This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

WSO2 App Manager facilitates Web application authorization for reliability and security of Web applications. Users can enable  different levels of access rights and authorization for a single Web application resource. When authorization is enabled, users can access that resource based on the authorization policies or granted permissions. WSO2 App Manager has two types of authorization mechanisms as follows.

Role based resource authorization

In WSO2 App Manager, the Web application invocation requests are authorized and access is granted based on the role assigned to the user. This is called role based resource authorization.  While creating a Web application in the App Publisher, you can associate roles for each Web application resource, in the Web Application Resource section. 

You can associate user roles with HTTP verbs of URL patterns in either default resources or newly added resources as shown below. 

role based resource auhtorization

For example, if you are adding a resource to a Web application with the value /{context}/{version}/timeTables as the URL pattern and GET as the HTTP verb, associating roleA as the user role to it, then a HTTP GET request sent to /{context}/{version}/timeTables is authorized only for a user with roleA.

XACML policy based resource authorization

XACML is a widely used authorization mechanism for Web resources. It provides fine grained policy based access control. WSO2 App Manager provides Web application resource authorization facility with the use of XACML policies associated with resources.

Defining XACML policy conditions

For instructions on defining XACML policies, see Step 2 - XACML Policies.

Associating XACML policies with Web application resources

When creating a Web application, you can associate the defined XACML policies with HTTP verb of the URL patterns of it in the Web Application Resource section. In the Access Policy section of a Web URL pattern, select the policy, and then select Permit or Deny as shown below. If you select Permit, the user will be permitted to access, and if you select Deny, the Web app resource access will be denied.

XACML based authorization

  • No labels