WSO2 ESB XACML Authorization rest/soap web services client java

0
votes

I'm following this tutorial http://wso2.com/library/articles/2010/10/using-xacml-fine-grained-authorization-wso2-platform/ to protect several web services usign wso2 ESB + IS. I just want a single proxy that calls the Entitlement Mediator to check that an user has the authorization to access an endpoint, but i've different kinds of endpoints and i've some problem using the java client provided in the tutorial. I'm able to call soap web services, but it doesn't work with rest web services with different http methods (get, post) and different content type (application/json).

There is a general solution to call a generic endpoint with the properties required to the ESB?

Thanks

1
javaclientauthorizationwso2esb

1 Answers

0
votes

Let me briefly explain what entitlement mediator does, It extracts some values from the request message and creates the XACML request and sends it to WSO2IS for decision.

To create the XACML request, entitlement mediator looks for following

User --> By default user name is retrieved from the message context property value called "username". This value is populated to message context when user is authenticated to proxy service using UT/Basic auth ....

Resource --> By default resource is the endpoint service name. this is retrieved from "To" header in the SOAP message.

Action --> By default action is "read" If this is REST request, it would take, GET/POST as actions.

Same use case for REST services has been described here

But you can change the default behavior by implementing new call back class. Above values are retrieved from the default implementation of call back class. If you want to retrieve some user name values from user json request, you can even do it by extending new implementation. Basically you want to write some java code and create a jar file and put it in to repository/components/lib directory... Please find the default implementation from here which is "UTEntitlementCallbackHandler.java". Also there are some other implementation as well, Please look in to the code, it is simple, you can understand them.