I just started learning xacml with wso2 and I went through this example post, which is working fine. My question is instead of wso2as if I use tomcat to deploy my war file then how I can protect my protected pages.
Thank You
1
votes
2 Answers
0
votes
You need to start with the basics. Do you know the XACML architecture? There is a component called PEP (policy enforcement point) which is responsible for protecting your resources.
The PEP can be of different form factors. It could be an API gateway or in your case, it would likely be a servlet filter. You can write your Servlet Filter. Follow these instructions.
To learn more about XACML, check out the Wikipedia site for it. I keep adding information on a regular basis. Also check out the ABAC and ALFA pages.
0
votes
There are multiple ways to do this, I will explain you one such method
If you are deploying you web app on tomcat, you can write a tomcat filter[1] or tomcat valve to act as the PEP (Policy Enforcement Point).
You can configure the WSO2 Identity Server with XACML policies. Thereafter you can call the Entitlement service from within the tomcat filter/valve you implemented using the SOAP/thrift entitlement client (Refer [2])
You can implement a filter similar to [3]. You need to configure the filter in the web.xml of your web app. Make use of [4] to configure the filter. WSO2 Application uses tomcat internally to host web apps so it is not much different than deploying on tomcat
[1] https://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/Filter.html
[2] Xacml integration with saml in wso2
[4] https://docs.wso2.com/display/AS530/Enable+XACML+Fine+Grained+Authorization+for+Web+Apps
