Saturday, October 5, 2013

How to write a PIP point for WSO2 IS

Today, we are going to talk about how to write a PIP for WSO2 IS.

In my previous posts I have discussed how to write a jax-rs service and how to deploy it in WSO2 Application Server and send requests.

In this post we are going a step forward and discuss how we can access that service deployed in Application server to get information needed for authorization purpose.

WSO2 Identity server supports  fine grained authorization with XACML 3.0 in IS 4.5.0.
We can register PIP points to retrieve information related for authorization. For that,  a PIP should be written and registered with IS.

You can download a sample PIP from here.

Here , lets talk about main sections of the code sample on how to customize to access the jax-rs service deployed in App Server.

1) Supported attributes should be initiated.








2) Then, getAttributeValues method should be implemented to setup the connection to the service in the application server and get the required values.

 As you can see in the above code sample, the serviceURL is set to the the username and the subject is passed to the method as user id.

In the next post we will talk about how to register the PIP in WSO2 IS.

2 comments:

Unknown said...

Hi,
I am referring to http://wso2.com/library/articles/2013/11/fine-grained-xacml-authoriation-with-pip-points/

This describes how to create a RS service and deploy and access as PIP.
However, If I have Spring boot application create and working individually, what are the steps especially to register it as PIP in IS?

Unknown said...

Can you please let me know how to register a spring boot application as PIP instead of a JAXRS webservice?

Post a Comment