Authorization Providers Locate
The authorization model is designed to control access between the outside world and the WSO2 SOA Enablement Server. The background of authorization architecture relies on two providers:
org.systinet.security.policy.UpdateablePolicy enriches the standard JAAS Policy by methods which allow for policy updates at runtime. The JAAS Policy can manages and grants role entries. It is designed to allow only positive permissions, that is, what is not explicitly granted is denied. It also contains metadata methods to ask whether the policy is updateable and if it can manage roles.
org.idoox.wasp.WaspSecurity.checkPermission allows a test, to see if the subject (invoker) has permission(s) to initiate an action.
![[Note]](images/note.gif) | Note |
|---|---|
The Two Providers Architecture also allows for better customization of WSO2 SOA Enablement Server. | |
You can setup authorization providers using the WSO2 SOA Enablement Server administration console. For more information, please see the updateable Policy Preferences and Access Controller Preferences) .
This WSO2 SOA Enablement Server distribution comes with these org.systinet.security.policy.UpdateablePolicy implementations.
org.systinet.security.policy.AcceptingUpdateablePolicy acts as a read-only updateable policy, which grants all permissions to any principal. This policy itself is not updateable. It also cannot manage roles. No initialization parameters are required to create an instance of this policy. This is default choice unless WSO2 SOA Enablement Server Access Controller was installed.
org.systinet.security.policy.Policy2UpdateablePolicy is a wrapper implementation for representing the updateable policy using standard JAAS policy. JAAS policy is not able to manage roles and grant entries. The behavior of this wrapper is the same. This policy does not require any initialization parameter.
com.systinet.security.policy.xml.XMLUpdateablePolicy uses an XML configuration file to act as storage for grant and role entries. This policy fully implements UpdateablePolicy. It requires one initialization parameter, the name of this parameter must be wasp.policy.xml.file, its value should contain the full path to the WSO2 SOA Enablement Server policy file. The default, which appears if the WSO2 SOA Enablement Server Access Controller option was chosen during installation, is ${.}/conf/wasp.policy. The ${.} value is expanded to the directory of the WSO2 SOA Enablement Server installation (WSO2 SOA Enablement Server location). The value can contain any Java system property; for example, ${user.home}.
This WSO2 SOA Enablement Server distribution offers the following org.idoox.wasp.WaspSecurity implementations.
com.systinet.security.policy.PolicyAccessController uses an updateable policy to perform authorization checks. It does not require any initialization parameter. This implementation is the a default choice for both secure and insecure installation. The behavior is then left to the updateable policy instance.
org.systinet.security.policy.JAASAccessController uses standard JAAS authorization API to check invoker privileges. No initialization parameters are required to create an instance of this policy.