[IDENTITY-4985] Entitlement Service REST Impelmentation Created: 14/Aug/16  Updated: 02/Dec/16  Resolved: 06/Oct/16

Status: Resolved
Project: WSO2 Identity Server
Component/s: xacml
Affects Version/s: None
Fix Version/s: 5.3.0-M5

Type: New Feature Priority: Highest
Reporter: Manujith Pallewatte Assignee: Pushpalanka Jayawardhana
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: 1 week
Time Spent: Not Specified
Original Estimate: 1 week

Attachments: Zip Archive userdoc.zip    
Issue Links:
is blocked by IDENTITY-4889 No getter for ObligationId in Balana ... Resolved
is blocked by IDENTITY-5040 No public constructor for Balana Mult... Resolved
is blocked by IDENTITY-5041 Public method in PDP that can convert... Resolved
is duplicated by IDENTITY-247 REST/JSON binding for the PDP Resolved
Severity: Major
Estimated Complexity: Moderate
Attachment License: I agree to grant a license to WSO2 for this work for inclusion in WSO2 works as per the WSO2 Contributor License Agreement and the Apache License 2.0
Test cases added: No
Affects Docs:


RESTful API implementation for the already existing SOAP service of Entitlement Service.

The following implementation decisions were taken:
1) Derived from the SCIM inbound provisioning REST API
2) Using Apache CXF for REST framework
3) Using Jackson with JAX-RS for JSON support
4) Supports consuming and producing both XML and JSON requests
5) REST service to be fully compliant with XACML REST profile [1] as well as XACML JSON profile [2]
6) Using Swagger definitions to populate service methods not described in the XACML REST profile

Full implementation details documented at [3]

[1] http://docs.oasis-open.org/xacml/xacml-rest/v1.0/csprd03/xacml-rest-v1.0-csprd03.html
[2] http://docs.oasis-open.org/xacml/xacml-json-http/v1.0/xacml-json-http-v1.0.html
[3] http://manzzup.blogspot.com/2016/08/gsoc-2016-rest-implementation-for-wso2.html

Comment by Manujith Pallewatte [ 14/Aug/16 ]

Github PR : https://github.com/wso2/carbon-identity-framework/pull/282

Comment by Manujith Pallewatte [ 24/Aug/16 ]

Links for
1) Dev doc : http://manzzup.github.io/wso2-entitlement-endpoint/devdoc/
2) User doc : https://manzzup.atlassian.net/wiki/display/WIRA/IS+REST+API+Guide

Comment by Omindu Rathnaweera [ 15/Sep/16 ]

Hi Manujith,

Please fix the User doc link as the link is not working anymore


Comment by Omindu Rathnaweera [ 15/Sep/16 ]

Remaining Action Items

  • Use the generic authentications filter to secure the webapp
  • Remove elements with null values from the JSON response
  • Use standard https error codes and include the custom error codes in the error response body
  • Remove the ApiOriginFilter since, CORS support doesn't needed to be explicitly handled
  • Fix the getDecisionByAttributes method. For this we will need a method from balana which accepts attributes and returns ResponseCtx. Create a JIRA and send a PR
  • Downgrade Jackson version to 2.4 to get it working with Swagger
  • Remove the Authentication filter and other implementations related to authentication and use the generic
  • Try to remove the root level element AllEntitlements and use the EntitledResultSetDTO object without wrapping it in AllEntitlementsRequestModel before converting to an xml object. Same should be done to EntitledAttributesRequestModel. Create a JIRA an a future improvement
  • Change the name of AbstractEntitlementException since it's too broad. Can change to something like AbstractParserException
  • Remove ApplicationInitializer and ClearThreadLocalInterceptor classes once
  • Move tests in main package to test directory
  • Rename models package to model and resources package to resource
  • Make the Balana MultiRequest class constructor public to handle multi requests
  • Use CXF object parser instead of the JSON parser. For this we need to have an object model which represent a complete XACML request. Create a JIRA as a future improvement for this
  • Move the missing URI constants to balana and send a PR
  • Improve exception handling including runtime exceptions
  • Run findbugs security plugin
  • Attach the confluence backup to the feature JIRA
Comment by Pushpalanka Jayawardhana [ 06/Oct/16 ]

More PRs related to this,

Comment by Pushpalanka Jayawardhana [ 07/Oct/16 ]

User documentation is attached as userdoc.zip.
Please find the dev docs at [1] .
Implementation details are at [2].

[1] - http://manzzup.github.io/wso2-entitlement-endpoint/devdoc
[2] - http://manzzup.blogspot.com/2016/08/gsoc-2016-rest-implementation-for-wso2.html

Comment by Sherene Mahanama [ 08/Oct/16 ]

Documented at: https://docs.wso2.com/display/IS5xx/Entitlement+with+APIs

Please review and confirm.

Comment by Darshana Gunawardana [ 02/Dec/16 ]

Use the generic authentications filter to secure the webapp [Done]

Generated at Sat Jun 23 02:06:50 IST 2018 using JIRA 7.2.2#72004-sha1:9d5132893cc8c728a3601a9034a1f8547ef5c7be.