1. REST API for Oracle Platform Security Services
  2. Authorizing Access

6 Authorizing Access

Oracle Platform Security Services (OPSS) uses the XACML3.0 REST profile based authorization service to manage authorization. You can manage authorization using REST.
Section Method Resource Path

GET PDP Link Method

GET

/opss/v2/authz/xacml/

POST Policy Decision Method

POST

/opss/v2/authz/xacml/

GET PDP Link Method

Use the GET method to get the Policy Decision Point (PDP) for an application.

REST Request

GET /opss/v2/authz/xacml/appName

Response Body

Media types for the request or response body.

Media Types:                                                             application/json or application/xml

The response body contains details about the PDP link, including:

Attribute Description

"rel"

PDP definition provider

"href"

PDP link.

cURL Example

The following example shows how to get the PDP link for an application by submitting a GET request on the REST resource using cURL. Examples for both JSON and XML are provided.

JSON Example

curl -i -X GET -u username:password -H Content-Type:application/json https://myhost:7001/opss/v2/authz/xacml/MyApp

Example of Response Body with JSON

The following example shows the response body when using JSON.

{    "resources": {        "resource": {            "link": {                 "rel": "https://docs.oasis-open.org/ns/xacml/relation/pdp",                "href": "/opss/v2/xacml/MyApp/pdp"             }        }    }}

XML Example

curl -i -X GET -u username:password -H Content-Type:application/xml https://myhost:7001/opss/v2/authz/xacml/MyApp

Example of Response Body with XML

The following example shows the response body when using XML.

<resources xmlns=http://ietf.org/ns/home-documents 
   mlns:atom="http://www.w3.org/2005/Atom"> 
   <resource rel="http://docs.oasis-open.org/ns/xacml/relation/pdp"> 
      <atom:link href="/opss/v2/xacml/MyApp/pdp"/>
   </resource>
</resources>

POST Policy Decision Method

Use the POST method to send a policy decision authorization request to the PDP system.

REST Request

POST /opss/v2/authz/xacml/appName/pdp/

The URI can also specify the resource type. If the name of resource type is decided by application name, then it can be omitted. The resource type is optional, and it is specified by query parameter if needed.

POST /opss/v2/authz/xacml/appName/pdp/?resType=resType

Request Body

Media types for the request or response body.

Media Types:                                                              application/xacml+json;version=3.0 or application//xacml+xml;version=3.0

Response Body

Media types for the request or response body.

Media Types:                                                              application/xacml+json;version=3.0 or application//xacml+xml;version=3.0

cURL Example

The following example shows how to request a policy decision for an application by submitting a POST request on the REST resource using cURL. Examples for both JSON and XML are provided.

JSON Example

curl -i -X GET -u username:password --data @policyRequest.json -H Content-Type:application/xacml+json;version=3.0 https://myhost:7001/opss/v2/authz/xacml/MyApp/pdp

Example of Request with JSON

The following example shows the request body when using JSON.

{
    "Request": {
        …
    }
 }

Example of Response Body with JSON

The following example shows the response body when using JSON.

{
    "Response": [
        …
    ]
 }

XML Example

curl -i -X GET -u username:password --data @policyRequest.xml -H Content-Type:application/xacml+xml;version=3.0 https://myhost:7001/opss/v2/authz/xacml/MyApp/pdp

Example of Request with XML

The following example shows the request body when using XML.

<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"> … </Request>

Example of Response with XML

The following example shows the response body when using XML.

<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"> … </Request>