Policy Evaluation

POST ing an Event to the /event endpoint will return an AuthorizationDecision based on the currently deployed policies. Content-Type for request and response is application/json. The header needs to contain an authentication token (see security).

Example request

POST /event HTTP/1.1
Host: decision.mydata-control.de
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJjczQiXSwiZXhwIjoxNDkxNjIxODI5LCJzb2x1dGlvbl9pZCI6ImNzNCIsImF1dGhvcml0aWVzIjpbIlJPTEVfQ0xJRU5UIl0sImp0aSI6IjNlMDg4N2RhLTkxMGQtNGI2Yi05MTlhLTRlYmU5MTA4NGNlOCIsImNsaWVudF9pZCI6ImNzNCJ9.X9FshfaVhwoViYc5JbXKyAZSUAOSYmrZ07RuWUii6po
Content-Type: application/json

{
  "actionId": {
    "scope": "test",
    "action": "showEmployee"
  },
  "timestamp": 1491578472797,
  "parameters": [
    {
      "name": "user",
      "value": {
        "value": {
          "role": "CSM",
          "id": "u123",
          "name": {
            "firstName": "Hanstest",
            "lastName": "wurst"
          }
        },
        "type": "de.fraunhofer.iese.ind2uce.pep.testdata.model.User",
        "isComplex": true
      }
    }
  ]
}

Example response

HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": {
    "identifier": "urn:decision:allow"
  },
  "eventAllowed": true,
  "modifiers": [
    {
      "name": "user",
      "expression": "$.name.firstName",
      "engine": [
        {
          "method": "append",
          "parameters": [
            {
              "name": "suffix",
              "value": {
                "value": "test",
                "type": "java.lang.String",
                "isComplex": false
              }
            }
          ]
        }
      ]
    }
  ],
  "delay": 0
}

Security

In order to use the decision service, you have to provide an OAuth access-token. This can be retrieved at the Management Service. The client credentials can be configured in your solutions settings. The token should be provided in the Bearer Authorization Header. To get the access token do the following, query the Authorization Header like follows (credentials are located in form body):

$ curl -i -H 'Content-Type: application/x-www-form-urlencoded'
  	-X POST 'https://management.mydata-control.de/oauth/token‚
    -d 'grant_type=client_credentials&client_id=example-id&client_secret=myPa55s0rd