akshay parmar
akshay parmar

Reputation: 59

how to do resource base authorization using wso2

I am new to wso2.

My problem is how to implement the things below.

user: user1,user2,user3

role: role1,role2,role3

resource: /abc/cde (GET)

role1 - user1 and user3

role2 - user 2

and role1 access for /abc/cde resource.

When user 1 calls this request they are getting a response, but when user 2 tries then it's showing access denied.

I have done the things below:

1) implement wso2 identity server and using oauth.

2) role dependent user mapping.

The 2 things above are working fine but how to check resource and method validation?

Upvotes: 2

Views: 69

Answers (1)

Bee
Bee

Reputation: 12513

This feature is available out-of-the-box in WSO2 API Manager. Since you're trying to secure an API, you should use API Manager instead of Identity Server.

You can define scopes to each resource and map roles to each scope.

See this for more details: https://wso2.com/library/articles/2017/01/article-an-overview-of-scope-management-with-wso2-api-manager/

Upvotes: 1

Related Questions