This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

The following sample demonstrates how to build a XACML driven authorization for an on-line trading application called “K-Martket”. This sample is shipped with the Balana XACML implementation.

Prerequisites 

Requires Java JDK 1.7 or 1.8 

Scenario

  • K-Market is an online trading company. You can create a user account with K-Market and user profile data store in their own JDBC user store. 
  • K-Market enforces some control over online trading based on the customer’s privileges which are determined by certain attributes of the customer (age, email etc). 
  • In the initial phase of their access control system, K-Market has included the following access control scenario:
    K-Market has three seperate customer groups (i.e. Blue, Silver and Gold) and have put limitations for each group when purchasing items online:

    Blue CustomersSilver CustomersGold Customers
    Can not buy any liquor or medicineCan not buy any liquorCan purchase liquor and medicine
    Maximum amount spent on a purchase is limited to $100Maximum amount spent on a purchase is limited to $500Maximum amount spent on a purchase is limited to $500
    Maximum amount spent on purchasing drinks is limited to $10Maximum amount spent on purchasing drinks is limited to $50Maximum amount spent on a purchasing liquor is limited to $10
     Maximum amount spent on purchasing medicine is limited to $50 
  • When the customer proceeds to the shopping cart checkout to enter credit card details, the K-Market access control system is triggered to check whether it is an authorized online purchase.

Executing the sample

This sample can be modified further by editing the policy files or adding new policies. Follow the instructions below to test out the sample. 

  1. The code for the sample can be checked out from here. For more information, see Downloading a Sample topic. 

    https://github.com/wso2/product-is/tree/master/modules/samples/xacml
  2. Start up Identity Server and log in to the management console.
  3. Upload the policy by following the first three steps found here and click on Import Existing Policy
  4. Click Choose File and upload the three policies found here (one by one) and click Upload. The policies can also be found in your checked out folder in the <Sample_Home>/kmarket-trading-sample/resources  directory.
  5. Publish the policies in PDP runtime. More information on this can be found in the Publishing a XACML Policy page
  6. Navigate to the Entitlement menu. Click Policy View under PDP and click Enable under the Actions section, for each policy.
  7. Implement PIP attribute finder module to retrieve the user's attributes from custom JDBC user store of the "Kmarket". More information on writing a custom PIP attribute finder module for this scenario can be found here
  8. Run the sample by navigating inside the <Sample_Home>/kmarket-trading-sample directory on the command line and executing the run script. 

    UNIX: run.sh

    Windows: run.bat

    All dependant libraries can be found within the sample

    1. This sample contains dependancy for the PEP agent sample. The PEP agent is an agent library that allows the client side API to talk with the WSO2 Identity Server. It is still under development however, this agent would work with this sample.

    2. This sample does not consider user authentication so you can enter any value for the user's password. However, you can also advocate for authentication using the WSO2 Identity Server API.

  • No labels