Authorization of web services on browser using Identity Server WSO2

Question

Current Scenerio :

I have created a web application using jsp on Tomcat using this link http://wso2.com/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server/ After successfull login to my application through Identity server I have samlssoTokenId in my browser. I have two web services in Application server I have made all the server (IS, AS, ESB) user manager LDAP same I have created one XACML policy in Identity Server according to one Role which should only access one of the service in Application server Policy is giving permit result from soapUI

Problem statement :

I need to call both the web service in AS from browser using ajax call within JSP page.

How can I restrict the user so that only one group of user can call the web service, How can I authorize the user for calling the web service in AS which is already authenticated from IS (have samlssoToken in browser)

I Have already tried some of the link available in internet as :

http://hasini-gunasinghe.blogspot.in/2011/08/fine-grained-authorization-to-restful.html http://malalanayake.wordpress.com/2013/02/13/authentication-and-authorization-with-wso2esb-and-wso2is/ http://wso2.com/library/tutorials/2012/12/providing-xacml-fine-grained-authorization-webapps/

but not able to connect all those thing in one application

I want authorization on web services which is going to called from browser

please help me... I have spend lots of time but missing some basic thing

Answer 1

If I understood correctly you have to develop a Entitlement Servlet Filter to act with your backend service.

More information can be found here: https://docs.wso2.com/display/AS521/Checking+the+Authorization+of+WebApp+Requests

Hope it helps!