This sample demonstrates how fine grained authorization is enabled and used for web applications. Read more about XACML fine grained authorization in web applications.
In this sample we create a Web App with Entitlement Servlet Filter engaged. All the dependencies are packed in to the lib. So this sample can be run in any other webapp container. You have to simply host the Web App in the container and edit the
pom.xml to give the URL of the web application. Thereafter, you can check the functionality.
Before you start an instance of WSO2 IS, be sure that the port offset is given as "1" in the
The configurations in the
web.xmlfile of the sample web app should match the configurations in your running IS instance. For example, if you have changed the
remoteServiceUrlvalue in the
web.xmlof the sample (stored in sample directory's
<AS_HOME>/samples/EntitlementFilter/src/main/webapp/WEB-INFfolder), you must change the IS portoffset accordingly.
- Start an instance of WSO2 Identity Server.
- Import the sample XACML policy stored in the
<AS_HOME>/samples/EntitlementFilter/src/main/resourcesdirectory to IS using the management console.
Building the Sample
The base directory of this sample has the
build.xml file which is used to build the necessary Web App and to deploy it in WSO2 App Server.
Run the relevant command to deploy the web app:
Create a WAR file for the sample using the following command:
Deploy the generated WAR file on WSO2 AS with the related logs on the console:
Start the Application Server and access the Management Console. Go to the webapp service listing page. You will see the deployed service.
Running the sample
- You have to run the run-client.sh or run-client.bat script. It has all the arguments and classpaths configured to run the sample.
In the console it will show the result for several Entitlement Decision Scenarios. Following output will be shown in the console if you run the sample correctly: