The StoreWSP Web Service Proxy processing rules

The central gateway of the sample is StoreWSP. The Policy for the gateway contains a request and response rule.

Request rule

The primary policy action of the StoreWSP_default_request-rule is called AAA. In the AAA action, the LTPA Token is validated, the users groups are retrieved, and an authorization is performed to see if the user is in the Manager, Clerk, or Customer LDAP group. This is performed when the AAA AZ step calls the StoreWSDLPDP Policy Decision Point (PDP), on the DataPower® appliance. This PDP uses the storeWSPXACML.xml XACML policy.

Response rule

In the response rule, StoreWSP_default_response-rule, the transform calls the StoreXACMLFW XML firewall service.

This transform determines whether the user is authorized to access the price information based on whether the user is a member of the Manager group. If they are, the var:///context/response/displayFilter variable is set to local:///allData.xsl. If they are not a member of the Manager LDAP group, the var:///context/response/displayFilter variable is set to local:///noPriceInfo.xsl.

The transform then performs the style sheet actions on the response.

StoreXAMLFW Processing Rules

The custom style sheet storeSendToPDP.xsl makes a call to the local XML FW StoreXACMLFW. There are two processing rules used in this firewall. The StoreXACMLFW_request contains a single AAA policy action which uses the allData.xsl transform. This AAA action, StoreXACMLFWAZ, in turn calls the XACML PDP StorePDP action. Using the storePrivateDataXACML.xml XACML policy, a determination is made as to whether the user is authorized to the price information.


Concept Concept

Feedback

Timestamp icon Last updated: Thursday, 3 July 2014
http://publib.boulder.ibm.com/infocenter/prodconn/v1r0m0/topic/com.ibm.scenarios.soawdpwsrr.doc/topics/csoa2_sample_storewsp_rules.htm