How to Retrieve an resource:root-resource-id in SampleResourceFinderModule from request

Question

i have a scenario in which i am sending resource:root-resource-id from request as below

<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
    <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="true">
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
            Customer
        </AttributeValue>
    </Attribute>
    <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:root-resource-id" IncludeInResult="true">
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
            Customer
        </AttributeValue>
    </Attribute>
    <Attribute AttributeId="urn:oasis:names:tc:xacml:2.0:resource:scope" IncludeInResult="false">
        <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">
            Descendants
        </AttributeValue>
    </Attribute>
</Attributes>`

Now , i have to access resource:root-resource-id in SampleResourceFinderModule as is if i access resource:resource-id :

if("Customer".equals(parentResourceId.encode())){}

Can you please tell me how i ca do this ?

Answer 1

I am not sure what you are trying to do exactly and what is your exact question. I guess you are trying hierarchical resource profile with WSO2IS that is mentioned as here. It seems to be that you have written new extension by implementing the "PIPResourceFinder". Idea of this extension is to retrieve the children or descendants resources under the given root resource. Therefore in the XACML request you need to send the root resource and the scope (children or descendants).

Then root resource is identified by the "urn:oasis:names:tc:xacml:1.0:resource:resource-id" attribute id. (not "urn:oasis:names:tc:xacml:1.0:resource:root-resource-id" attribute id.. I guess blog post has some mistake. According to the scenario in the blog post, it may need to send the root resource with different attribute id).

Scope is identified by the "urn:oasis:names:tc:xacml:2.0:resource:scope" attribute Id.

Finally you can access the root resource in the "PIPResourceFinder" finder. Then you can return the child resources that is related with root resource. You can go through the sample implementation mentioned in this blog.