Resources

The PMP contains different resources for policies, timers, and components. In the following, we show how to use them.

Components

Components like PEPs, PIPs and PXPs can be registered and queried using the /ws/component endpoint.

Register a Component

A POST request registers a component (PEP,PIP,PXP) at PMP. The following examples show how to register PEPs, PIPs and PXPs by providing an Component.

Example requests

{
  "id": {
    "componentType" : "PEP",
    "identifier": "urn:component:test:pep:example1"
  },
  "urls": [
    "rmi://localhost:1111/mydataPEP"
  ],
  "componentInterfaces": [
    {
      "type": "PepInterfaceDescription",
      "event": {
        "platform":"test",
        "context":"local",
        "action": "createConstructionSite"
      },
      "preventive": true,
      "methodName": "delete",
      "returnType": "java.lang.Boolean",
      "description": "Log",
      "parameters": []
    },
    {
      "type": "PepInterfaceDescription",
      "event": {
        "platform":"test",
        "context":"local",
        "action": "closeConstructionSite"
      },
      "preventive": true,
      "methodName": "delete",
      "returnType": "java.lang.Boolean",
      "description": "Log",
      "parameters": [
        {
          "name": "id",
          "description": "id of construction site",
          "type": "java.lang.String"
        }
      ]
    },
    {
      "type": "PepInterfaceDescription",
      "event": {
        "platform":"test",
        "context":"local",
        "action": "showEmployee"
      },
      "preventive": true,
      "methodName": "delete",
      "returnType": "java.lang.Boolean",
      "description": "Log",
      "parameters": [
        {
          "name": "id",
          "description": "id of employee",
          "type": "java.lang.String"
        },{
          "name": "role",
          "description": "role of employee",
          "type": "java.lang.String"
        }
      ]
    }
  ]
}
{
  "id": {
    "componentType": "PIP",
    "identifier": "pipDummy1"
  },
  "urls": [
    "http://localhost:1111/mydataPIP1"
  ],
  "componentInterfaces": [
    {
      "type": "InterfaceDescription",
      "methodName": "getName",
      "returnType": "java.lang.String",
      "description": "Name magic",
      "parameters": [
        {
          "name": "id",
          "description": "Id of employee",
          "type": "java.lang.String",
          "mandatory": true
        }
      ]
    },
 {
      "type": "InterfaceDescription",
      "methodName": "getAddress",
      "returnType": "java.lang.String",
      "description": "Address magic",
      "parameters": [
        {
          "name": "id",
          "description": "Id of employee",
          "type": "java.lang.String",
          "mandatory": true
        }
      ]
    },
{
      "type": "InterfaceDescription",
      "methodName": "isConstructionSiteManager",
      "returnType": "java.lang.Boolean",
      "description": "check if construction site manager",
      "parameters": [
        {
          "name": "id",
          "description": "Id of employee",
          "type": "java.lang.String",
          "mandatory": true
        }
      ]
    },
    {
      "type": "InterfaceDescription",
      "methodName": "isAllWorkDone",
      "returnType": "java.lang.Boolean",
      "description": "check if construction site manager",
      "parameters": [
        {
          "name": "siteId",
          "description": "Id of construction site",
          "type": "java.lang.String",
          "mandatory": true
        },
        {
          "name": "fulfillmentRate",
          "description": "fulfillment rate of all work in percentage",
          "type": "java.lang.Float",
          "mandatory": false
        }
      ]
    },
{
      "type": "InterfaceDescription",
      "methodName": "getEmployees",
      "returnType": "java.util.List",
      "description": "List of all employees on construction site",
      "parameters": []
    },
    {
      "type": "InterfaceDescription",
      "methodName": "getCityOfConstructionSite",
      "returnType": "java.lang.String",
      "description": "Get city in which construction site is located",
      "parameters": [
        {
          "name": "siteId",
          "description": "id of construction site",
          "type": "java.lang.String",
          "mandatory": true
        },
{
          "name": "country",
          "description": "country of construction site",
          "type": "java.lang.String",
          "mandatory": false
        }
      ]
    },
    {
      "type": "InterfaceDescription",
      "methodName": "getConstructionSiteMatchingTo",
      "returnType": "java.lang.String",
      "description": "Find construction site",
      "parameters": [
        {
          "name": "name",
          "description": "search for string in construction site name",
          "type": "java.lang.String",
          "mandatory": true
        },
{
          "name": "active",
          "description": "is the construction site still active",
          "type": "java.lang.Boolean",
          "mandatory": true
        }
        ,{
          "name": "numberOfEmployee",
          "description": "number of employees",
          "type": "java.lang.Integer",
          "mandatory": false
        }
      ]
    }
  ]
}
{
  "id": {
    "componentType":"PXP",
    "identifier": "pxpDummy1"
  },
  "urls": [
    "rmi://localhost:1111/mydataPXP"
  ],
  "componentInterfaces": [
    {
      "type": "InterfaceDescription",
      "methodName": "urn:action:test:log",
      "returnType": "java.lang.Boolean",
      "description": "Log",
      "parameters": [{
          "name": "message",
          "description": "Message to log",
          "type": "java.lang.String",
          "mandatory": true
        }]
    },
    {
      "type": "InterfaceDescription",
      "methodName": "urn:action:test:sendMail",
      "returnType": "java.lang.Boolean",
      "description": "Send a message to receiver",
      "parameters": [{
          "name": "address",
          "description": "Email address",
          "type": "java.lang.String",
          "mandatory": true
        },
        {
          "name": "content",
          "description": "Content of Email",
          "type": "java.lang.String",
          "mandatory": true
        }]
    },
    {
      "type": "InterfaceDescription",
      "methodName": "urn:action:test:alertOnSite",
      "returnType": "java.lang.Boolean",
      "description": "Honk the alert horn on construction site",
      "parameters": [{
          "name": "duration",
          "description": "Duration of alert",
          "type": "java.lang.Integer",
          "mandatory": true
        }]
    },
    {
      "type": "InterfaceDescription",
      "methodName": "urn:action:test:fireEmployee",
      "returnType": "java.lang.Boolean",
      "description": "Fire an employee",
      "parameters": [{
          "name": "daysUntilFiring",
          "description": "Duration of action",
          "type": "java.lang.Integer",
          "mandatory": true
        },{
          "name": "isFiringDoneNicely",
          "description": "is firing done nicely",
          "type": "java.lang.Boolean",
          "mandatory": false
        },{
          "name": "messageToTell",
          "description": "Message to tell the employee",
          "type": "java.lang.String",
          "mandatory": true
        }]
    }
  ]
}

Example response

If everything is fine, true is returned.

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/component-register/http-response.adoc[]

Lookup Component

A GET request retreives a component by its id.

Example request

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/component-lookup/curl-request.adoc[]

Example response

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/component-lookup/http-response.adoc[]

Policies

PolicyId and Policies have methods to deploy, revoke, remove and list policies. The PolicyId resource is a projection on policy objects that extracts just the id to reduce the bandwidth, as the xml content of a policy could be quite large. The structure of policyId and policy are defined in the relevant section below.

The Policy resources is used to deploy, remove and list policies

The API contains the following services:

Show Policy by id

A GET request that provides a policy.

Example request

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-by_id/curl-request.adoc[]

Example response

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-by_id/http-response.adoc[]

Response structure

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-by_id/response-fields.adoc[]

Listing deployed Policies

A GET request will list all deployed policies.

Response structure

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-list_deployed/response-fields.adoc[]

Example request

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-list_deployed/curl-request.adoc[]

Example response

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-list_deployed/http-response.adoc[]

Add a policy

A POST request that adds a new policy to the list of policies. The content of the post is the policy in its xml notation.

Example request

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-add/curl-request.adoc[]

Example response

The response contains true if creating the policy was successful.

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-add/http-response.adoc[]

Deploy an existing policy

A POST request that deploys an existing policy. The policy is defined by the id that is part of the url.

Example request

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-deploy/curl-request.adoc[]

Example response

The response contains true if deployment was successful.

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-deploy/http-response.adoc[]

Revokes an existing policy

A GET request that revokes (undeployes) an existing policy. The policy is defined by the id that is part of the url.

Example request

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-revoke/curl-request.adoc[]

Example response

The response contains true if the undeployment was successful, false otherwise.

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-revoke/http-response.adoc[]

Removes an existing policy

A DELETE request that removes an existing policy. The policy is defined by the id that is part of the url. If the policy is deployed, PMP undeployes it first.

Example request

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-remove/curl-request.adoc[]

Example response

The response contains true if deletion was successful, false otherwise.

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-remove/http-response.adoc[]

Status of an existing policy

A GET request that retrieves the deployment status of an existing policy. The policy is defined by the id that is part of the url.

Example request

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-status/curl-request.adoc[]

Example response

The response contains true if the policy is currently being deployed.

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policy-status/http-response.adoc[]

List of ids for all existing policies

A GET request that retreives the ids of all policies.

Example request

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policyid-list/curl-request.adoc[]

Example response

The response contains the ids all the policies.

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policyid-list/http-response.adoc[]

Response structure

The policy ID consists of 3 parts appended with ":".

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policyid-list/response-fields.adoc[]

List of ids for all deployed policies

A GET request that retreives the ids of all deployed policies.

Example request

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policyid-list/curl-request.adoc[]

Example response

The response contains the ids all deployed policies. The response struture is described in All PolicyIds.

Unresolved directive in index.adoc - include::/builds/security-engineering/data-sovereignty/mydata/mydata/pmp-managementservice/target/generated-snippets/policyid-list/http-response.adoc[]

Security

In order to use the decision service, you have to provide an OAuth access-token. This can be retrieved at the Management Service. The client credentials can be configured in your solutions settings. The token should be provided in the Bearer Authorization Header. To get the access token do the following, query the Authorization Header like follows (credentials are located in form body):

$ curl -i -H 'Content-Type: application/x-www-form-urlencoded'
  	-X POST 'https://management.mydata-control.de/oauth/token‚
    -d 'grant_type=client_credentials&client_id=example-id&client_secret=myPa55s0rd