This documentation is for WSO2 Enterprise Service Bus version 4.8.1 . View documentation for the latest release.

All docs This doc
||
Skip to end of metadata
Go to start of metadata

The abstract EntitlementCallbackHandler class supports the following properties for getting the XACML subject (user name), specifying the action, and setting the service name. The various implementations of this class (UTEntitlementCallbackHandler, X509EntitlementCallbackHandler, etc.) can use some or all of these properties. You implement these properties by adding Property mediators before the Entitlement mediator in the sequence.

The default UTEntitlementCallbackHandler looks for a property called username in the Axis2 message context, which it uses as the XACML request subject-id value. Likewise, the other handlers look at various properties for values for the attributes and construct the XACML request. The following attribute IDs are used by the default handlers.

In most scenarios, you do not need to configure any of these properties.

Property nameAcceptable valuesScopeDescription
xacml_subject_identifierstringaxis2

By default, the Entitlement mediator expects to find the XACML subject (user name) in a property called username in the message's Axis2 context. If your authentication mechanism specifies the user name by adding a property of a different name, create a property called xacml_subject_identifier and set it to the name of the property in the message context that contains the subject.

xacml_actionstringaxis2If you are using REST and want to specify a different HTTP verb to use with the service, specify it with the xacml_action property and specify the xacml_use_rest property to true.
xacml_use_resttrue/falseaxis2

If you are using REST, and you want to override the HTTP verb to send with the request, you can set this property to true to set to true.

xacml_resource_prefixstringaxis2If you want to change the service name, use this property to specify the new service name or the text you want to prepend to the service name. 

xacml_resource_prefix_only

true/falseaxis2

If set to true, the xacml_resource_prefix value is used as the whole service name. If set to false (default), the xacml_resource_prefix is prepended to the service name.

  • No labels