We need to have Entitlement Mediator in API Gateway.
http://wso2.org/library/articles/2011/08/finegrained-authorization-restful-services-xacml
Thanks & regards, -Prabath
Question
I'm evaluating WSO2 API Manager to organize some corporate APIs.
Is it possible to authorise users based on a combination of resources and HTTP verbs?
To be clear, I need something like this:
user1 with Access_Token_1, can POST, PUT and DELETE to resource /myresource
whereas
user2 with Access_Token_2, can only do a GET to the same resource /myresource
any thoughts on how to do this?
Solution
We need to have Entitlement Mediator in API Gateway.
http://wso2.org/library/articles/2011/08/finegrained-authorization-restful-services-xacml
Thanks & regards, -Prabath