OPA for HTTP Authorization

Open Policy Agent[1] is a promising, light weight and very generic policy engine to govern authorization is any type of domain. I found this comparion[2] very attractive in evaluating OPA for a project I am currently working on, where they demonstrate how OPA can cater same functionality defined in RBAC, RBAC with Seperation of Duty, ABAC and XACML.  
Here are the steps to a brief demonstration of OPA used for HTTP API authorization based on the sample [3], taking it another level up.
Running OPA Server First we need to download OPA from [4], based on the operating system we are running on.  For linux, curl -L -o opa https://github.com/open-policy-agent/opa/releases/download/v0.10.3/opa_linux_amd64 Make it executable, chmod 755 ./opa Once done, we can start OPA policy engine as a server.
./opa run --server Define Data and Rules Next we need to load data and authorization rules to the server, so it can make decisions. OPA defines these in files in the format of .rego. Below is a sample …

Configuration for Using Intellij IDEA to Develop Apache Wookie

Here I am sharing the steps I followed in configuring Intellij IDEA to develop Apache Wookie. As guidelines are only given in the site to start with Eclipse IDE, before starting coding I needed to configure Intellij IDEA to be aligned with the practices and conventions of Wookie, before starting coding for GSoC2012.

For the project we have to use SVN as version control system and Intellij by default facilitate it. We need to do the following set ups in addition.
  1. Dependency management
  2. Code style and template
  3. Debugging
Let’s look at how to deal with these.

Dependency management with Apache Ivy

Wookie use Ivy as the dependency manager. To easily compile the Wookie project inside Intellij, we need to have the plugging IvyIDEA installed. In order to do so, go to File>Settings>IDE Settings and select IvyIDEA from available pluggings as follows and install.

Now once you open Wookie in Intellij, it will auto detect the ivy.xml file and resolve dependencies. In Tools>IvyIDEA menu you can resolve any dependencies if not auto detected. Further details are can be read on this plugin, at Intellij plugging repository

Code style and template

These steps are taken to conveniently maintain consistency and quality of the code.The etc/Intellij folder of Wookie distribution includes code_style.xml and code_template.xml which need to be placed inside Intellij configuration as follows.
Place code_style.xml at <username>/<Intellij folder>/config/codestyles.
Note:To have the code style correct, it is better to use this plugging eclipse-code-formatter inside Intellij as it allows you to use original code style, which is distributed to be used in Eclipse.
Once this is done and code style is active for the project, Ctrl+Alt+L will reformat code accordingly.

Place code_template.xml at <username>/<Intellij folder>/config/templates.After restarting the IDE you can see the available templates by Ctrl+J key combination and easily use them.


Start Wookie server in debug mode using the command ,

ant -Djvmargs="-Xdebug -Xrunjdwp:transport=dt_socket,address=8001,server=y,suspend=n" run

To connect Intellij to this server running on your local machine, go to Run>Edit configuration in IDE. On remote configuration do the following.
You can now set debug points and contribute to improve Wookie.


  1. Any idea, plan, or purpose may be placed in the mind through repetition of thought. See the link below for more info.


  2. Life is a battle, if you don't know how to defend yourself then you'll end up being a loser. So, better take any challenges as your stepping stone to become a better person. Have fun, explore and make a lot of memories.




Post a Comment

Popular posts from this blog

Signing SOAP Messages - Generation of Enveloped XML Signatures

OPA for HTTP Authorization

How to Write a Custom User Store Manager - WSO2 Identity Server 4.5.0