||
Skip to end of metadata
Go to start of metadata

This sample demonstrates how fine grained authorization is enabled and used for web applications. Read more about XACML fine grained authorization in web applications.

In this sample we create a Web App with Entitlement Servlet Filter engaged. All the dependencies are packed in to the lib. So this sample can be run in any other webapp container. You have to simply host the Web App in the container and edit the pom.xml to give the URL of the web application. Thereafter, you can check the functionality. 

Prerequisites

  1. Before you start an instance of WSO2 IS, be sure that the port offset is given as "1" in the carbon.xml file.

    The configurations in the web.xml file of the sample web app should match the configurations in your running IS instance. For example, if you have changed the remoteServiceUrl value in the web.xml of the sample (stored in sample directory's <AS_HOME>/samples/EntitlementFilter/src/main/webapp/WEB-INF folder), you must change the IS portoffset accordingly.

  2. Start an instance of WSO2 Identity Server.
  3. Import the sample XACML policy stored in the <AS_HOME>/samples/EntitlementFilter/src/main/resources directory to IS using the management console.

Building the Sample

The base directory of this sample has the build.xml file which is used to build the necessary Web App and to deploy it in WSO2 App Server. 

Run the relevant command to deploy the web app:

  • Using Maven

    1. Create a WAR file for the sample using the following command:

      mvn clean install
    2. Deploy the generated WAR file on WSO2 AS with the related logs on the console:

      mvn -Pdeploy
  • Using Ant

    ant

Start the Application Server and access the Management Console. Go to the webapp service listing page. You will see the deployed service.

Running the sample

  1. You have to run the run-client.sh or run-client.bat script. It has all the arguments and classpaths configured to run the sample.
  2. In the console it will show the result for several Entitlement Decision Scenarios. Following output will be shown in the console if you run the sample correctly:

    ***********Starting the Entitlement Servlet Filter Sample************
    
    Sending Request For a Web Page Which Requires Authorization
    Subject : admin
    Resource : /Entitlement_Sample_WebApp/protected.jsp
    Action : GET
    Environment : Not Specified
    ***Response BEGIN ***
    <html>
    <head><title>Protected Page</title></head>
    <body>Only Authorized Users Can View This</body>
    </html>
    ***Response END ***
    
    Sending Request For a Web Page Which Not Requires Authorization
    Subject : admin
    Resource : /Entitlement_Sample_WebApp/index.jsp
    Action : GET
    Environment : Not Specified
    ***Response BEGIN ***
    <html>
    <head><title>Index Page</title></head>
    <body>Anybody Can Access This Page....</body>
    </html>
    
    ***Response END ***
    
    Sending Request For a Web Page Which Requires Authorization with False Subject NAME
    Subject : andunslg
    Resource : /Entitlement_Sample_WebApp/protected.jsp
    Action : GET
    Environment : Not Specified
    ***Response BEGIN ***
    Server returned HTTP response code: 401 for URL: http://localhost:9763/Entitlement_Sample_WebApp/protected.jsp
    ***Response END ***
    
    Sending Request For a Web Page Which Requires Authorization with False Action
    Subject : admin
    Resource : /Entitlement_Sample_WebApp/protected.jsp
    Action : POST
    Environment : Not Specified
    ***Response BEGIN ***
    <html>
    <head><title>Protected Page</title></head>
    <body>Only Authorized Users Can View This</body>
    </html>
    ***Response END ***
    
    Sending Request For a Web Page Which Requires Authorization But Policy is not defined
    Subject : admin
    Resource : /Entitlement_Sample_WebApp/other.jsp
    Action : GET
    Environment : Not Specified
    ***Response BEGIN ***
    <html>
    <head><title>Index Page</title></head>
    <body>Anybody Can Access This Page....</body>
    </html>
    
    ***Response END ***
    
    ***********Ending the Entitlement Servlet Filter Sample************
  • No labels