Policy Evaluation
POST ing an Event to the /event endpoint will return an AuthorizationDecision based on the currently deployed policies.
Content-Type for request and response is application/json. The header needs to contain an authentication token (see security).
Example request
POST /event HTTP/1.1
Host: decision.mydata-control.de
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJjczQiXSwiZXhwIjoxNDkxNjIxODI5LCJzb2x1dGlvbl9pZCI6ImNzNCIsImF1dGhvcml0aWVzIjpbIlJPTEVfQ0xJRU5UIl0sImp0aSI6IjNlMDg4N2RhLTkxMGQtNGI2Yi05MTlhLTRlYmU5MTA4NGNlOCIsImNsaWVudF9pZCI6ImNzNCJ9.X9FshfaVhwoViYc5JbXKyAZSUAOSYmrZ07RuWUii6po
Content-Type: application/json
{
"actionId": {
"scope": "test",
"action": "showEmployee"
},
"timestamp": 1491578472797,
"parameters": [
{
"name": "user",
"value": {
"value": {
"role": "CSM",
"id": "u123",
"name": {
"firstName": "Hanstest",
"lastName": "wurst"
}
},
"type": "de.fraunhofer.iese.mydata.pep.testdata.model.User",
"isComplex": true
}
}
]
}Example response
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": {
"identifier": "urn:decision:allow"
},
"eventAllowed": true,
"modifiers": [
{
"name": "user",
"expression": "$.name.firstName",
"engine": [
{
"method": "append",
"parameters": [
{
"name": "suffix",
"value": {
"value": "test",
"type": "java.lang.String",
"isComplex": false
}
}
]
}
]
}
],
"delay": 0
}Security
In order to use the decision service, you have to provide an OAuth access-token. This can be retrieved at the Management Service. The client credentials can be configured in your solutions settings. The token should be provided in the Bearer Authorization Header. To get the access token do the following, query the Authorization Header like follows (credentials are located in form body):
$ curl -i -H 'Content-Type: application/x-www-form-urlencoded'
-X POST 'https://management.mydata-control.de/oauth/token‚
-d 'grant_type=client_credentials&client_id=example-id&client_secret=myPa55s0rd