||
Skip to end of metadata
Go to start of metadata

Introduction

In WSO2 App Manager, you can restrict different user roles from accessing specific Web app components. You can do this using the role-based Web application resource authorization feature of the App Manager when publishing a Web app. For more information on role-based resource authorization, see Web Application Resource Authorization

This sample demonstrates how to restrict access to the admin panel of a Web app only to admin users based on the user role, so that member users will only be able to access the member panel.

Prerequisites

  • Download WSO2 AppM, and start the server. 

  • Start the Web server (e.g. Apache with PHP or XAMPP)

Building the sample

Follow the steps below to host the Notifi app in the Web server.

  1. Download the Notifi Web app.
  2. Copy the notifi/ directory to <DOCUMENT_ROOT> directory, to host the file in the Web server.
  3. Access the Notifi Web app in your Web browser using the following URL: http://<IP_ADDRESS>:8080/notifi/

Executing the sample

Follow the steps below to execute the sample.

Creating a user role

Follow the steps below to create a user role for members of the Notifi Web app.

  1. Log in to the management console ( https://<hostname>:9443/carbon ) of the App Manager using admin/admin credentials.
  2. Click Configure, and then click Users and Roles.

  3. Click Roles, and then click Add New Role.

    For more instructions on creating a user role in WSO2 App Manager, see Configuring Roles

  4. Select PRIMARY for Domain, and enter the Role Name as member as shown below.

    add new user role

  5. Click Next.

  6. Select login for Select Permissions as shown below.

    enter user role permissions

  7. Click Finish.

Creating a user

Follow the steps below to create a a user for members of the Notifi Web app.

  1. Log in to the management console ( https://<hostname>:9443/carbon ) of the App Manager using admin/admin credentials.

  2. Click Configure, and then click Users and Roles.

  3. Click Users, and then click Add New User.

  4. Enter details as shown below to create a user named member

    For instructions on creating a user in WSO2 App Manager, see Configuring Users.

    add new user

  5. Click Next.

  6. Select member for Users of Role as shown below.

    select role for user

  7. Click Finish.

Creating the Web app

Follow the steps below to create a new Web app in App Publisher to publish the Notifi app.

Remove "admin" from the list of values of the hiddenRoles property in the <AppM_HOME>/repository/deployment/server/jaggeryapps/publisher/config/publisher.json file, to enable the admin role for resource policies.

Completing the Overview section

Follow the steps below to complete the first step of creating a new Web app.

  1. Log in to the App Publisher of WSO2 App Manager using the following URL: http://<IP_ADDRESS>:9763/publisher
  2. Click Add New Web Application, to add the Notifi Web app using the App Publisher. 

  3. Enter the details in the Overview section as shown below. 

    Enter the URL of the Web app by which you access it directly from your Web browser for Web App URL. For instructions on the Overview section of adding a Web app, see Step 1 - Overview

    creating a new Web app - Overview section

Completing the Policies section

Follow the steps below to complete the second step of creating a new Web app. For instructions on the Policies section of adding a Web app, see Step 2 - Policies.

  1. Click Global Policies.
  2. Select Enable Single Logout, and enter the URL of the front page of the Notifi Web app as shown below (E.g. http://10.100.4.102/notifi/).
    enable single logout
  3. Click Resource Policies, and then click Add New Resource Policy.
  4. Enter Admin Policy for Resource policy name, and admin for Accessible User Roles as shown below. 
    add admin resource policy
  5. Click Save & Close.
  6. Click Add New Resource Policy.
  7. Enter Member Policy for Resource policy name, and member for Accessible User Roles as shown below. 
    add member policy
  8. Click Save & Close.
  9. Click Add New Resource Policy.
  10. Enter Anonymous Policy for Resource policy name, and select True for Allow Anonymous Access as shown below.
    add anonymous policy
  11. Click Save & Close.

Completing the Web Application Resources section

Follow the steps below to complete the third step of creating a new Web app to configure role-based Web application resource authorization for it. For instructions on the Web Application Resources section of adding a Web app, see Step 3 - Web Application Resources.

  1. Enter admin/* for the URL Pattern, and select GET and POST for the HTTP Verb as shown below.
    add admin resource
  2. Click Add Resource.
  3. Enter member/* for the URL Pattern, and select GET and POST for the HTTP Verb as shown below. 
    add member resource
  4. Click Add Resource.
  5. Enter index.php for the URL Pattern, and select GET for the HTTP Verb as shown below. 
    index resource
  6. Click Add Resource.
  7. Enter assert/* for the URL Pattern, and select GET for the HTTP Verb as shown below.
    assert resource
  8. Select Resource Policy for the added Web application resources as shown below.
    select resource policies
  9. Click Create.

Publishing the Web app

Follow the steps below to publish the Web app in the App Publisher. For more instructions on publishing a Web app, see Publishing Web Applications.

  1. In the All Web Applications list, click Submit for Review button corresponding to the app.
  2. Click Approve.
  3. Click Publish.

Subscribing to the Web app

Follow the steps below to subscribe to the Web app. For instructions on subscribing to a Web app, see Subscribing to Applications.

  1. Log in to the App Store of WSO2 App Manager using the following URL: http://<IP_ADDRESS>:9763/store
  2. Click on the image of the Web app.
  3. Click Subscribe Me.
  4. Click the Gateway Endpoint URL of the Web app as shown below.
    gateway endpoint URL of the published Web app
  5. Log in to the admin panel of the Notifi Web app using admin/admin credentials.
  6. Enter a message in the space provided to send to the member users as shown below.
    a test message sent by admin to members
  7. Click Send.
  8. Log in to the member panel as the member user you created.
  9. You see the message received from admin as shown below.

    test message received by member from admin

    You will not be able to log in to the admin panel using the member user you created. This is because the Web app is configured to restrict access on admin panel only to admin users through the user role-based Web application resource authorization.


  • No labels