Monday, September 30, 2013

Making a WSO2 Carbon component available only for super tenant


Recently, I had a requirement to make a particular carbon component that was developed available only in super tenant mode and inaccessible to normal tenants. Well, documentation was a bit scarce on this area, and as usual google was my friend. I stumbled upon this 4 year old commit [1] which was the solution to my problem.

Hiding the component from the Carbon Management Console

To hide it from the management console UI, the easiest thing you can do is hide it from the menu that is listed. Usually all carbon component UI bundles contains a component.xml inside src/main/resources/META-INF that describes how this particular component will be listed in the UI. All you need to do is add a <require-super-tenant>true</require-super-tenat> tag under the menu item.

Sample component.xml configuration file

Disabling access from the admin service

Simply hiding it from the UI menu is not enough to truly prevent access to a particular module in tenant mode. As you may know, the management console accesses a carbon component through an admin service and you need to restrict access at this level to properly restrict access to super-tenant only for a particular component.

Again, it is a simple XML configuration change and all you need to do is add the following line as a parameter to the serivces.xml file under src/main/resources/META-INF for the particular admin service.

<parameter name="superTenantService" locked="true">true</parameter>

Sample service.xml configuration file

No comments:

Post a Comment