This sample demonstrates how fine grained authorization is enabled and used for web applications. Read more about XACML fine grained authorization in web applications.
In this sample we create a Web App with Entitlement Servlet Filter engaged. All the dependencies are packed in to the lib. So this sample can be run in any other webapp container. You have to simply host the Web App in the container and edit the pom.xml to give the URL of the web application. Thereafter, you can check the functionality.
Prerequisites
Before you start an instance of WSO2 IS, be sure that the port offset is given as "1" in the
carbon.xmlfile.The configurations in the
web.xmlfile of the sample web app should match the configurations in your running IS instance. For example, if you have changed theremoteServiceUrlvalue in theweb.xmlof the sample (stored in sample directory's<AS_HOME>/samples/EntitlementFilter/src/main/webapp/WEB-INFfolder), you must change the IS portoffset accordingly.- Start an instance of WSO2 Identity Server.
- Import the sample XACML policy stored in the
<AS_HOME>/samples/EntitlementFilter/src/main/resourcesdirectory to IS using the management console.
Building the Sample
The base directory of this sample has the build.xml file which is used to build the necessary Web App and to deploy it in WSO2 App Server.
Run the relevant command to deploy the web app:
Using Maven
Create a WAR file for the sample using the following command:
mvn clean install
Deploy the generated WAR file on WSO2 AS with the related logs on the console:
mvn -Pdeploy
Using Ant
ant
Start the Application Server and access the Management Console. Go to the webapp service listing page. You will see the deployed service.
Running the sample
- You have to run the run-client.sh or run-client.bat script. It has all the arguments and classpaths configured to run the sample.
In the console it will show the result for several Entitlement Decision Scenarios. Following output will be shown in the console if you run the sample correctly:
***********Starting the Entitlement Servlet Filter Sample************ Sending Request For a Web Page Which Requires Authorization Subject : admin Resource : /Entitlement_Sample_WebApp/protected.jsp Action : GET Environment : Not Specified ***Response BEGIN *** <html> <head><title>Protected Page</title></head> <body>Only Authorized Users Can View This</body> </html> ***Response END *** Sending Request For a Web Page Which Not Requires Authorization Subject : admin Resource : /Entitlement_Sample_WebApp/index.jsp Action : GET Environment : Not Specified ***Response BEGIN *** <html> <head><title>Index Page</title></head> <body>Anybody Can Access This Page....</body> </html> ***Response END *** Sending Request For a Web Page Which Requires Authorization with False Subject NAME Subject : andunslg Resource : /Entitlement_Sample_WebApp/protected.jsp Action : GET Environment : Not Specified ***Response BEGIN *** Server returned HTTP response code: 401 for URL: http://localhost:9763/Entitlement_Sample_WebApp/protected.jsp ***Response END *** Sending Request For a Web Page Which Requires Authorization with False Action Subject : admin Resource : /Entitlement_Sample_WebApp/protected.jsp Action : POST Environment : Not Specified ***Response BEGIN *** <html> <head><title>Protected Page</title></head> <body>Only Authorized Users Can View This</body> </html> ***Response END *** Sending Request For a Web Page Which Requires Authorization But Policy is not defined Subject : admin Resource : /Entitlement_Sample_WebApp/other.jsp Action : GET Environment : Not Specified ***Response BEGIN *** <html> <head><title>Index Page</title></head> <body>Anybody Can Access This Page....</body> </html> ***Response END *** ***********Ending the Entitlement Servlet Filter Sample************
Overview
Content Tools
Activity
- Get Support
- Report a bug
Download PDF
Download a PDF file of the documentation