Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add jwt claim based access validator policy templates #13361

Merged
merged 4 commits into from
Feb 15, 2024
Merged

Add jwt claim based access validator policy templates #13361

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b68f97a
Add jwt claim based access validator policy templates
Akila94 Feb 12, 2024
ceb3616
Add EOF line
Akila94 Feb 12, 2024
8e5018c
Fix typo
Akila94 Feb 12, 2024
e625932
Refactor templates
Akila94 Feb 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .../distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
<class name="org.wso2.carbon.apimgt.gateway.mediators.ClaimBasedResourceAccessValidationMediator">
<property name="accessVerificationClaim" value = "{{accessVerificationClaim}}"/>
<property name="accessVerificationClaimValue" value="{{accessVerificationClaimValue}}"/>
<property name="accessVerificationClaimValueRegex" value="{{accessVerificationClaimValueRegex}}"/>
<property name="shouldAllowValidation" value="{{shouldAllowValidation}}"/>
</class>
51 changes: 51 additions & 0 deletions ...ribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
{
"category": "Mediation",
"name": "jwtClaimBasedAccessValidator",
"version": "v1",
"displayName": "JWT claim based access validator",
"description": "This policy validates configured claim name and value in this policy with the claim name and value sent in the JWT access token to grant access to the API resource.",
"applicableFlows": [
"request"
],
"supportedGateways": [
"Synapse"
],
"supportedApiTypes": [
"HTTP"
],
"policyAttributes": [
{
"name": "accessVerificationClaim",
"displayName": "Access verification claim name",
"description": "This should be the name the custom claim which is expected in the JWT access token.",
"validationRegex": "^[a-zA-Z_]+$",
"type": "String",
"defaultValue": "aut",
"required": true
},
{
"name": "accessVerificationClaimValue",
"displayName": "Access verification claim value",
"description": "This should be the value of a custom claim which is expected in the JWT access token.",
"type": "String",
"defaultValue": "APPLICATION",
"required": true
},
{
"name": "accessVerificationClaimValueRegex",
"displayName": "Access verification claim value regex",
"description": "If a regex is provided, the claim values will be matched using this regex. Otherwise they will be checked for equality.",
"type": "String",
"defaultValue": "",
"required": false
},
{
"name": "shouldAllowValidation",
"displayName": "Allow flow when claims are not matching",
"description": "Tick this to allow the flow when the claims are not matching. Keeping this un-ticked will allow the flow only when the claims are matched.",
"type": "Boolean",
"defaultValue": "false",
"required": false
}
]
}
Loading