This is the latest release in the 6.x.x family. For EI 7.0.0, click here.

All docs This doc
Skip to end of metadata
Go to start of metadata

The abstract EntitlementCallbackHandler class supports the following properties for getting the XACML subject (user name), specifying the action, and setting the service name. The various implementations of this class (UTEntitlementCallbackHandler, X509EntitlementCallbackHandler, etc.) can use some or all of these properties. You implement these properties by adding Property mediators before the Entitlement mediator in the sequence.

The default UTEntitlementCallbackHandler looks for a property called username in the Axis2 message context, which it uses as the XACML request subject-id value. Likewise, the other handlers look at various properties for values for the attributes and construct the XACML request. The following attribute IDs are used by the default handlers.

In most scenarios, you do not need to configure any of these properties.

Property nameAcceptable valuesScopeDescription

By default, the Entitlement mediator expects to find the XACML subject (user name) in a property called username in the message's Axis2 context. If your authentication mechanism specifies the user name by adding a property of a different name, create a property called xacml_subject_identifier and set it to the name of the property in the message context that contains the subject.

xacml_actionstringaxis2If you are using REST and want to specify a different HTTP verb to use with the service, specify it with the xacml_action property and specify the xacml_use_rest property to true.

If you are using REST, and you want to override the HTTP verb to send with the request, you can set this property to true to set to true.

xacml_resource_prefixstringaxis2If you want to change the service name, use this property to specify the new service name or the text you want to prepend to the service name. 



If set to true, the xacml_resource_prefix value is used as the whole service name. If set to false (default), the xacml_resource_prefix is prepended to the service name.

  • No labels