WSO2 App Manager facilitates Web application authorization for reliability and security of Web applications. Users can enable different different levels of access rights and authorization for a single Web application resource. When authorization is enabled, users can access that resource based on the authorization policies or granted permissions. WSO2 App Manager has two types of authorization mechanisms as follows.
...
In WSO2 App Manager, the Web application invocation requests are authorized and access is granted based on the role assigned to the user. This is called role based resource authorization. While creating a Web application in the App Publisher, you can associate roles for each Web application resource, in the the Web Application Resource section.
You can associate user roles with HTTP verbs of URL patterns in either default resources or newly added resources as shown below.
...
XACML is a widely used authorization mechanism for Web resources. It provides fine grained policy-based access control. WSO2 App Manager provides Web application resource authorization facility with the use of XACML policies associated with resources.
...