Data Access Provisioning in WSO2 API Manager

0
votes

Using scope functionality in WSO2 API Manager, I am able to limit access to my back-end APIs like http://mydomain/context/students(GET - list of all students),http://mydomain/context/student/S101 (GET - details of student S101) or http://mydomain/context/student/create (POST) only to users who are assigned specific roles. That much fine-grained control, I am able to implement.

But I want to implement more detailed filtering : User U101 is allowed to view details of students S101 to S110 only. So http://mydomain/context/student/S111 should be blocked for him and http://mydomain/context/students should only return details of S101 to S110. Can I implement this filtering in WSO2 API manager? (I have an RDBMS table (part of back-end, not in WSO2) with the mapping of users to the list of students, whose details the user is allowed to access.)

1
wso2authorizationwso2iswso2-amrestful-authentication

1 Answers

1
votes

In API Manager, any modification to the response content are done via mediation scripts. In you scenario, the role - content mapping should be stored in API Manager in order to filter the content. For this you can use a class mediator to filter the respose content.

In the mediator you have to get the role - content mapping. You can either define it in the class itself or retrieve it from your database.

Please follow documentation[1] and [2] for how to write a class mediator and how to use it.

[1] https://docs.wso2.com/display/EI600/Class+Mediator

[2] https://docs.wso2.com/display/AM210/Adding+Mediation+Extensions