The Store Web Service Proxy (WSP) is the primary gateway
of the application domain. It receives a request with an LTPA token
attached.
When requested, the processing rule for the request completes the
following actions:
- Validates the request, as requested by the Validation policy.
For more information, see Overview of WSRR artifacts in the sample.
- Routes the request to the alternate endpoint if the service level
agreement (SLA) is
Gold
.
- Authenticates, completes authorization, and accounting (AAA) on
the request. This includes the following actions:
- Authenticates the user with an LTPA token.
- Maps the credentials against the LDAP server that provides information
as to which groups the customer belongs. These groups include Manager,
Clerk, and Customer.
- Transforms the provided inputs into a request object that the
XACML policy decision point (PDP) can understand.
- Completes authorization using an XACML PDP on the DataPower® box, with an XACML policy document
that can be created in IBM® Tivoli® Security Policy Manager.
The criteria of the policy is that the user must be a Manager, Customer,
or Clerk. For the findInventory operation, the returns require either
Manager or Clerk, and purchases can be performed by customers.
- Sets the ConsumerID value using an XSL script.
- Removes the entire HTTP Security Header from the request.
- Calls the Store service back end.
When the request is processed, the response processing rule completes
the following actions:
- Calls the StoreXACMLFW gateway, that acts as the PDP in the scenario.
- Based on the response, the price info field is redacted (zeroed
out) depending on if the user has the Manager role or not.