Skip to main content
Version: 1.1

Preparation to deploy CAQ

Contextual Authorization Query (CAQ) is downloaded through the AWS CLI.

Install AWS CLI according to the instructions hereOpens in a new tab.

To have the appropriate access to Axiomatics' downloads, you need to configure the AWS CLI account with the aws configure command, as explained hereOpens in a new tab. For this step, you will need an Access key ID and a Secret access key, which will be provided to you by Axiomatics.

Download the vulnerabilities report

You can download a comprehensive vulnerabilities analysis report for CAQ.

After configuring the AWS CLI account, run the following command to download the vulnerabilities report from S3:

aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/contextual-authorization-query/1.1.0/caq-vulnerabilities-report-1.1.0.html caq-vulnerabilities-report-1.1.0.html

This downloads an HTML report file to your computer.

Download the file

CAQ is downloaded as a single JAR file.

After configuring the AWS CLI account, run the following command in the terminal to download the JAR file:

aws s3api get-object --bucket axiomatics-customer-artifacts --key releases/com/axiomatics/contextual-authorization-query/1.1.0/contextual-authorization-query-1.1.0.jar contextual-authorization-query-1.1.0.jar
note

In the CAQ documentation, the jar file is always referred to in full, that is, contextual-authorization-query-1.1.0.jar.

This downloads the selected file to your computer.

Initiate the deployment

note

In the snippets below replace:

  • <domain> with your domain YAML file name.

To start the application you need the following:

  • contextual-authorization-query-1.1.0.jar

  • deployment.yml

    The deployment.yml file contains the deployment configuration including the file references to a domain and a valid license as described in the section Basic configuration.

    • <domain>.yml
    • axiomatics_CAQ.license

  • Additional jar files (optional)

    When you want to use additional .jar files (for example a JDBC driver or attribute connectors), you should add them under a lib sub-directory.

    If you want to use attribute connectors please refer to the Attribute Connectors section.

Important

The deployment yaml file of the CAQ should be in the same folder as the contextual-authorization-query-1.1.0.jar file.

The file structure that is needed for the the contextual authorization query deployment is displayed in the example below:

├─ contextual-authorization-query-1.1.0.jar
├─ deployment.yml
├─ lib/
    ├─ sql-attribute-connector-<sql_ac_version>.jar
    ├─ jbdc.jar

Start the application

To start the deployment process, execute the following command:

java -jar <path_to_file>/contextual-authorization-query-1.1.0.jar
Important

Make sure to execute the java command from the directory that contains the deployment.yaml and the lib folder.

Next steps

  • The instructions above assume CAQ is started with a basic deployment configuration file. This file can be adapted to your configuration requirements. See the section Basic configuration for more information.
  • There are also custom configurations you may want to consider for your implementation of CAQ. Please check the Additional configuration section.