...
Providing XACML Fine Grained Authorization to WebApp Requests
WSO2 Application Server, Apache Tomcat or any other web container can be used to host our web apps. If it is required to provide fine grained access (authority) to our web appsWeb Apps, WSO2 Identity Server can be used as the XACML Policy Decision Point (PDP). This PDP can be accessed via a web service called Entitlement Service. We use the servlet filter named Entitlement Servlet Filter as the Policy Enforcement Point (PEP) for
web appWeb App authorization. This allows us the flexibility of using it in any
web appWeb App container. The Entitlement Servlet Filter uses a proxy to communicate with WSO2 Identity Server.
The following digram shows how the servlet filter receives the decision on user authority:
...