You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by anmols <an...@gmail.com> on 2020/09/01 17:04:25 UTC
Events for privilege updates
Hello SMEs,
I am new to Apache Syncope and I'm planning to use it for users and
permissions management for third-party applications.
I am trying to model permissions for these applications as privileges that
are associated with roles assigned to a set to users/groups as described
here <http://syncope.apache.org/docs/2.1/reference-guide.html#privileges> .
I want to trigger some custom logic every time that:
a.) A user gets added to/updated with/deleted from a role assignment.
b.) A privilege that is associated with certain role(s) gets updated.
I am able to do (a.) using a custom implementation of LogicActions as
described here
<http://syncope.apache.org/docs/2.1/reference-guide.html#logicactions> in
the reference doc.
I am wondering what is the best way to achieve (b.), i.e. how can I receive
a notification if the privileges for an application are updated such that I
can execute some custom logic?
I read through the Notification
<http://syncope.apache.org/docs/2.1/reference-guide.html#notifications>
mechanism that is oriented towards sending emails but could not find an
appropriate entry point.
I think I'm essentially looking for a LogicActions like hook for third-party
application privileges.
Thanks,
Anmol
--
Sent from: http://syncope-user.1051894.n5.nabble.com/
Re: Events for privilege updates
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 22/09/20 09:23, Anmol Sharma wrote:
> Hi Francisco,
>
> I was able to verify that adding these annotations works and helps me intercept the logic layer for application privilege updates.
Glad to hear this!
> On Wed, Sep 9, 2020, 4:29 AM Francesco Chicchiriccò <ilgrosso@apache.org <ma...@apache.org>> wrote:
>
> Hi Anmol,
> thanks for reporting the error message. So ,the simplest solution should be to define your own class
>
> core/src/main/java/org/apache/syncope/core/logic/MyOwnCoolHandler.java
>
> not extending any other class. Ensure to annotate as
>
> @Aspect
> @Component
>
> Essentially, you are defining an additional Aspect, which should not interfere with LogicInvocationHandler.
>
> Please let me know if this approach works.
> Regards.
>
> On 08/09/20 19:09, Anmol Sharma wrote:
>> Hi Franceso,
>>
>> As I'd mentioned in my previous message, it is my understanding that an Aspect can not extend a concrete Aspect. I tried doing as you suggested and extended the /LogicInvocationHandler/ to /CustomLogicInvocationHandler/ and I see the following error:
>>
>> Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0': BeanPostProcessor before instantiation of bean failed; *nested exception is org.springframework.aop.framework.AopConfigException*: [org.apache.syncope.core.logic.CustomLogicInvocationHandler] *cannot extend concrete aspect* [org.apache.syncope.core.logic.LogicInvocationHandler]
>>
>> Do you think there could be a workaround here or is hijacking /LogicInvocationHandler/ the only option under this circumstance?
>>
>> Thanks,
>> Anmol
>>
>> On Sat, 5 Sep 2020 at 12:06, Francesco Chicchiriccò <ilgrosso@apache.org <ma...@apache.org>> wrote:
>>
>> On 03/09/20 17:31, Anmol Sharma wrote:
>>> Hi Franceso,
>>>
>>> I do not have much experience with AOP but I experimented with it and added a section to [2] to establish some logic to run after [1] as you suggested. I am able to intercept any updates made to privileges after that ApplicationLogic.update method has returned.
>>>
>>> Here is the code block I added to [2]:
>>> @AfterReturning(pointcut = "execution(* org.apache.syncope.core.logic.ApplicationLogic.update(..))", returning = "retVal")
>>> public void after(Object retVal) throws Throwable {
>>> LOG.info("After logic cut executed for jointPoint ApplicationUpdate: "+ retVal.toString()); }
>>>
>>> While this seems like a feasible solution, I had to override /org.apache.syncope.core.logic.LogicInvocationHandler/ in my project as suggested here <http://syncope.apache.org/docs/reference-guide.html#customization>.
>>>
>>> I now have the following questions:
>>> (a.) Ideally, I'd like to avoid managing upstream code and only extend upstream logic with customizations. However, it is my understanding that an Aspect can not extend a concrete Aspect such as LogicInvocationHandler. Do you have suggestions on a workaround? Is there a way I can register multiple Aspects in logicContext.xml bean initialization?
>>
>> There is no need to hijack LogicInvocationHandler; just define your own
>>
>> core/src/main/java/org/apache/syncope/core/logic/MyOwnCoolHandler.java
>>
>> let it extend LogicInvocationHandler and ensure to set
>>
>> logicInvocationHandler=org.apache.syncope.core.logic.MyOwnCoolHandler
>>
>> in core/src/main/resources/logic.properties
>>
>>> (b.) Longer term, do you think there is merit in having an issue track having a ApplicationTO tracked as an EntityTOType or having some mechanism to support LogicActions on Applications?
>>
>> Honestly, this is the first time we hear such requirement, so I really don't know if this is going to happen anytime soon.
>>
>> Regards.
>>
>>> [1] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
>>> [2] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
>>>
>>> Anmol
>>>
>>> On Wed, 2 Sep 2020 at 12:45, Francesco Chicchiriccò <ilgrosso@apache.org <ma...@apache.org>> wrote:
>>>
>>> On 01/09/20 19:04, anmols wrote:
>>> > Hello SMEs,
>>> >
>>> > I am new to Apache Syncope and I'm planning to use it for users and
>>> > permissions management for third-party applications.
>>> >
>>> > I am trying to model permissions for these applications as privileges that
>>> > are associated with roles assigned to a set to users/groups as described
>>> > here <http://syncope.apache.org/docs/2.1/reference-guide.html#privileges> .
>>> >
>>> > I want to trigger some custom logic every time that:
>>> > a.) A user gets added to/updated with/deleted from a role assignment.
>>> > b.) A privilege that is associated with certain role(s) gets updated.
>>> >
>>> > I am able to do (a.) using a custom implementation of LogicActions as
>>> > described here
>>> > <http://syncope.apache.org/docs/2.1/reference-guide.html#logicactions> in
>>> > the reference doc.
>>> >
>>> > I am wondering what is the best way to achieve (b.), i.e. how can I receive
>>> > a notification if the privileges for an application are updated such that I
>>> > can execute some custom logic?
>>> >
>>> > I read through the Notification
>>> > <http://syncope.apache.org/docs/2.1/reference-guide.html#notifications>
>>> > mechanism that is oriented towards sending emails but could not find an
>>> > appropriate entry point.
>>> >
>>> > I think I'm essentially looking for a LogicActions like hook for third-party
>>> > application privileges.
>>>
>>> Hi Anmol,
>>> it seems you went quite some far, good! :-)
>>>
>>> As you have already found out, there is no (yet?) "standard" and clean way to achieve (b).
>>>
>>> If you have some confidence with AOP, the first thing coming to my mind would be to define a logic cut around method [1], similar to what [2] does, but more retailed to [1].
>>>
>>> Does it sound as feasible?
>>> Regards.
>>>
>>> [1] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
>>> [2] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
>>>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Events for privilege updates
Posted by Anmol Sharma <an...@gmail.com>.
Hi Francisco,
I was able to verify that adding these annotations works and helps me
intercept the logic layer for application privilege updates.
Thanks
Anmol
On Wed, Sep 9, 2020, 4:29 AM Francesco Chicchiriccò <il...@apache.org>
wrote:
> Hi Anmol,
> thanks for reporting the error message. So ,the simplest solution should
> be to define your own class
>
> core/src/main/java/org/apache/syncope/core/logic/MyOwnCoolHandler.java
>
> not extending any other class. Ensure to annotate as
>
> @Aspect
> @Component
>
> Essentially, you are defining an additional Aspect, which should not
> interfere with LogicInvocationHandler.
>
> Please let me know if this approach works.
> Regards.
>
> On 08/09/20 19:09, Anmol Sharma wrote:
>
> Hi Franceso,
>
> As I'd mentioned in my previous message, it is my understanding that an
> Aspect can not extend a concrete Aspect. I tried doing as you suggested and
> extended the *LogicInvocationHandler* to *CustomLogicInvocationHandler*
> and I see the following error:
>
> Caused by: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name
> 'org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0':
> BeanPostProcessor before instantiation of bean failed; *nested exception
> is org.springframework.aop.framework.AopConfigException*:
> [org.apache.syncope.core.logic.CustomLogicInvocationHandler] *cannot
> extend concrete aspect*
> [org.apache.syncope.core.logic.LogicInvocationHandler]
>
> Do you think there could be a workaround here or is hijacking
> *LogicInvocationHandler* the only option under this circumstance?
>
> Thanks,
> Anmol
>
> On Sat, 5 Sep 2020 at 12:06, Francesco Chicchiriccò <il...@apache.org>
> wrote:
>
>> On 03/09/20 17:31, Anmol Sharma wrote:
>>
>> Hi Franceso,
>>
>> I do not have much experience with AOP but I experimented with it
>> and added a section to [2] to establish some logic to run after [1] as you
>> suggested. I am able to intercept any updates made to privileges after
>> that ApplicationLogic.update method has returned.
>>
>> Here is the code block I added to [2]:
>>
>> @AfterReturning(pointcut = "execution(* org.apache.syncope.core.logic.ApplicationLogic.update(..))", returning = "retVal")public void after(Object retVal) throws Throwable {
>> LOG.info("After logic cut executed for jointPoint ApplicationUpdate: "+ retVal.toString());}
>>
>>
>> While this seems like a feasible solution, I had to override
>> *org.apache.syncope.core.logic.LogicInvocationHandler* in my project as
>> suggested here
>> <http://syncope.apache.org/docs/reference-guide.html#customization>.
>>
>> I now have the following questions:
>> (a.) Ideally, I'd like to avoid managing upstream code and only extend
>> upstream logic with customizations. However, it is my understanding that an
>> Aspect can not extend a concrete Aspect such as LogicInvocationHandler. Do
>> you have suggestions on a workaround? Is there a way I can register
>> multiple Aspects in logicContext.xml bean initialization?
>>
>> There is no need to hijack LogicInvocationHandler; just define your own
>>
>> core/src/main/java/org/apache/syncope/core/logic/MyOwnCoolHandler.java
>>
>> let it extend LogicInvocationHandler and ensure to set
>>
>> logicInvocationHandler=org.apache.syncope.core.logic.MyOwnCoolHandler
>>
>> in core/src/main/resources/logic.properties
>>
>> (b.) Longer term, do you think there is merit in having an issue track
>> having a ApplicationTO tracked as an EntityTOType or having some mechanism
>> to support LogicActions on Applications?
>>
>> Honestly, this is the first time we hear such requirement, so I really
>> don't know if this is going to happen anytime soon.
>>
>> Regards.
>>
>> [1]
>> https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
>> [2]
>> https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
>>
>> Anmol
>>
>> On Wed, 2 Sep 2020 at 12:45, Francesco Chicchiriccò <il...@apache.org>
>> wrote:
>>
>>> On 01/09/20 19:04, anmols wrote:
>>> > Hello SMEs,
>>> >
>>> > I am new to Apache Syncope and I'm planning to use it for users and
>>> > permissions management for third-party applications.
>>> >
>>> > I am trying to model permissions for these applications as privileges
>>> that
>>> > are associated with roles assigned to a set to users/groups as
>>> described
>>> > here <
>>> http://syncope.apache.org/docs/2.1/reference-guide.html#privileges> .
>>> >
>>> > I want to trigger some custom logic every time that:
>>> > a.) A user gets added to/updated with/deleted from a role assignment.
>>> > b.) A privilege that is associated with certain role(s) gets updated.
>>> >
>>> > I am able to do (a.) using a custom implementation of LogicActions as
>>> > described here
>>> > <http://syncope.apache.org/docs/2.1/reference-guide.html#logicactions>
>>> in
>>> > the reference doc.
>>> >
>>> > I am wondering what is the best way to achieve (b.), i.e. how can I
>>> receive
>>> > a notification if the privileges for an application are updated such
>>> that I
>>> > can execute some custom logic?
>>> >
>>> > I read through the Notification
>>> > <http://syncope.apache.org/docs/2.1/reference-guide.html#notifications>
>>>
>>> > mechanism that is oriented towards sending emails but could not find an
>>> > appropriate entry point.
>>> >
>>> > I think I'm essentially looking for a LogicActions like hook for
>>> third-party
>>> > application privileges.
>>>
>>> Hi Anmol,
>>> it seems you went quite some far, good! :-)
>>>
>>> As you have already found out, there is no (yet?) "standard" and clean
>>> way to achieve (b).
>>>
>>> If you have some confidence with AOP, the first thing coming to my mind
>>> would be to define a logic cut around method [1], similar to what [2] does,
>>> but more retailed to [1].
>>>
>>> Does it sound as feasible?
>>> Regards.
>>>
>>> [1]
>>> https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
>>> [2]
>>> https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
>>
>> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellencehttp://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMailhttp://home.apache.org/~ilgrosso/
>
>
Re: Events for privilege updates
Posted by Francesco Chicchiriccò <il...@apache.org>.
Hi Anmol,
thanks for reporting the error message. So ,the simplest solution should be to define your own class
core/src/main/java/org/apache/syncope/core/logic/MyOwnCoolHandler.java
not extending any other class. Ensure to annotate as
@Aspect
@Component
Essentially, you are defining an additional Aspect, which should not interfere with LogicInvocationHandler.
Please let me know if this approach works.
Regards.
On 08/09/20 19:09, Anmol Sharma wrote:
> Hi Franceso,
>
> As I'd mentioned in my previous message, it is my understanding that an Aspect can not extend a concrete Aspect. I tried doing as you suggested and extended the /LogicInvocationHandler/ to /CustomLogicInvocationHandler/ and I see the following error:
>
> Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0': BeanPostProcessor before instantiation of bean failed; *nested exception is org.springframework.aop.framework.AopConfigException*: [org.apache.syncope.core.logic.CustomLogicInvocationHandler] *cannot extend concrete aspect* [org.apache.syncope.core.logic.LogicInvocationHandler]
>
> Do you think there could be a workaround here or is hijacking /LogicInvocationHandler/ the only option under this circumstance?
>
> Thanks,
> Anmol
>
> On Sat, 5 Sep 2020 at 12:06, Francesco Chicchiriccò <ilgrosso@apache.org <ma...@apache.org>> wrote:
>
> On 03/09/20 17:31, Anmol Sharma wrote:
>> Hi Franceso,
>>
>> I do not have much experience with AOP but I experimented with it and added a section to [2] to establish some logic to run after [1] as you suggested. I am able to intercept any updates made to privileges after that ApplicationLogic.update method has returned.
>>
>> Here is the code block I added to [2]:
>> @AfterReturning(pointcut = "execution(* org.apache.syncope.core.logic.ApplicationLogic.update(..))", returning = "retVal")
>> public void after(Object retVal) throws Throwable {
>> LOG.info("After logic cut executed for jointPoint ApplicationUpdate: "+ retVal.toString()); }
>>
>> While this seems like a feasible solution, I had to override /org.apache.syncope.core.logic.LogicInvocationHandler/ in my project as suggested here <http://syncope.apache.org/docs/reference-guide.html#customization>.
>>
>> I now have the following questions:
>> (a.) Ideally, I'd like to avoid managing upstream code and only extend upstream logic with customizations. However, it is my understanding that an Aspect can not extend a concrete Aspect such as LogicInvocationHandler. Do you have suggestions on a workaround? Is there a way I can register multiple Aspects in logicContext.xml bean initialization?
>
> There is no need to hijack LogicInvocationHandler; just define your own
>
> core/src/main/java/org/apache/syncope/core/logic/MyOwnCoolHandler.java
>
> let it extend LogicInvocationHandler and ensure to set
>
> logicInvocationHandler=org.apache.syncope.core.logic.MyOwnCoolHandler
>
> in core/src/main/resources/logic.properties
>
>> (b.) Longer term, do you think there is merit in having an issue track having a ApplicationTO tracked as an EntityTOType or having some mechanism to support LogicActions on Applications?
>
> Honestly, this is the first time we hear such requirement, so I really don't know if this is going to happen anytime soon.
>
> Regards.
>
>> [1] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
>> [2] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
>>
>> Anmol
>>
>> On Wed, 2 Sep 2020 at 12:45, Francesco Chicchiriccò <ilgrosso@apache.org <ma...@apache.org>> wrote:
>>
>> On 01/09/20 19:04, anmols wrote:
>> > Hello SMEs,
>> >
>> > I am new to Apache Syncope and I'm planning to use it for users and
>> > permissions management for third-party applications.
>> >
>> > I am trying to model permissions for these applications as privileges that
>> > are associated with roles assigned to a set to users/groups as described
>> > here <http://syncope.apache.org/docs/2.1/reference-guide.html#privileges> .
>> >
>> > I want to trigger some custom logic every time that:
>> > a.) A user gets added to/updated with/deleted from a role assignment.
>> > b.) A privilege that is associated with certain role(s) gets updated.
>> >
>> > I am able to do (a.) using a custom implementation of LogicActions as
>> > described here
>> > <http://syncope.apache.org/docs/2.1/reference-guide.html#logicactions> in
>> > the reference doc.
>> >
>> > I am wondering what is the best way to achieve (b.), i.e. how can I receive
>> > a notification if the privileges for an application are updated such that I
>> > can execute some custom logic?
>> >
>> > I read through the Notification
>> > <http://syncope.apache.org/docs/2.1/reference-guide.html#notifications>
>> > mechanism that is oriented towards sending emails but could not find an
>> > appropriate entry point.
>> >
>> > I think I'm essentially looking for a LogicActions like hook for third-party
>> > application privileges.
>>
>> Hi Anmol,
>> it seems you went quite some far, good! :-)
>>
>> As you have already found out, there is no (yet?) "standard" and clean way to achieve (b).
>>
>> If you have some confidence with AOP, the first thing coming to my mind would be to define a logic cut around method [1], similar to what [2] does, but more retailed to [1].
>>
>> Does it sound as feasible?
>> Regards.
>>
>> [1] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
>> [2] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
>>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Events for privilege updates
Posted by Anmol Sharma <an...@gmail.com>.
Hi Franceso,
As I'd mentioned in my previous message, it is my understanding that an
Aspect can not extend a concrete Aspect. I tried doing as you suggested and
extended the *LogicInvocationHandler* to *CustomLogicInvocationHandler* and
I see the following error:
Caused by: org.springframework.beans.factory.BeanCreationException: Error
creating bean with name
'org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0':
BeanPostProcessor before instantiation of bean failed; *nested exception is
org.springframework.aop.framework.AopConfigException*:
[org.apache.syncope.core.logic.CustomLogicInvocationHandler] *cannot extend
concrete aspect* [org.apache.syncope.core.logic.LogicInvocationHandler]
Do you think there could be a workaround here or is hijacking
*LogicInvocationHandler* the only option under this circumstance?
Thanks,
Anmol
On Sat, 5 Sep 2020 at 12:06, Francesco Chicchiriccò <il...@apache.org>
wrote:
> On 03/09/20 17:31, Anmol Sharma wrote:
>
> Hi Franceso,
>
> I do not have much experience with AOP but I experimented with it
> and added a section to [2] to establish some logic to run after [1] as you
> suggested. I am able to intercept any updates made to privileges after
> that ApplicationLogic.update method has returned.
>
> Here is the code block I added to [2]:
>
> @AfterReturning(pointcut = "execution(* org.apache.syncope.core.logic.ApplicationLogic.update(..))", returning = "retVal")public void after(Object retVal) throws Throwable {
> LOG.info("After logic cut executed for jointPoint ApplicationUpdate: "+ retVal.toString());}
>
>
> While this seems like a feasible solution, I had to override
> *org.apache.syncope.core.logic.LogicInvocationHandler* in my project as
> suggested here
> <http://syncope.apache.org/docs/reference-guide.html#customization>.
>
> I now have the following questions:
> (a.) Ideally, I'd like to avoid managing upstream code and only extend
> upstream logic with customizations. However, it is my understanding that an
> Aspect can not extend a concrete Aspect such as LogicInvocationHandler. Do
> you have suggestions on a workaround? Is there a way I can register
> multiple Aspects in logicContext.xml bean initialization?
>
> There is no need to hijack LogicInvocationHandler; just define your own
>
> core/src/main/java/org/apache/syncope/core/logic/MyOwnCoolHandler.java
>
> let it extend LogicInvocationHandler and ensure to set
>
> logicInvocationHandler=org.apache.syncope.core.logic.MyOwnCoolHandler
>
> in core/src/main/resources/logic.properties
>
> (b.) Longer term, do you think there is merit in having an issue track
> having a ApplicationTO tracked as an EntityTOType or having some mechanism
> to support LogicActions on Applications?
>
> Honestly, this is the first time we hear such requirement, so I really
> don't know if this is going to happen anytime soon.
>
> Regards.
>
> [1]
> https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
> [2]
> https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
>
> Anmol
>
> On Wed, 2 Sep 2020 at 12:45, Francesco Chicchiriccò <il...@apache.org>
> wrote:
>
>> On 01/09/20 19:04, anmols wrote:
>> > Hello SMEs,
>> >
>> > I am new to Apache Syncope and I'm planning to use it for users and
>> > permissions management for third-party applications.
>> >
>> > I am trying to model permissions for these applications as privileges
>> that
>> > are associated with roles assigned to a set to users/groups as
>> described
>> > here <
>> http://syncope.apache.org/docs/2.1/reference-guide.html#privileges> .
>> >
>> > I want to trigger some custom logic every time that:
>> > a.) A user gets added to/updated with/deleted from a role assignment.
>> > b.) A privilege that is associated with certain role(s) gets updated.
>> >
>> > I am able to do (a.) using a custom implementation of LogicActions as
>> > described here
>> > <http://syncope.apache.org/docs/2.1/reference-guide.html#logicactions>
>> in
>> > the reference doc.
>> >
>> > I am wondering what is the best way to achieve (b.), i.e. how can I
>> receive
>> > a notification if the privileges for an application are updated such
>> that I
>> > can execute some custom logic?
>> >
>> > I read through the Notification
>> > <http://syncope.apache.org/docs/2.1/reference-guide.html#notifications>
>>
>> > mechanism that is oriented towards sending emails but could not find an
>> > appropriate entry point.
>> >
>> > I think I'm essentially looking for a LogicActions like hook for
>> third-party
>> > application privileges.
>>
>> Hi Anmol,
>> it seems you went quite some far, good! :-)
>>
>> As you have already found out, there is no (yet?) "standard" and clean
>> way to achieve (b).
>>
>> If you have some confidence with AOP, the first thing coming to my mind
>> would be to define a logic cut around method [1], similar to what [2] does,
>> but more retailed to [1].
>>
>> Does it sound as feasible?
>> Regards.
>>
>> [1]
>> https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
>> [2]
>> https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellencehttp://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMailhttp://home.apache.org/~ilgrosso/
>
>
--
- Anmol
Re: Events for privilege updates
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 03/09/20 17:31, Anmol Sharma wrote:
> Hi Franceso,
>
> I do not have much experience with AOP but I experimented with it and added a section to [2] to establish some logic to run after [1] as you suggested. I am able to intercept any updates made to privileges after that ApplicationLogic.update method has returned.
>
> Here is the code block I added to [2]:
> @AfterReturning(pointcut = "execution(* org.apache.syncope.core.logic.ApplicationLogic.update(..))", returning = "retVal")
> public void after(Object retVal) throws Throwable {
> LOG.info("After logic cut executed for jointPoint ApplicationUpdate: "+ retVal.toString()); }
>
> While this seems like a feasible solution, I had to override /org.apache.syncope.core.logic.LogicInvocationHandler/ in my project as suggested here <http://syncope.apache.org/docs/reference-guide.html#customization>.
>
> I now have the following questions:
> (a.) Ideally, I'd like to avoid managing upstream code and only extend upstream logic with customizations. However, it is my understanding that an Aspect can not extend a concrete Aspect such as LogicInvocationHandler. Do you have suggestions on a workaround? Is there a way I can register multiple Aspects in logicContext.xml bean initialization?
There is no need to hijack LogicInvocationHandler; just define your own
core/src/main/java/org/apache/syncope/core/logic/MyOwnCoolHandler.java
let it extend LogicInvocationHandler and ensure to set
logicInvocationHandler=org.apache.syncope.core.logic.MyOwnCoolHandler
in core/src/main/resources/logic.properties
> (b.) Longer term, do you think there is merit in having an issue track having a ApplicationTO tracked as an EntityTOType or having some mechanism to support LogicActions on Applications?
Honestly, this is the first time we hear such requirement, so I really don't know if this is going to happen anytime soon.
Regards.
> [1] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
> [2] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
>
> Anmol
>
> On Wed, 2 Sep 2020 at 12:45, Francesco Chicchiriccò <ilgrosso@apache.org <ma...@apache.org>> wrote:
>
> On 01/09/20 19:04, anmols wrote:
> > Hello SMEs,
> >
> > I am new to Apache Syncope and I'm planning to use it for users and
> > permissions management for third-party applications.
> >
> > I am trying to model permissions for these applications as privileges that
> > are associated with roles assigned to a set to users/groups as described
> > here <http://syncope.apache.org/docs/2.1/reference-guide.html#privileges> .
> >
> > I want to trigger some custom logic every time that:
> > a.) A user gets added to/updated with/deleted from a role assignment.
> > b.) A privilege that is associated with certain role(s) gets updated.
> >
> > I am able to do (a.) using a custom implementation of LogicActions as
> > described here
> > <http://syncope.apache.org/docs/2.1/reference-guide.html#logicactions> in
> > the reference doc.
> >
> > I am wondering what is the best way to achieve (b.), i.e. how can I receive
> > a notification if the privileges for an application are updated such that I
> > can execute some custom logic?
> >
> > I read through the Notification
> > <http://syncope.apache.org/docs/2.1/reference-guide.html#notifications>
> > mechanism that is oriented towards sending emails but could not find an
> > appropriate entry point.
> >
> > I think I'm essentially looking for a LogicActions like hook for third-party
> > application privileges.
>
> Hi Anmol,
> it seems you went quite some far, good! :-)
>
> As you have already found out, there is no (yet?) "standard" and clean way to achieve (b).
>
> If you have some confidence with AOP, the first thing coming to my mind would be to define a logic cut around method [1], similar to what [2] does, but more retailed to [1].
>
> Does it sound as feasible?
> Regards.
>
> [1] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
> [2] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Re: Events for privilege updates
Posted by Anmol Sharma <an...@gmail.com>.
Hi Franceso,
I do not have much experience with AOP but I experimented with it and added
a section to [2] to establish some logic to run after [1] as you suggested.
I am able to intercept any updates made to privileges after
that ApplicationLogic.update method has returned.
Here is the code block I added to [2]:
@AfterReturning(pointcut = "execution(*
org.apache.syncope.core.logic.ApplicationLogic.update(..))",
returning = "retVal")
public void after(Object retVal) throws Throwable {
LOG.info("After logic cut executed for jointPoint
ApplicationUpdate: "+ retVal.toString());
}
While this seems like a feasible solution, I had to override
*org.apache.syncope.core.logic.LogicInvocationHandler* in my project as
suggested here
<http://syncope.apache.org/docs/reference-guide.html#customization>.
I now have the following questions:
(a.) Ideally, I'd like to avoid managing upstream code and only extend
upstream logic with customizations. However, it is my understanding that an
Aspect can not extend a concrete Aspect such as LogicInvocationHandler. Do
you have suggestions on a workaround? Is there a way I can register
multiple Aspects in logicContext.xml bean initialization?
(b.) Longer term, do you think there is merit in having an issue track
having a ApplicationTO tracked as an EntityTOType or having some mechanism
to support LogicActions on Applications?
Regards,
[1]
https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
[2]
https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
Anmol
On Wed, 2 Sep 2020 at 12:45, Francesco Chicchiriccò <il...@apache.org>
wrote:
> On 01/09/20 19:04, anmols wrote:
> > Hello SMEs,
> >
> > I am new to Apache Syncope and I'm planning to use it for users and
> > permissions management for third-party applications.
> >
> > I am trying to model permissions for these applications as privileges
> that
> > are associated with roles assigned to a set to users/groups as described
> > here <http://syncope.apache.org/docs/2.1/reference-guide.html#privileges>
> .
> >
> > I want to trigger some custom logic every time that:
> > a.) A user gets added to/updated with/deleted from a role assignment.
> > b.) A privilege that is associated with certain role(s) gets updated.
> >
> > I am able to do (a.) using a custom implementation of LogicActions as
> > described here
> > <http://syncope.apache.org/docs/2.1/reference-guide.html#logicactions>
> in
> > the reference doc.
> >
> > I am wondering what is the best way to achieve (b.), i.e. how can I
> receive
> > a notification if the privileges for an application are updated such
> that I
> > can execute some custom logic?
> >
> > I read through the Notification
> > <http://syncope.apache.org/docs/2.1/reference-guide.html#notifications>
>
> > mechanism that is oriented towards sending emails but could not find an
> > appropriate entry point.
> >
> > I think I'm essentially looking for a LogicActions like hook for
> third-party
> > application privileges.
>
> Hi Anmol,
> it seems you went quite some far, good! :-)
>
> As you have already found out, there is no (yet?) "standard" and clean way
> to achieve (b).
>
> If you have some confidence with AOP, the first thing coming to my mind
> would be to define a logic cut around method [1], similar to what [2] does,
> but more retailed to [1].
>
> Does it sound as feasible?
> Regards.
>
> [1]
> https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
> [2]
> https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
> http://home.apache.org/~ilgrosso/
>
>
--
- Anmol
Re: Events for privilege updates
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 01/09/20 19:04, anmols wrote:
> Hello SMEs,
>
> I am new to Apache Syncope and I'm planning to use it for users and
> permissions management for third-party applications.
>
> I am trying to model permissions for these applications as privileges that
> are associated with roles assigned to a set to users/groups as described
> here <http://syncope.apache.org/docs/2.1/reference-guide.html#privileges> .
>
> I want to trigger some custom logic every time that:
> a.) A user gets added to/updated with/deleted from a role assignment.
> b.) A privilege that is associated with certain role(s) gets updated.
>
> I am able to do (a.) using a custom implementation of LogicActions as
> described here
> <http://syncope.apache.org/docs/2.1/reference-guide.html#logicactions> in
> the reference doc.
>
> I am wondering what is the best way to achieve (b.), i.e. how can I receive
> a notification if the privileges for an application are updated such that I
> can execute some custom logic?
>
> I read through the Notification
> <http://syncope.apache.org/docs/2.1/reference-guide.html#notifications>
> mechanism that is oriented towards sending emails but could not find an
> appropriate entry point.
>
> I think I'm essentially looking for a LogicActions like hook for third-party
> application privileges.
Hi Anmol,
it seems you went quite some far, good! :-)
As you have already found out, there is no (yet?) "standard" and clean way to achieve (b).
If you have some confidence with AOP, the first thing coming to my mind would be to define a logic cut around method [1], similar to what [2] does, but more retailed to [1].
Does it sound as feasible?
Regards.
[1] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/ApplicationLogic.java#L85
[2] https://github.com/apache/syncope/blob/syncope-2.1.6/core/logic/src/main/java/org/apache/syncope/core/logic/LogicInvocationHandler.java#L55
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/