directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Pike <clp...@psu.edu>
Subject Re: Auth Anon Roles
Date Fri, 07 Apr 2017 10:59:39 GMT
I can handle this in our service pretty easily.

1. Add properties to roles (giveAnonymous, giveAuthenticated)
2. In our endpoint that returns roles for a user, add those extra roles as appropriate

I will probably end up doing this for the time being. I think the same sort of thing could
be done in the fotress API, but not sure how that affects the RBAC standard.



----- Original Message -----
From: "Shawn McKinney" <smckinney@apache.org>
To: fortress@directory.apache.org
Sent: Thursday, April 6, 2017 11:48:16 PM
Subject: Re: Auth Anon Roles

The javadoc describes usage of the authN validator:

http://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/util/AuthNValidator.html

Again, the role still must be assigned.  But there is no need to set a property on the role.
 You would need to extend this class for each role that has constraint based on their authentication
status -- authenticated or not.

> On Apr 6, 2017, at 10:31 PM, Shawn McKinney <smckinney@apache.org> wrote:
> 
> 
>> On Apr 6, 2017, at 9:25 AM, Chris Pike <clp207@psu.edu> wrote:
>> 
>> Was looking back at this issue (https://issues.apache.org/jira/browse/FC-127) and
this conversation (http://mail-archives.apache.org/mod_mbox/directory-fortress/201512.mbox/browser).
> 
> As it turns out, FC-127 was implemented.  The validator is here:
> 
> https://github.com/apache/directory-fortress-core/blob/master/src/main/java/org/apache/directory/fortress/core/util/AuthNValidator.java
> 
> By reading the ticket it’s clear that we coded what I mentioned a few hours ago.  So
the good news is I’m consistent, the bad news (for me) is that I completely forgot that
this code had actually been implemented.  
> 
> :-)
> 
> Shawn

Mime
View raw message