Is there any way to associate custom attributes with a Role in wso2? similar to the way we assign claims for profile.
I understand, we can associate Permissions to the user.
AFAIK, Roles cannot have claims in WSO2 environments. I doubt this is a common requirement. Anything that you are trying to achieve in particular?
Currently, it is not possible to maintain custom attributes with roles. Permissions are always associated to the roles and roles are associated to the user.
Thanks
Isura
Related
Let say you have a User resource. It has many fields. However, not all fields should be allowed to updated by a regular user, but admins should be allowed. Are there any common solutions to this?
E.g. enabled should only be allowed to be updated by using a PUT request if the authorized user is an admin. How should I do this?
Have you heard of spring-security authorization? They have a way of hiding the fields based on the user roles. If your app is large, it makes sense to integrate this.
Lookup for methodlevel security
Domain object security (ACL)
Good article about entity filtering here
http://blog.dejavu.sk/2014/02/04/filtering-jax-rs-entities-with-standard-security-annotations/
The title tries to explain the scenario:
This customer has a login functionality that allows users with the same name but on different locations (stores).
At the login page the user informs userName, password and the required store.
Using Spring Security (with JPA) I created an UserDetailsService implementation but this interface always receive an userName (and the store was essential to differ from another users).
Giving this situation I have two questions:
How do I inform the spring security about the additional field? (store)
How do I implement an UserDetailsService with this info?
Is that even possible? I've been doing some research but the solutions weren't clear.
Thank you guys, you are the best =D
Your question is not all clear to me. Do you have a unique login for multiple stores? Then you don't need to give the store to your UserDetailsService implementation. I would simply load the user information using its username and if the users are not authorized for all the stores, you could use the GrantedAuthority to define where the users is authorized, e.g. ROLE_STORE_ID1, ROLE_STORE_ID2, etc.
If you have multiple stores where users are not shared, then you could simply create a configurable custom implementation of UserDetailsService, instantiate one per store and uses the correct instance depending on the store the user is accessing.
I hope this will help.
I'm working on a project involving several disparate security frameworks that have grown organically over the years. There is an interest in combining the role information without doing any migration to a single LDAP or ActiveDirectory.
Ideally, we need SSO that will consolidate role information from these sources. What is the best way to do this? Do I need multiple LoginModules that use password stacking, and then at what point would I figure out that user "wwkbf" in identity store A is the same as "user8204" in identity store B? How would I resolve problems where "manager" role in identity store A is different from "manager" role in identity store B?
In kind of Separation of Concern write one LoginModule for every identity store.
If you have to separate the roles by identity store create a set of unique (e.g. different package name) Principals and Credentials for each identity store.
Depending on your context the user mapping could be static or dynamic.
Static could be a mapping file or a database containing all userIds for one user. Define which userId is the 'primary' userId (userId used by SSO provided by user). Set this LoginModule at the top of the stack and fill the Subject with all Principals (one for each userId).
Dynamic means the every identity store knows the userId of the following identity store.
How do I conditionally serve different JSON objects from a Spring (3.1) backend? I am using Spring Security but I don't understand how I can serve different representations of an object?
I am only interested in the security logic, the other things I already have in place.
If a user named Sylvester is logged in with the role admin then he will recieve a bigger JSON object (more data) then a Arnold with the role user.
Do I have to use the authentication object see if the user has a particular role? Or are there some annotations or some other magic to do this?
In your logic you need to check current loggedIn user's role, and based on role you can return different response.
Yes you need authentication object, that must be implementing UserDetails interface and should have basic user info including its role/privileges.
This post seems to duplicate this question for the major part. Have a look at it and more precisely at this blog post, which gives a nice solution, but you will probably have to include or adapt 3rd-party code.
I need in my application to get all permissions associated with a specific role with seam ?
I tried with permissionManager.listPermissions but this method gives permissions associated with a specific target and not a specific recipient (role in my case).
Thanks for your help.
this is not possible by default in Seam. However, you can extend your permission store to do this. If you are using the JpaPermissionStore (which in most of the cases is true), you can check this link