Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Application Specific Permissions in WOS2 IS

DZone's Guide to

Application Specific Permissions in WOS2 IS

· Integration Zone ·
Free Resource

The State of API Integration 2018: Get Cloud Elements’ report for the most comprehensive breakdown of the API integration industry’s past, present, and future.

This is a new future coming in wso2 IS 4.7.0 where we can define application specific permissions. First create a service provider as below:

1. Start IS and login to WSO2 IS and navigate to 'home -> Manage -> Service Providers -> add'

image

2. As it added you can find new role. it is create for this service provider

image

3. Now we will edit service providers that we created to add Permissions. Go to 'Role/Permission Configuration'

4. Add new Permission for application and click ‘Update’

image

5. Now to check those permission is added. We will go to ‘permission tree’ at Home > Configure > Users and Roles > Roles > Permissions

image

Here I am browsing registry for application permissions

image 

Now we will try to authorized user for this resource from web services. ‘RemoteAuthorizationManagerService’[1]

6. Send request using SOAPUI

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://service.ws.um.carbon.wso2.org">
   <soap:Header/>
   <soap:Body>
      <ser:authorizeUser>
         <ser:userName>admin</ser:userName>
         <ser:resourceId>permission/application/MyServiceProvider/addAssert</ser:resourceId>
         <ser:action>ui.execute</ser:action>
      </ser:authorizeUser>
   </soap:Body>
</soap:Envelope>

image

Then verifies the Task, we will used ‘isUserAuthorized’

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://service.ws.um.carbon.wso2.org">
   <soap:Header/>
   <soap:Body>
      <ser:isUserAuthorized>
         <ser:userName>admin</ser:userName>
         <ser:resourceId>permission/application/MyServiceProvider/addAssert</ser:resourceId>
         <ser:action>ui.execute</ser:action>
      </ser:isUserAuthorized>
   </soap:Body>
</soap:Envelope>

image

Respond will come as true as it authorized.

[1] https://localhost:9443/services/RemoteAuthorizationManagerService?wsdl

Your API is not enough. Learn why (and how) leading SaaS providers are turning their products into platforms with API integration in the ebook, Build Platforms, Not Products from Cloud Elements.

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}