Reputation: 59
I am new to wso2.
My problem is how to implement the things below.
user: user1,user2,user3
role: role1,role2,role3
resource: /abc/cde (GET)
role1 - user1 and user3
role2 - user 2
and role1 access for /abc/cde resource.
When user 1 calls this request they are getting a response, but when user 2 tries then it's showing access denied.
I have done the things below:
1) implement wso2 identity server and using oauth.
2) role dependent user mapping.
The 2 things above are working fine but how to check resource and method validation?
Upvotes: 2
Views: 69
Reputation: 12513
This feature is available out-of-the-box in WSO2 API Manager. Since you're trying to secure an API, you should use API Manager instead of Identity Server.
You can define scopes to each resource and map roles to each scope.
See this for more details: https://wso2.com/library/articles/2017/01/article-an-overview-of-scope-management-with-wso2-api-manager/
Upvotes: 1