This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

WSO2 App Manager facilitates Web application authorization for reliability and security of Web applications. Users can enable different levels of access rights and authorization for a single Web application resource. When authorization is enabled, users can access that resource based on the authorization policies or granted permissions. WSO2 App Manager has two types of authorization mechanisms as follows.

Role-based resource authorization

In WSO2 App Manager, the Web application invocation requests are authorized and access is granted based on the role assigned to the user. This is called role-based resource authorization. In the Step 2 - Policies of creating a Web application in the App Publisher, you can associate roles for Web application resources, by defining Accessible User Roles in the resource policy as shown below.

new resource policy

After defining the accessible user roles in the resource policy as shown above, you can associate that policy to the HTTP verbs of URL patterns in the Step 3 - Web Application Resources section. For example, if you are adding

the resource policy created above to the GET HTTP verb of the /{context}/{version}/timeTables URL pattern as shown below, then a HTTP GET request sent to /{context}/{version}/timeTables is authorized only for a users of member and admin roles.

add defined policy to Web app resource

XACML policy based resource authorization

XACML is a widely used authorization mechanism for Web resources. XACML provides fine grained policy-based access control. WSO2 App Manager provides Web application resource authorization facility with the use of XACML policies associated with resources.

Defining the XACML policy conditions

Follow the below steps to define the conditions of a XACML-based resource policy.

  1. Log in to the admin dashboard of WSO2 App Manager using admin/admin credentials and the following URL: https://localhost:9443/admin-dashboard
  2. Click Add XACML Policy.
  3. Enter a name for the XACML policy.
  4. Enter a description for the XACML policy.
  5.  Define the conditions of the XACML policy in the provided editor as shown below.

    For more information on defining XACML policies, see OASIS XACML Version 3.0 documentation.

    add XACML policy

  6. Click New to define a new policy without saving the existing content.
  7. Click Validate to check the validity of the policy. It checks for syntax errors and verifies whether the condition adheres to XACML policy language specifications. 
  8. Click Save to save the policy condition details. When the policy is saved, it gets listed under the list of XACML policies as shown below.
    XACML policy added to list
    You can edit and delete defined XACML policies using the provided buttons under the Action column as shown above.

    Only the author of the policy can edit shared policies.

Associating XACML policies with Web application resources

Follow the steps below to associate the defined XACML policies with the HTTP verbs of the URL Pattern of Web application resources when creating a Web application.

 

  

 in the Step 2 - Policies

 

Step 3 - Web Application Resources section. In the Access Policy section of a Web URL pattern, select the policy, and then select Permit or Deny as shown below. If you select Permit, the user will be permitted to access, and if you select Deny, the Web app resource access will be denied.

XACML based authorization

  • No labels