I am trying to implement Wso2 identity server's XACML based access control with the JAVA MVC application.
Use Case : User logs in and view only selected pages/menus(and also the action on these page ex.view,post,delete etc.) defined in the XACML policy.
What I have checked in WSO2 IS XACML will return Permit/Deny/NotApplicable for particular resource.
So just want to know is this use case's solution is possible with the Wso2 IS XACML and how.
Please help.
Thanks
This is totally possible. There are two ways you can achieve this.
With this option. You can create and manage policies using WSO2 Identity Server provided policy editor. You can manage the lifecycle of policies (publish/unpublish) etc.
Then you can consume the SOAP Entitlement Service provided by Identity Server from your application. With IS 5.3.0 we provide a REST service for XACML as well.
Read more about these in [1], [2]
Balana is WSO2's open source implementation of XACML. WSO2 Identity Server internally uses this library/engine for Entitlement. You can use this library directly in you application to achieve you use case. In fact, part of the use case is available as a sample in Balana. This sample explain how Balana could be used to filter resources in a web page based on user(or his role). Read more about the sample here.
