Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Application Specific Permissions in WOS2 IS

DZone's Guide to

Application Specific Permissions in WOS2 IS

· Integration Zone ·
Free Resource

Learn more about how to Prevent Slow or Broken APIs From Affecting Your Bottom Line.

This is a new future coming in wso2 IS 4.7.0 where we can define application specific permissions. First create a service provider as below:

1. Start IS and login to WSO2 IS and navigate to 'home -> Manage -> Service Providers -> add'

image

2. As it added you can find new role. it is create for this service provider

image

3. Now we will edit service providers that we created to add Permissions. Go to 'Role/Permission Configuration'

4. Add new Permission for application and click ‘Update’

image

5. Now to check those permission is added. We will go to ‘permission tree’ at Home > Configure > Users and Roles > Roles > Permissions

image

Here I am browsing registry for application permissions

image 

Now we will try to authorized user for this resource from web services. ‘RemoteAuthorizationManagerService’[1]

6. Send request using SOAPUI

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://service.ws.um.carbon.wso2.org">
   <soap:Header/>
   <soap:Body>
      <ser:authorizeUser>
         <ser:userName>admin</ser:userName>
         <ser:resourceId>permission/application/MyServiceProvider/addAssert</ser:resourceId>
         <ser:action>ui.execute</ser:action>
      </ser:authorizeUser>
   </soap:Body>
</soap:Envelope>

image

Then verifies the Task, we will used ‘isUserAuthorized’

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://service.ws.um.carbon.wso2.org">
   <soap:Header/>
   <soap:Body>
      <ser:isUserAuthorized>
         <ser:userName>admin</ser:userName>
         <ser:resourceId>permission/application/MyServiceProvider/addAssert</ser:resourceId>
         <ser:action>ui.execute</ser:action>
      </ser:isUserAuthorized>
   </soap:Body>
</soap:Envelope>

image

Respond will come as true as it authorized.

[1] https://localhost:9443/services/RemoteAuthorizationManagerService?wsdl

Learn about the Five Steps to API Monitoring Success with Runscope

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}