Hi, Is there a general practice to secure an API created in wso2 ESB based on user roles ?
I was able to setup a basic auth handler using [1]. But i'm stuck on how to convey the allowedRole for an API to that handler at the API definition. Currently it is configured as : <api xmlns="http://ws.apache.org/ns/synapse"; name="authtestapi" context="/authtest"> <resource methods="GET" uri-template="/test"> ....... </resource> <handlers> <handler class="org.wso2.api.basicAuth.BasicAuthHandler"/> </handlers> </api> It will be great if I can simply pass a parameter in the above configuration specifying the allowed role. Can we customize handlers in such a manner ? [1] : https://github.com/ragavant/wso2-api-security-handlers/tree/master/BasicAuth-handler/src/main/java/org/wso2/api/basicAuth -- Cheers, Hasitha Amal De Silva Software Engineer Mobile : 0772037426 Blog : http://devnutshell.tumblr.com/ WSO2 Inc.: http://wso2.com ( lean.enterprise.middleware. )
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
