This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
XACML Sample for an Online Trading Application - Identity Server 5.0.0 - WSO2 Documentation
||
Skip to end of metadata
Go to start of metadata

The following sample demonstrates how to build a XACML driven authorization for an on-line trading application called “K-Martket”. This sample is shipped with the Balana XACML implementation.

Prerequisites 

Scenario

  • K-Market is an online trading company. You can create a user account with K-Market and user profile data store in their own JDBC user store. 
  • K-Market enforces some control over online trading based on the customer’s privileges which are determined by certain attributes of the customer (age, email etc). 
  • In the initial phase of their access control system, K-Market has included the following access control scenario:
    K-Market has three seperate customer groups (i.e. Blue, Silver and Gold) and have put limitations for each group when purchasing items online:

    Blue CustomersSilver CustomersGold Customers
    Can not buy any liquor or medicineCan not buy any liquorCan purchase liquor and medicine
    Maximum amount spent on a purchase is limited to $100Maximum amount spent on a purchase is limited to $500Maximum amount spent on a purchase is limited to $500
    Maximum amount spent on purchasing drinks is limited to $10Maximum amount spent on purchasing drinks is limited to $50Maximum amount spent on a purchasing liquor is limited to $10
     Maximum amount spent on purchasing medicine is limited to $50 
  • When the customer proceeds to the shopping cart checkout to enter credit card details, the K-Market access control system is triggered to check whether it is an authorized online purchase.

Executing the sample

This sample can be modified further by editing the policy files or adding new policies. Follow the instructions below to test out the sample. 

  1. Create a folder in your local machine and navigate to it using your command line.
  2. Download the Java sample by entering the following. The location of this folder will be referred to as <SAMPLE_HOME> from this point onwards.

    svn co http://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/products/is/5.0.0/modules/samples/xacml/
  3. Start up Identity Server and log in to the management console.
  4. Upload the policy by following the first three steps found here and click on Import Existing Policy
  5. Click Choose File and upload the three policies found here (one by one) and click Upload. The policies can also be found in your checked out folder in the <Sample_Home>/kmarket-trading-sample/resources  directory.
  6. Publish the policies in PDP runtime. More information on this can be found in the Publishing a XACML Policy page
  7. Navigate to the Entitlement menu. Click Policy View under PDP and click Enable under the Actions section, for each policy.
  8. Implement PIP attribute finder module to retrieve the user's attributes from custom JDBC user store of the "Kmarket". More information on writing a custom PIP attribute finder module for this scenario can be found here
  9. Run the sample by navigating inside the <Sample_Home>/kmarket-trading-sample directory on the command line and executing the run script. 

    UNIX: run.sh

    Windows: run.bat

    All dependant libraries can be found within the sample

    1. This sample contains dependancy for the PEP agent sample. The PEP agent is an agent library that allows the client side API to talk with the WSO2 Identity Server. It is still under development however, this agent would work with this sample.

    2. This sample does not consider user authentication so you can enter any value for the user's password. However, you can also advocate for authentication using the WSO2 Identity Server API.

  • No labels