This documentation is for WSO2 Identity Server 5.4.0 . View documentation for the latest release.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The following section describes the RemoteAuthorizationManager API and the operations that come with it. 

...

This function authorizes the given role to perform the specified action on the given resource.

Input parameters

ParameterDescription
roleNameThe name of the role (e.g., "role1")
resourceIdThe resource path (e.g., "/permission/admin/login")
actionThe action name of the action to be performed on the resource (e.g., "ui.execute")



Localtab Group
Localtab
activetrue
titleRequest
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
 <soapenv:Header/>
 <soapenv:Body>
  <ser:authorizeRole>
   <!­­--Optional:­­-->
   <ser:roleName>role1</ser:roleName>
   <!--­­Optional:­­-->
   <ser:resourceId>/permission/admin/login</ser:resourceId>
   <!--­­Optional:­­-->
   <ser:action>ui.execute</ser:action>
  </ser:authorizeRole>
 </soapenv:Body>
</soapenv:Envelope>
Localtab
titleResponse
Code Block
No response on Success

...

This function clears all authorizations of the role.

Input parameters

ParameterDescription
roleNameThe name of the role (e.g., "role1")



Localtab Group
Localtab
activetrue
titleRequest
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
 <soapenv:Header/>
 <soapenv:Body>
  <ser:clearAllRoleAuthorization>
   <!­­--Optional:­­-->
   <ser:roleName>role1</ser:roleName>
  </ser:clearAllRoleAuthorization>
 </soapenv:Body>
</soapenv:Envelope>
Localtab
titleResponse
Code Block
No response on Success

...

This function clears all the authorizations for the given resource.

Input parameters

ParameterDescription
resourceIdThe resource path (e.g., "/permission/admin/login")



Localtab Group
Localtab
activetrue
titleRequest
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
 <soapenv:Header/>
 <soapenv:Body>
  <ser:clearResourceAuthorizations>
   <!--­­Optional:­­-->
   <ser:resourceId>/permission/admin/login</ser:resourceId>
  </ser:clearResourceAuthorizations>
 </soapenv:Body>
</soapenv:Envelope>
Localtab
titleResponse
Code Block
No response on Success

...

This function removes the authorization from the role to perform the specified action on all the resources.

Input parameters

ParameterDescription
actionThe action name of the action to be performed on the resource (e.g., "ui.execute")



Localtab Group
Localtab
activetrue
titleRequest
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
 <soapenv:Header/>
 <soapenv:Body>
  <ser:clearRoleActionOnAllResources>
   <!--­­Optional:­­-->
   <ser:action>ui.execute</ser:action>
  </ser:clearRoleActionOnAllResources>
 </soapenv:Body>
</soapenv:Envelope>
Localtab
titleResponse
Code Block
No response on Success

...

This function clear the authorization of the specified role to perform the given action on the resource.

Input parameters

ParameterDescription
roleNameThe name of the role (e.g., "role1")
resourceIdThe resource path (e.g., "/permission/admin/login")
actionThe action name of the action to be performed on the resource (e.g., "ui.execute")



Localtab Group
Localtab
activetrue
titleRequest
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
 <soapenv:Header/>
 <soapenv:Body>
  <ser:clearRoleAuthorization>
   <!­­--Optional:­­-->
   <ser:roleName>role1</ser:roleName>
   <!--­­Optional:­­-->
   <ser:resourceId>/permission/admin/login</ser:resourceId>
   <!--­­Optional:­­-->
   <ser:action>ui.execute</ser:action>
  </ser:clearRoleAuthorization>
 </soapenv:Body>
</soapenv:Envelope>
Localtab
titleResponse
Code Block
No response on Success

...

This function removes the authorization of the role to perform the given action on the specified resource.

Input parameters

ParameterDescription
roleNameThe name of the role (e.g., "role1")
resourceIdThe resource path (e.g., "/permission/admin/login")
actionThe action name of the action to be performed on the resource (e.g., "ui.execute")



Localtab Group
Localtab
activetrue
titleRequest
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
 <soapenv:Header/>
 <soapenv:Body>
  <ser:denyRole>
   <!­­--Optional:­­-->
   <ser:roleName>role1</ser:roleName>
   <!--­­Optional:­­-->
   <ser:resourceId>/permission/admin/login</ser:resourceId>
   <!--­­Optional:­­-->
   <ser:action>ui.execute</ser:action>
  </ser:denyRole>
 </soapenv:Body>
</soapenv:Envelope>
Localtab
titleResponse
Code Block
No response on Success

...

This function retrieves the list of authorized roles to perform the given action on the specified resource.

Input parameters

ParameterDescription
resourceIdThe resource path (e.g., "/permission/admin/login")
actionThe action name of the action to be performed on the resource (e.g., "ui.execute")



Localtab Group
Localtab
activetrue
titleRequest
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
 <soapenv:Header/>
 <soapenv:Body>
  <ser:getAllowedRolesForResource>
   <!--­­Optional:­­-->
   <ser:resourceId>/permission/admin/login</ser:resourceId>
   <!--­­Optional:­­-->
   <ser:action>ui.execute</ser:action>
  </ser:getAllowedRolesForResource>
 </soapenv:Body>
</soapenv:Envelope>
Localtab
titleResponse
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
  <ns:getAllowedRolesForResourceResponse xmlns:ns="http://service.ws.um.carbon.wso2.org"
xmlns:ax2599="http://core.user.carbon.wso2.org/xsd"
xmlns:ax2600="http://api.user.carbon.wso2.org/xsd">
   <ns:return>admin</ns:return>
   <ns:return>myrole</ns:return>
  </ns:getAllowedRolesForResourceResponse>
 </soapenv:Body>
</soapenv:Envelope>

...

This function retrieves the list of UI resources in the specified root patch for which the user has authorization. 

Input parameters

ParameterDescription
userNameThe username of the specific user (e.g., "admin")
permissionRootPathThe permission root path



Localtab Group
Localtab
activetrue
titleRequest
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
 <soapenv:Header/>
 <soapenv:Body>
  <ser:getAllowedUIResourcesForUser>
   <!--­­Optional:­­-->
   <ser:userName>admin</ser:userName>
   <!--­­Optional:­­-->
   <ser:permissionRootPath>/</ser:permissionRootPath>
  </ser:getAllowedUIResourcesForUser>
 </soapenv:Body>
</soapenv:Envelope>
Localtab
titleResponse
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
  <ns:getAllowedUIResourcesForUserResponse xmlns:ns="http://service.ws.um.carbon.wso2.org"
xmlns:ax2599="http://core.user.carbon.wso2.org/xsd"
xmlns:ax2600="http://api.user.carbon.wso2.org/xsd">
   <ns:return>/permission</ns:return>
   <ns:return>/permission/admin/configure/</ns:return>
   <ns:return>/permission/admin/login/</ns:return>
   <ns:return>/permission/admin/manage/</ns:return>
   <ns:return>/permission/admin/monitor/</ns:return>
   <ns:return>/permission/protected/</ns:return>
   <ns:return>/permission/testlogin/</ns:return>
  </ns:getAllowedRolesForResourceResponse>
 </soapenv:Body>
</soapenv:Envelope>

...

This function checks whether the given role is authorized to perform the action on the specified resource.

Input parameters

ParameterDescription
roleNameThe name of the role (e.g., "role1")
resourceIdThe resource path (e.g., "/permission/admin/login")
actionThe action name of the action to be performed on the resource (e.g., "ui.execute")



Localtab Group
Localtab
activetrue
titleRequest
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ser="http://service.ws.um.carbon.wso2.org">
 <soapenv:Header/>
 <soapenv:Body>
  <ser:isRoleAuthorized>
   <!­­--Optional:­­-->
   <ser:roleName>role1</ser:roleName>
   <!--­­Optional:­­-->
   <ser:resourceId>/permission/admin/login</ser:resourceId>
   <!--­­Optional:­­-->
   <ser:action>ui.execute</ser:action>
  </ser:isRoleAuthorized>
 </soapenv:Body>
</soapenv:Envelope>
Localtab
titleResponse
Code Block
languagexml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
 <soapenv:Body>
  <ns:isRoleAuthorized xmlns:ns="http://service.ws.um.carbon.wso2.org">
   <ns:return>false</ns:return>
  </ns:isRoleAuthorized>
 </soapenv:Body>
</soapenv:Envelope>