Hi Hasitha,
We also faced the same issue and implemented a custom BasicAuthHandler
following the same sample you pointed. We integrated the role based
authorization to the same.
It allows you to configure the allowed roles and user store as below.
<handlers>
<handler class="custom.rest.authhandler.BasicAuthHandler">
<property name="domain"
value="${rest.authhandler.domain}" />
<property name="roles" value="${rest.authhandler.roles}" />
</handler>
</handlers>
Thank you,
Sameera
On Mon, Jun 22, 2015 at 8:59 AM, Hasitha Amal De Silva <[email protected]>
wrote:
> Hi Malaka,
>
> Thanks a lot for the reply. But given the requirement, adding an Identity
> server to the current stack is overkill (We are planning to migrate into a
> proper implementation soon)
> . So for now, we decided to use a custom mediator to get this done.
>
> Thanks
>
> On Sat, Jun 20, 2015 at 1:10 AM, Malaka Silva <[email protected]> wrote:
>
>> Hi Hasitha,
>>
>> In order to implement fine grained authorization, you can use entitlement
>> mediator. [1]
>>
>> [1]
>> http://wso2.com/library/articles/2010/10/using-xacml-fine-grained-authorization-wso2-platform/
>>
>> On Fri, Jun 19, 2015 at 9:57 AM, Hasitha Amal De Silva <[email protected]
>> > wrote:
>>
>>> Hi,
>>>
>>> Is there a general practice to secure an API created in wso2 ESB based
>>> on user roles ?
>>>
>>> I was able to setup a basic auth handler using [1]. But i'm stuck on how
>>> to convey the allowedRole for an API to that handler at the API definition.
>>>
>>> Currently it is configured as :
>>>
>>> <api xmlns="http://ws.apache.org/ns/synapse"; name="authtestapi"
>>> context="/authtest">
>>> <resource methods="GET" uri-template="/test">
>>> .......
>>> </resource>
>>> <handlers>
>>> <handler class="org.wso2.api.basicAuth.BasicAuthHandler"/>
>>> </handlers>
>>> </api>
>>>
>>> It will be great if I can simply pass a parameter in the above
>>> configuration specifying the allowed role. Can we customize handlers in
>>> such a manner ?
>>>
>>> [1] :
>>> https://github.com/ragavant/wso2-api-security-handlers/tree/master/BasicAuth-handler/src/main/java/org/wso2/api/basicAuth
>>>
>>> --
>>> Cheers,
>>>
>>> Hasitha Amal De Silva
>>> Software Engineer
>>> Mobile : 0772037426
>>> Blog : http://devnutshell.tumblr.com/
>>> WSO2 Inc.: http://wso2.com ( lean.enterprise.middleware. )
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [email protected]
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>>
>> Best Regards,
>>
>> Malaka Silva
>> Senior Tech Lead
>> M: +94 777 219 791
>> Tel : 94 11 214 5345
>> Fax :94 11 2145300
>> Skype : malaka.sampath.silva
>> LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77
>> Blog : http://mrmalakasilva.blogspot.com/
>>
>> WSO2, Inc.
>> lean . enterprise . middleware
>> http://www.wso2.com/
>> http://www.wso2.com/about/team/malaka-silva/
>> <http://wso2.com/about/team/malaka-silva/>
>>
>> Save a tree -Conserve nature & Save the world for your future. Print this
>> email only if it is absolutely necessary.
>>
>
>
>
> --
> Cheers,
>
> Hasitha Amal De Silva
> Software Engineer
> Mobile : 0772037426
> Blog : http://devnutshell.tumblr.com/
> WSO2 Inc.: http://wso2.com ( lean.enterprise.middleware. )
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
*Thanks & Regards,Sameera Jayaratna Software Engineer; **WSO2 Inc. *
*lean . enterprise . middleware | http://wso2.com <http://wso2.com> *
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
