Over a million developers have joined DZone.

Application Specific Permissions in WOS2 IS

· Integration Zone

Visually compose APIs with easy-to-use tooling. Learn how IBM API Connect provides near-universal access to data and services both on-premises and in the cloud, brought to you in partnership with IBM.

This is a new future coming in wso2 IS 4.7.0 where we can define application specific permissions. First create a service provider as below:

1. Start IS and login to WSO2 IS and navigate to 'home -> Manage -> Service Providers -> add'

image

2. As it added you can find new role. it is create for this service provider

image

3. Now we will edit service providers that we created to add Permissions. Go to 'Role/Permission Configuration'

4. Add new Permission for application and click ‘Update’

image

5. Now to check those permission is added. We will go to ‘permission tree’ at Home > Configure > Users and Roles > Roles > Permissions

image

Here I am browsing registry for application permissions

image 

Now we will try to authorized user for this resource from web services. ‘RemoteAuthorizationManagerService’[1]

6. Send request using SOAPUI

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://service.ws.um.carbon.wso2.org">
   <soap:Header/>
   <soap:Body>
      <ser:authorizeUser>
         <ser:userName>admin</ser:userName>
         <ser:resourceId>permission/application/MyServiceProvider/addAssert</ser:resourceId>
         <ser:action>ui.execute</ser:action>
      </ser:authorizeUser>
   </soap:Body>
</soap:Envelope>

image

Then verifies the Task, we will used ‘isUserAuthorized’

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:ser="http://service.ws.um.carbon.wso2.org">
   <soap:Header/>
   <soap:Body>
      <ser:isUserAuthorized>
         <ser:userName>admin</ser:userName>
         <ser:resourceId>permission/application/MyServiceProvider/addAssert</ser:resourceId>
         <ser:action>ui.execute</ser:action>
      </ser:isUserAuthorized>
   </soap:Body>
</soap:Envelope>

image

Respond will come as true as it authorized.

[1] https://localhost:9443/services/RemoteAuthorizationManagerService?wsdl

Visually compose APIs with easy-to-use tooling. Learn how IBM API Connect provides near-universal access to data and services both on-premises and in the cloud, brought to you in partnership with IBM.

Topics:

Published at DZone with permission of Madhuka Udantha, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}