitenantUtils.getTenantAwareUsername(username)* , permission,
> UI_EXECUTE);
>
> Then you can obtain the username without the tenant domain out of the
> username you already have that contains the tenant domain.
>
> [1]
> https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/multitenancy/MultitenantUtils.java#L40
>
> Regards,
> TharinduE
>
> On Fri, May 13, 2016 at 12:49 PM, Milan Perera  wrote:
>
>> Hi Tharindu,
>>
>> No, im not using the *RemoteAuthorizationManagerService *admin service.
>> Below is the code snippet which I use.
>>
>>
>> RealmService realmService = 
>> OAuthExtensionsDataHolder.getInstance().getRealmService();
>>
>> AuthorizationManager authorizationManager = 
>> realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
>>
>> String username = accessTokenDO.getAuthzUser.getUserName(); *// this returns 
>> the name with tenant domain, ex: admin@carbon.super*
>>
>> boolean status = authorizationManager.isUserAuthorized(username , 
>> permission, UI_EXECUTE);
>>
>>
>> Is there anything else that I should do here or is there a way to overcome 
>> my initial issue?
>>
>> Thanks,
>>
>>
>> On Fri, May 13, 2016 at 12:25 PM, Tharindu Edirisinghe <
>> tharin...@wso2.com> wrote:
>>
>>> Hi Milan,
>>>
>>> Are you calling the *isUserAuthorized *method in 
>>> *RemoteAuthorizationManagerService
>>> *[1] admin service ? If so you need to send the username without the
>>> tenant domain. The tenant domain of the user is derived by the admin's
>>> tenant domain who calls the admin service.
>>>
>>> [1]
>>> https://localhost:9443/services/RemoteAuthorizationManagerService?wsdl
>>>
>>> Regards,
>>> TharinduE
>>>
>>> On Fri, May 13, 2016 at 11:17 AM, Milan Perera  wrote:
>>>
 Hi all,

 Im using "*isUserAuthorized*" method to check whether a particular
 user has relevant permission.
 However when I pass the username as "*admin@carbon.super*" as a
 parameter, I always get '*false*' and if I pass just "*admin*" it
 returns '*true*'.

 Is this the expected behavior or is there any other way to do that?

 Thanks,
 --
 *Milan Perera *| Software Engineer
 WSO2, Inc | lean. enterprise. middleware.
 #20, Palm Grove, Colombo 03, Sri Lanka
 Mobile: +94 77 309 7088 | Work: +94 11 214 5345
 Email: mi...@wso2.com  | Web: www.wso2.com
 

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>>
>>> Tharindu Edirisinghe
>>> Software Engineer | WSO2 Inc
>>> Platform Security Team
>>> Blog : tharindue.blogspot.com
>>> mobile : +94 775181586
>>>
>>
>>
>>
>> --
>> *Milan Perera *| Software Engineer
>> WSO2, Inc | lean. enterprise. middleware.
>> #20, Palm Grove, Colombo 03, Sri Lanka
>> Mobile: +94 77 309 7088 | Work: +94 11 214 5345
>> Email: mi...@wso2.com  | Web: www.wso2.com
>> 
>>
>
>
>
> --
>
> Tharindu Edirisinghe
> Software Engineer | WSO2 Inc
> Platform Security Team
> Blog : tharindue.blogspot.com
> mobile : +94 775181586
>



-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Clarification on isUserAuthorized method

2016-05-13 Thread Tharindu Edirisinghe 
Hi Milan,

You can use MultitenantUtils.getTenantAwareUsername [1] method here.

boolean status = authorizationManager.isUserAuthorized(
*MultitenantUtils.getTenantAwareUsername(username)* , permission,
UI_EXECUTE);

Then you can obtain the username without the tenant domain out of the
username you already have that contains the tenant domain.

[1]
https://github.com/wso2/carbon-kernel/blob/4.4.x/core/org.wso2.carbon.utils/src/main/java/org/wso2/carbon/utils/multitenancy/MultitenantUtils.java#L40

Regards,
TharinduE

On Fri, May 13, 2016 at 12:49 PM, Milan Perera  wrote:

> Hi Tharindu,
>
> No, im not using the *RemoteAuthorizationManagerService *admin service.
> Below is the code snippet which I use.
>
>
> RealmService realmService = 
> OAuthExtensionsDataHolder.getInstance().getRealmService();
>
> AuthorizationManager authorizationManager = 
> realmService.getTenantUserRealm(tenantId).getAuthorizationManager();
>
> String username = accessTokenDO.getAuthzUser.getUserName(); *// this returns 
> the name with tenant domain, ex: admin@carbon.super*
>
> boolean status = authorizationManager.isUserAuthorized(username , permission, 
> UI_EXECUTE);
>
>
> Is there anything else that I should do here or is there a way to overcome my 
> initial issue?
>
> Thanks,
>
>
> On Fri, May 13, 2016 at 12:25 PM, Tharindu Edirisinghe  > wrote:
>
>> Hi Milan,
>>
>> Are you calling the *isUserAuthorized *method in 
>> *RemoteAuthorizationManagerService
>> *[1] admin service ? If so you need to send the username without the
>> tenant domain. The tenant domain of the user is derived by the admin's
>> tenant domain who calls the admin service.
>>
>> [1]
>> https://localhost:9443/services/RemoteAuthorizationManagerService?wsdl
>>
>> Regards,
>> TharinduE
>>
>> On Fri, May 13, 2016 at 11:17 AM, Milan Perera  wrote:
>>
>>> Hi all,
>>>
>>> Im using "*isUserAuthorized*" method to check whether a particular user
>>> has relevant permission.
>>> However when I pass the username as "*admin@carbon.super*" as a
>>> parameter, I always get '*false*' and if I pass just "*admin*" it
>>> returns '*true*'.
>>>
>>> Is this the expected behavior or is there any other way to do that?
>>>
>>> Thanks,
>>> --
>>> *Milan Perera *| Software Engineer
>>> WSO2, Inc | lean. enterprise. middleware.
>>> #20, Palm Grove, Colombo 03, Sri Lanka
>>> Mobile: +94 77 309 7088 | Work: +94 11 214 5345
>>> Email: mi...@wso2.com  | Web: www.wso2.com
>>> 
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> Tharindu Edirisinghe
>> Software Engineer | WSO2 Inc
>> Platform Security Team
>> Blog : tharindue.blogspot.com
>> mobile : +94 775181586
>>
>
>
>
> --
> *Milan Perera *| Software Engineer
> WSO2, Inc | lean. enterprise. middleware.
> #20, Palm Grove, Colombo 03, Sri Lanka
> Mobile: +94 77 309 7088 | Work: +94 11 214 5345
> Email: mi...@wso2.com  | Web: www.wso2.com
> 
>



-- 

Tharindu Edirisinghe
Software Engineer | WSO2 Inc
Platform Security Team
Blog : tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Clarification on isUserAuthorized method

2016-05-13 Thread Milan Perera 
Hi Tharindu,

No, im not using the *RemoteAuthorizationManagerService *admin service.
Below is the code snippet which I use.


RealmService realmService =
OAuthExtensionsDataHolder.getInstance().getRealmService();

AuthorizationManager authorizationManager =
realmService.getTenantUserRealm(tenantId).getAuthorizationManager();

String username = accessTokenDO.getAuthzUser.getUserName(); *// this
returns the name with tenant domain, ex: admin@carbon.super*

boolean status = authorizationManager.isUserAuthorized(username ,
permission, UI_EXECUTE);


Is there anything else that I should do here or is there a way to
overcome my initial issue?

Thanks,


On Fri, May 13, 2016 at 12:25 PM, Tharindu Edirisinghe 
wrote:

> Hi Milan,
>
> Are you calling the *isUserAuthorized *method in 
> *RemoteAuthorizationManagerService
> *[1] admin service ? If so you need to send the username without the
> tenant domain. The tenant domain of the user is derived by the admin's
> tenant domain who calls the admin service.
>
> [1] https://localhost:9443/services/RemoteAuthorizationManagerService?wsdl
>
> Regards,
> TharinduE
>
> On Fri, May 13, 2016 at 11:17 AM, Milan Perera  wrote:
>
>> Hi all,
>>
>> Im using "*isUserAuthorized*" method to check whether a particular user
>> has relevant permission.
>> However when I pass the username as "*admin@carbon.super*" as a
>> parameter, I always get '*false*' and if I pass just "*admin*" it
>> returns '*true*'.
>>
>> Is this the expected behavior or is there any other way to do that?
>>
>> Thanks,
>> --
>> *Milan Perera *| Software Engineer
>> WSO2, Inc | lean. enterprise. middleware.
>> #20, Palm Grove, Colombo 03, Sri Lanka
>> Mobile: +94 77 309 7088 | Work: +94 11 214 5345
>> Email: mi...@wso2.com  | Web: www.wso2.com
>> 
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
>
> Tharindu Edirisinghe
> Software Engineer | WSO2 Inc
> Platform Security Team
> Blog : tharindue.blogspot.com
> mobile : +94 775181586
>



-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] [IS] Clarification on isUserAuthorized method

2016-05-12 Thread Tharindu Edirisinghe 
Hi Milan,

Are you calling the *isUserAuthorized *method in
*RemoteAuthorizationManagerService
*[1] admin service ? If so you need to send the username without the tenant
domain. The tenant domain of the user is derived by the admin's tenant
domain who calls the admin service.

[1] https://localhost:9443/services/RemoteAuthorizationManagerService?wsdl

Regards,
TharinduE

On Fri, May 13, 2016 at 11:17 AM, Milan Perera  wrote:

> Hi all,
>
> Im using "*isUserAuthorized*" method to check whether a particular user
> has relevant permission.
> However when I pass the username as "*admin@carbon.super*" as a
> parameter, I always get '*false*' and if I pass just "*admin*" it returns
> '*true*'.
>
> Is this the expected behavior or is there any other way to do that?
>
> Thanks,
> --
> *Milan Perera *| Software Engineer
> WSO2, Inc | lean. enterprise. middleware.
> #20, Palm Grove, Colombo 03, Sri Lanka
> Mobile: +94 77 309 7088 | Work: +94 11 214 5345
> Email: mi...@wso2.com  | Web: www.wso2.com
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 

Tharindu Edirisinghe
Software Engineer | WSO2 Inc
Platform Security Team
Blog : tharindue.blogspot.com
mobile : +94 775181586
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

[Dev] [IS] Clarification on isUserAuthorized method

2016-05-12 Thread Milan Perera 
Hi all,

Im using "*isUserAuthorized*" method to check whether a particular user has
relevant permission.
However when I pass the username as "*admin@carbon.super*" as a parameter,
I always get '*false*' and if I pass just "*admin*" it returns '*true*'.

Is this the expected behavior or is there any other way to do that?

Thanks,
-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev