Preparation to deploy CAQ
Contextual Authorization Query (CAQ) is downloaded through the AWS CLI.
Install AWS CLI according to the instructions hereOpens in a new tab.
To have the appropriate access to Axiomatics' downloads, you need to configure the AWS CLI account with the aws configure
command, as explained hereOpens in a new tab. For this step, you will need an Access key ID and a Secret access key, which will be provided to you by Axiomatics.
Download the vulnerabilities report
You can download a comprehensive vulnerabilities analysis report for CAQ.
After configuring the AWS CLI account, run the following command to download the vulnerabilities report from S3:
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/contextual-authorization-query/1.0.3/caq-vulnerabilities-report-1.0.3.html caq-vulnerabilities-report-1.0.3.html
This downloads an HTML report file to your computer.
Download the file
CAQ is downloaded as a single JAR file.
After configuring the AWS CLI account, run the following command in the terminal to download the JAR file:
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/contextual-authorization-query/1.0.3/contextual-authorization-query-1.0.3.jar contextual-authorization-query-1.0.3.jar
In the CAQ documentation, the jar file is always referred to in full, that is, contextual-authorization-query-1.0.3.jar
.
This downloads the selected file to your computer.
Initiate the deployment
In the snippets below replace:
<domain>
with your domain YAML file name.
To start the application you need the following:
contextual-authorization-query-1.0.3.jar
deployment.yml
The
deployment.yml
file contains the deployment configuration including the file references to a domain and a valid license as described in the section Basic configuration.<domain>.yml
axiomatics_CAQ.license
Additional jar files (optional)
When you want to use additional
.jar
files (for example a JDBC driver or attribute connectors), you should add them under alib
sub-directory.If you want to use attribute connectors please refer to the Attribute Connectors section.
The deployment yaml file of the CAQ should be in the same folder as the contextual-authorization-query-1.0.3.jar
file.
The file structure that is needed for the the contextual authorization query deployment is displayed in the example below:
├─ contextual-authorization-query-1.0.3.jar
├─ deployment.yml
├─ lib/
├─ sql-attribute-connector-<sql_ac_version>.jar
├─ jbdc.jar
Start the application
To start the deployment process, execute the following command:
java -jar <path_to_file>/contextual-authorization-query-1.0.3.jar
Make sure to execute the java command from the directory that contains the deployment.yaml
and the lib
folder.
Next steps
- The instructions above assume CAQ is started with a basic deployment configuration file. This file can be adapted to your configuration requirements. See the section Basic configuration for more information.
- There are also custom configurations you may want to consider for your implementation of CAQ. Please check the Additional configuration section.