incubator-syncope-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Users & roles
Date Fri, 30 Mar 2012 13:09:53 GMT
Hi Fabio,

> Further, you have the method verifyPassword provided by UserController that
> could be used to verify userid/password.
> This method, for security reason can be called only by a user with USER_READ
> capability.

Consider the use-case as mentioned by Bob, where you have a third
party application which receives login credentials and wishes to
authenticate the user, and retrieve the roles associated with that
user for authorization. If the application logs on with the received
username/password, then it is assuming that the given user has a
USER_READ entitlement. IMO the application would log on with its own
credentials, and wish to authenticate the given username/password via
some kind of "authenticateUser" method as I mentioned before.

Do you see a use-case for this kind of functionality or am I missing something?

> Actually users have only the roles explicitly assigned.

The question is whether it is possible to easily retrieve the
hierarchy of roles for a particular user (or the authenticated user)?

Thanks,

Colm.

Mime
View raw message