Versions Compared

Old Version 12

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

After defining the accessible user roles in the resource policy as shown above, you can associate that policy to the HTTP verbs of URL patterns in the Step 3 - Web Application Resources section. For example, if you are addingthe adding the resource policy created above to the GET HTTP verb of the /{context}/{version}/timeTables URL pattern as shown below, then a HTTP GET request sent to /{context}/{version}/timeTables is authorized only for a users of member and admin roles.

add defined policy to Web app resource

XACML policy based resource authorization

...

Follow the below steps to define the conditions of a XACML-based resource entitlement policy.

  1. Log in to the admin dashboard of WSO2 App Manager using admin/admin credentials and the following URL: https://localhost:9443/admin-dashboard
  2. Click Add XACML PolicyEntitlement Policies, and then click Add New.
  3. Enter a name for the XACML entitlement policy.
  4. Enter a description for the XACML policyentitlement policy.

  5.  Define the conditions of the XACML policy entitlement policy in the provided editor as shown below.

    Info

    For more information on defining XACML policies, see OASIS XACML Version 3.0 documentation.

    add XACML policyImage Removed

    Click New to define

    add a new entitlement policyImage Added

  6. Select Permit or Deny under Effect section to create a new policy without saving the existing contentresource policy by enabling the defined XACML policy. If you select Permit, the user will be permitted to access, and if you select Deny, the Web app resource access will be denied.
  7. Click Validate to check the validity of the policy. It checks for syntax errors and verifies whether the condition adheres to XACML policy language specifications. 

  8. Click Save to save the policy condition details. When the policy is saved, it gets listed  

    Info

    Only the author of the policy can edit shared policies.

  9. Click Entitlement Policies in the left menu, and then click View All. You view the saved policy under the list of XACML policies as shown below.
    XACML policy added to listImage Removedavailable XACML policies listImage Added
    You can edit and delete defined XACML policies using the provided buttons under the Action column as shown above.

    InfoOnly the author of the policy can edit shared policies

    .

Associating XACML policies with Web application resources

Follow the steps below to associate the defined XACML policies with the HTTP verbs of the URL Pattern of Web application resources when creating a Web application.

 

  

...

  1. In the Step 2 - Policies

...

 

Step 3 - Web Application Resources section. In the Access Policy section of a Web URL pattern, select the policy, and then select Permit or Deny as shown below. If you select Permit, the user will be permitted to access, and if you select Deny, the Web app resource access will be denied.

...

  1. of creating a Web application, select the Entitlement Policy as shown below.

    select entitlement policyImage Added

  2. Associate the XACML policy defined above to a HTTP Verb of a specific URL Pattern of a Web app resource in Step 3 - Web Application Resources section as shown below.
    add defined XACML policy to Web app resourceImage Added