CAQ functionality has transitioned to Access Decision Service (ADS) and future updates will be delivered through ADS releases. Read the ADS documentation for details.
Preparation to deploy CAQ
Contextual Authorization Query (CAQ) is downloaded through the AWS CLI.
Install AWS CLI according to the instructions hereOpens in a new tab.
To have the appropriate access to Axiomatics' downloads, you need to configure the AWS CLI account with the aws configure command, as explained hereOpens in a new tab. For this step, you will need an Access key ID and a Secret access key, which will be provided to you by Axiomatics.
Download the vulnerabilities report
You can download a comprehensive vulnerabilities analysis report for CAQ.
After configuring the AWS CLI account, run the following command to download the vulnerabilities report from S3:
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/contextual-authorization-query/1.1.2/contextual-authorization-query-1.1.2-cve.html contextual-authorization-query-1.1.2-cve.html
This downloads an HTML report file to your computer.
Download the file
CAQ is downloaded as a single JAR file.
After configuring the AWS CLI account, run the following command in the terminal to download the JAR file:
aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/contextual-authorization-query/1.1.2/contextual-authorization-query-1.1.2.jar contextual-authorization-query-1.1.2.jar
In the CAQ documentation, the jar file is always referred to in full, that is, contextual-authorization-query-1.1.2.jar.
This downloads the selected file to your computer.
Initiate the deployment
In the snippets below replace:
<domain>with your domain YAML file name.
To start the application you need the following:
contextual-authorization-query-1.1.2.jardeployment.ymlThe
deployment.ymlfile contains the deployment configuration including the file references to a domain and a valid license as described in the section Basic configuration.<domain>.ymlaxiomatics_CAQ.license
Additional jar files (optional)
When you want to use additional
.jarfiles (for example a JDBC driver or attribute connectors), you should add them under alibsub-directory.If you want to use attribute connectors please refer to the Attribute Connectors section.
The deployment yaml file of the CAQ should be in the same folder as the contextual-authorization-query-1.1.2.jar file.
The file structure that is needed for the the contextual authorization query deployment is displayed in the example below:
├─ contextual-authorization-query-1.1.2.jar
├─ deployment.yml
├─ lib/
├─ sql-attribute-connector-<sql_ac_version>.jar
├─ jbdc.jar
Start the application
To start the deployment process, execute the following command:
java -jar <path_to_file>/contextual-authorization-query-1.1.2.jar
Make sure to execute the java command from the directory that contains the deployment.yaml and the lib folder.
Next steps
- The instructions above assume CAQ is started with a basic deployment configuration file. This file can be adapted to your configuration requirements. See the section Basic configuration for more information.
- There are also custom configurations you may want to consider for your implementation of CAQ. Please check the Additional configuration section.