The WSO2 SOA Enablement Server Access Controller makes authorization checks on the server side. WSO2 SOA Enablement Server's Authorization model is designed to be secure between the WSO2 SOA Enablement Server and the outside world. Authorization checks are only applied to incoming requests, not to applications running inside the WSO2 SOA Enablement Server.
WSO2 SOA Enablement Server Security is installed with the Access Controller enabled. The administrator is configured with all privileges.
WSO2 SOA Enablement Server administration services uses WSO2 SOA Enablement Server Access Controller to perform authorization tasks. Since authorization is built upon authentication, administration service are also configured to require authentication. The following is a table of administration services, their endpoint paths, and their required authentication mechanisms:
Table 1. WSO2 SOA Enablement Server Administration Services
| Administration Service | Path | Authentication Mechanism |
|---|---|---|
| WASP4.0 Administration Service | /admin/AdminService/ | HttpBasic |
| DeployService | /admin/DeployService | HttpBasic |
| PolicyManagement | /admin/PolicyManagement | HttpBasic |
| WASP4.7 PStoreService | /admin/PStoreService | HttpBasic |
| WASP4.0 SecureService | /admin/SecureService | HttpBasic |
| WASP4.7 SecurityInfo | /admin/SecurityInfo | HttpBasic |
| WASP3.x Administration Service | /AdminService/ | HttpBasic |
| WASP3.x Deploy service | /DeployService/ | HttpBasic |
| WASP4.7 AdminService | /mgmt/AdminService/ | HttpBasic |
| PingService | /PingService/ | HttpBasic |