General usage informations

Authentication

BasicAuth

If HTTP Basic Authentication is activated you must send the user credentials on every request. If the credentials are not correct you willl get an HTTP Error 401 as a response. In curl you can send the requeired information with the "-u" option.

curl -u username:password.

If you do not use curl, set an extra header with the follwing:

Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=

where dXNlcm5hbWU6cGFzc3dvcmQ= is the Base64 Encoding for username:password

Bearer token (not yet implemented)

Multi-Tenancy

If multi-tenancy is activated there must be sent an extra custom header in each request. If the header is not sent the evaluation of the request is canceled (with error 406). The same thing happens when the tenant's ID is not found (with error 404). The name of the custom header is "X-TENANT-ID" and can be sent with curl using the option "-H":

curl -H 'X-TENANT-ID: customer_1'

It is possible to protect tenants with a password. To access password protected tenants, the password must be sent as an additional header in every request. The correct header for this is 'TENANT-PASSWORD'. An example with curl would look like the following:

curl -H 'TENANT-PASSWORD: secret'

How to use

Sessions

A session is needed to provide a state for queries on permissions. RBAC has the concept of activation and deactivation of roles to allow least priviledge policies. A session is therefore a combination of an ID, the user the session belongs to and an activated role set. A session can also store even more information like start time, expiration time and other parameters the application wants to give the RBAC system as additional information to make decisions.

How to create a new session

To create a session you have to give a session-ID which is unique and does not already exist. When creating a new session you can already specify a role set that is active in this session from the beginning. The set of roles have to exist and be applicable for the user. After you have called this and no error has occured the new session is present in the RBAC system and can be used.


ValueDescription
URL/sessions/[{session}]

The session may be any string from the asccii character set. Usually it is a good idea to give a UUID to ensure that the session is unique. If no value for session is given a new random UUID is generated and used as ID.

HTTP-MethodPOST
MUSTuserid

Use the string here that has been assigned to an already created user in your system. Usually this is a UUID.



MAY

roles




Body

{
  "userid": "9957a0a0-998b-11e8-895e-4ccc6a0a4596",
  "roles": [
    "USERROLE_1",
    "USERROLE_2"
  ]
}
A JSON string containing the user's login that has to exists in the RBAC system and an optional set of roles.
Return value
{
  "session-id": "9557a2a0-978b-11c8-895e-4ccc6a0545e1"
}

Result codes and messages

CodeMessageDescription
200-The session has been created and can be used.
400createSession takes exactly three parameters: session ID as url parameter, userid as MUST (in body) and an array of roles as MAY (in body)You have not given all MUST parameters.
401-You have to authorise to use this URL.
404The user is not knownThe user cannot be found in the system so you cannot create a session for this user.
406The session allready exists so you can not create itThe session-ID already exists and cannot be used to create another session.
409This user-role-combination is invalidYou specified roles that the user may not activate.
500variousAnything else went wrong.

Example

curl -H 'Content-Type: application/json' -X POST -d '{"userid": "9957a0a0-998b-11e8-895e-4ccc6a0a4596", "roles": ["BasicUser"]}' -i https://.../pdp/sessions/
curl -H 'Content-Type: application/json' -X POST -d '{"userid": "9957a0a0-998b-11e8-895e-4ccc6a0a4596", "roles": ["BasicUser"]}' -i https://.../pdp/sessions/899cd8d1-72dc-4600-82c3-e91c21eb08ee

How to get information on an existing session

To get information on a existing session, you have to give the session-ID and will retrieve an JSON-formatted result with information.


ValueDescription
URL/sessions/{session}The session may be any string from the asccii character set. Usually it is a good idea to give a UUID to ensure that the session is unique.
HTTP-MethodGET
Body

Return value
200 / JSON

{

    "sessionkey": "9fa253949f8a49d7924749f6da2759ee",

    "userid": "9957a0a0-998b-11e8-895e-4ccc6a0a4596",

    "roles": [ "testrole"],

     "permissions": {

        "read-permission": {

            "operations": ["read"]

        }

    }

}
A JSON string containing the session-ID, the user's login, the active set of roles and the permissions of the session.

Result

CodeMessageDescription
200-The session has been found and the information are returned in the body.
404The session is not knownThe session cannot be found in the system.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -X GET -i https://example.org/pdp/sessions/899cd8d1-72dc-4600-82c3-e91c21eb08ee

How to delete an existing session

To delete a session you have to give a session-ID which is existing. After you have called this and no error has occured the session is removed from the RBAC system and cannot be used anymore.


ValueDescription
URL/sessions/{session}The session session must exist in the RBAC system.
HTTP-MethodDELETE
Body-
Return value200 / No data

Result

CodeMessageDescription
200-The session has been deleted and cannot be used anymore.
404The session does not exist.The session could not be deleted as there was no session with the given session-ID
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -i -X DELETE https://example.org/pdp/sessions/899cd8d1-72dc-4600-82c3-e91c21eb08ee

How to activate a role for an existing session

Description

To activate a role for a session you have to specify the role in the payload. You can also activate multiple roles with one call. The system checks if the roles exist and are valid for the user that owns the session. If no error occures the session has a changed role set afterwards.


ValueDescription
URL/sessions/{session}/activateRoleThe session session must exist in the RBAC system.
HTTP-MethodPATCH
MUST

MAYrolesIf you do not specify any roles nothing happens.
Body
{
  "roles": [
    "USERROLE_1",
    "USERROLE_2"
  ]
}

Return value200 / No data

Result

CodeMessageDescription
200-The session has been updated.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -i -X PATCH -d '{"roles": ["BasicUser", "AdvancedUser"]}' https://example.org/pdp/sessions/899cd8d1-72dc-4600-82c3-e91c21eb08ee/activateRole

How to deactivate a role for an existing session

Description

To deactivate a role for a session you have to specify the role in the payload. You can also deactivate multiple roles with one call. The system checks if the roles exist and are valid for the user that owns the session. If no error occures the session has a changed role set afterwards.


ValueDescription
URL/sessions/{session}/deactivateRoleThe session session must exist in the RBAC system.
HTTP-MethodPATCH
MAYrolesIf you do not specify any roles nothing happens.
Body
{
  "roles": [
    "USERROLE_1"
  ]
}

Return value200 / No data

Result

CodeMessageDescription
200-The session has been updated.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -i -X PATCH -d '{"roles": ["BasicUser", "AdvancedUser"]}' https://example.org/pdp/sessions/899cd8d1-72dc-4600-82c3-e91c21eb08ee/deactivateRole

Roles

A role is needed to make permissions independent from users. Permissions are not defined on users directly but on roles. A user can then be assigned to a role and inherit the permissions of the assigned role.

How to create a new role without any hierarchy

Description

To create a role you have to give a rolename which is unique and does not already exist.


ValueDescription
URL/roles/{role}The role may be any string from the asccii character set. Usually it is a good idea to use a name that describes the the real life duty like "secretary".
HTTP-MethodPOST
Body

-


Return value200 / No dataIf the role has been created no data is returned, just the status code.

Result

CodeMessageDescription
200-The role has been created.
400Rolename must be provided and not be emptyYou did not provide a rolename.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -i -X POST https://example.org/pdp/roles/BasicUser

How to create a new role beneeth another role

Description

To create a new role beneath another existing role you have to give the full path of the hierarchy of existing roles followed by the name of the new role. The new role then inherits all rights of the roles in the hierarchy.


ValueDescription
URL/roles/EXISTINGROLE/{role}The role may be any string from the asccii character set. Usually it is a good idea to use a name that describes the the real life duty like "secretary". The EXISTINGROLE must be present in the RBAC system at the specified position of the hierarchy.
HTTP-MethodPOST
Body

-


Return value200 / No dataIf the role has been created no data is returned, just the status code.

Result

CodeMessageDescription
200-The role has been created.
400Rolename must be provided and not be emptyYou did not provide a rolename.
404The role is unknownThe parent role does not exist
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -i -X POST https://example.org/pdp/roles/BasicUser/Admin

How to get information on a role

Description

To get information on a role, you have to give the rolename of an already existing role.


ValueDescription
URL/roles/{rolepath}The rolepath is the full path to the role like BasicUser/SpecialUser
HTTP-MethodGET
Body

-


Return value
200 / JSON

{

    "rolename": "superadmin",

    "users": ["9957a0a0-998b-11e8-895e-4ccc6a0a4596"],

    "permissions": {

        "read-permission": {

            "operations": ["read"]

        }

    }

}



If the role exists the available information on the role are returned as a JSON string. These are:

  • role's name
  • permissions of the role
  • users assigned to the role (not yet implemented)

Result

CodeMessageDescription
200-The role has been created.
404The role is not knownThe role cannot be found in the system.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -i https://example.org/pdp/roles/BasicUser

How to delete an existing role

Description

To delete a role you have to give the full path to the role. After you have called this and no error has occured the role and all its subroles are removed from the RBAC system and cannot be used anymore.


ValueDescription
URL/roles/{path}The role role must exist in the RBAC system. And must not have child roles
HTTP-MethodDELETE
Body-
Return value200 / No data

Result

CodeMessageDescription
200-The role has been deleted and cannot be used anymore.
404The role is unknown.The role could not be deleted as there was no role at the given path
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -i -X DELETE https://example.org/pdp/roles/BasicUser/SpecialUser

Users

How to create a new user

Description

Creating a new user is not part of the RBAC standard but implemented anyway because RBAC needs to know if a user is valid in the system. To decide if a user is valid in the system it has to be created. The system can use an existing LDAP to validate that a user exists but also can create its own with this method if there is no such LDAP.


ValueDescription
URL/users/
HTTP-MethodPOST
MUSTusernameThe username may be any string from the asccii character set but must not already be present in the system.
Body
{
  "username": "exampleUser", 
  "password": "secret"
}

The password you give here in cleartext is stored in the LDAP database as a SSHA hash value.

If not password is specified in the body a random value is generated to ensure that nobody can use the entry for authentication.

Return value

200 /

{
  "userid": "fcfcc6da-88fd-4078-a702-9525ebb32fe2",
  "username": "exampleUser"
}
If the user has been created no data is returned, just the status code.

Result

CodeMessageDescription
200-The roles have been assigned to the user.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -H 'Content-Type: application/json' -X POST -d '{"password": "secret"}' -i https://example.org/pdp/users/

How to get information about an existing user

Description

To get information on a existing user, you have to give the userid and will retrieve an JSON-formatted result with information.


ValueDescription
URL/users/{userid}The userid is the user's UUID.
HTTP-MethodGET
Body

Return value200 / JSONA JSON string containing the userid and a list of all the roles the user is assigned to as well as a list of roles the user has authorization for. (This may vary if you use hierarchical roles as a user is authorised for all parent roles of the roles he is assigned to.)

Result

CodeMessageDescription
200-The session has been found and the information are returned in the body.
404The user is not knownThe user cannot be found in the system.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -i https://example.org/pdp/users/9957a0a0-998b-11e8-895e-4ccc6a0a4596

How to delete an existing user

Description

To delete a user you have to give the userid. After you have called this and no error has occured the role is removed from the RBAC system and cannot be used anymore.


ValueDescription
URL/users/{userid}The user userid must exist in the RBAC system.
HTTP-MethodDELETE
Body-
Return value200 / No data

Result

CodeMessageDescription
200-The user has been deleted and cannot be used anymore.
404The user is not knownThe user cannot be found in the system.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -i -X DELETE https://example.org/pdp/users/9957a0a0-998b-11e8-895e-4ccc6a0a4596

How to assign a user to roles

Description

A user gets permissions by beeing assigned to a role. This assignment is important when a new session is created or an existing session is modified because only roles that are assigned to a user can be activated. Assigning the user to a role usually is the only thing in daily business of an organization that has to be done. Roles and resources as well as the resulting permissions are quite static.


ValueDescription
URL/users/{userid}/assignRolesThe userid has to exist in the system as well as the roles in the body.
HTTP-MethodPATCH
MUSTrolesThe list of roles the user should be assigned to. The list has to be sent and must not be empty.
Body
{
  "roles": [
    "USERROLE_1",
    "USERROLE_2"
  ]
}

Return value200 / No dataIf the roles have been assigned no data is returned, just the status code.

Result

CodeMessageDescription
200-The roles have been assigned to the user.
400You must provide a list of rolesYou didn't send the list of roles correctely in the body of the request.
404
  • The user is not known
  • The role is unknown
The user's userid or one of the given roles have not been found in the system. Which one can be decided by reading the message. If this error occurs no changes are done to the roleset, especially no role is added even if it exists and could be assigned to the user.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -H 'Content-Type: application/json' -X PATCH -d '{"roles": ["Admin"]}' -i https://example.org/pdp/users/9957a0a0-998b-11e8-895e-4ccc6a0a4596/assignRoles

How to deassign a user from roles

Description

A user gets permissions by beeing assigned to a role. This assignment is important when a new session is created or an existing session is modified because only roles that are assigned to a user can be activated. Assigning the user to a role usually is the only thing in daily business of an organization that has to be done. So if a user must not have a permissios anymore, the user has to be deassigned from the role that allows him to things.


ValueDescription
URL/users/{userid}/deassignRolesThe userid has to exist in the system. If the roles are not assigned to the user they are just skipped.
HTTP-MethodPATCH
MUSTrolesThe list of roles the user should be deassigned from. The list has to be sent and must not be empty.
Body
{
  "roles": [
    "USERROLE_1",
    "USERROLE_2"
  ]
}

Return value200 / No dataIf the roles have been deassigned no data is returned, just the status code.

Result

CodeMessageDescription
200-The roles have been assigned to the user.
400You must provide a list of rolesYou didn't send the list of roles correctely in the body of the request.
404
  • The user is not known
  • The role is unknown
The user's userid or one of the given roles have not been found in the system. Which one can be decided by reading the message. If this error occurs no changes are done to the roleset, especially no role is removed even if it exists and is assigned to the user.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -H 'Content-Type: application/json' -X PATCH -d '{"roles": ["Admin"]}' -i https://example.org/pdp/users/9957a0a0-998b-11e8-895e-4ccc6a0a4596/deassignRoles

Resources

How to create a new resource

Description

Resources can be anything that must be restricted. A resource can be a document, a door or a functionality on a web page. A resource has operations defined that can be executed. On a door this could be "open" and "close", on a document it could be "read" and "write". These operations then can be granted to roles that are allowed to execute them.


ValueDescription
URL/resources/{resource}The resource name may be any string from the asccii character set but must not already be present in the system.
HTTP-MethodPOST
MAYoperationsThe operations specified can be used when assigning rights to roles. You can use any ascii character in the name for operations and you can have as many operations as you like. Usually it is a good idea to use the same operations set for the same kind of objects even if the operation of the current resource will never be assigned to a role. A door could therefore have the operations ["open", "close", "lock", "unlock"].
Body
{
  "operations": [
    "read",
    "write"
  ]
}

Return value200 / No dataIf the resource has been created no data is returned, just the status code.

Result

CodeMessageDescription
200-The resource has been created.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -H 'Content-Type: application/json' -X POST -d '{"operations": ["open", "close"]}' -i https://example.org/pdp/resources/door1

How to get information on an existing resource

Description


ValueDescription
URL/resources/{resource}The resource may be any string from the asccii character set and must already be present in the system.
HTTP-MethodGET
Body

Return value200 / JSONIf the resource exists the basic information on a resource like the name is returned as well as information on permissions and operations that are directly and indirectly granted to to roles.

Result

CodeMessageDescription
200-The information on the resource are returned in the body.
404The resource is not known or not uniqueueThe resource is not found in the system. If you are sure that the resource should exists it might be that the resource has been created twice be another process that operates on the directory but this should not happen anyway.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -H 'Content-Type: application/json' -X GET -i https://example.org/pdp/resources/door1

How to delete an existing resource

Description

To delete a resource you have to give the full path to the resource. After you have called this and no error has occured the resource is removed from the RBAC system and cannot be used anymore.


ValueDescription
URL/resoruces/{resource}The resource resource must exist in the RBAC system.
HTTP-MethodDELETE
Body-
Return value200 / No data

Result

CodeMessageDescription
200-The user has been deleted and cannot be used anymore.
404The resource is not known or not uniqueThe resource cannot be found in the system.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -i -X DELETE https://example.org/pdp/resources/door1

How to grant a permission for a role on a resource

Description

A user gets permissions by beeing assigned to a role. This assignment is important when a new session is created or an existing session is modified because only roles that are assigned to a user can be activated. Assigning the user to a role usually is the only thing in daily business of an organization that has to be done. So if a user must not have a permissios anymore, the user has to be deassigned from the role that allows him to things.


ValueDescription
URL/resources/{resource}/grantPermissionThe resource has to exist in the system. If the roles are not assigned to the user they are just skipped.
HTTP-MethodPATCH
MUSTpermissionsThe list of permissions to grant on this resource. A permission is a combination of a role with an operation. Both have to exist. The list must not be empty.
Body
{
  "permissions": [
    {
      "role": "USERROLE_1",
      "operation:" "open"
    },
    {
      "role": "USERROLE_1",
      "operation": "close"
    }
  ]
}

Return value200 / No dataIf the permission has been granted no data is returned, just the status code.

Result

CodeMessageDescription
200-The roles have been assigned to the user.
404
  • The resource is not known or not uniqueue
  • The role is unknown
The id of the resource or one of the given roles have not been found in the system. Which one can be decided by reading the message. If this error occurs no changes are done to the set of permissions, especially no permission is aded.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -H 'Content-Type: application/json' -X PATCH -d '{"permissions": [{"role": "Admin", "operation": "open"}, {"role": "Admin", "operation": "close"}]}' -i https://example.org/pdp/resources/door1/grantPermission

How to check if an operation on a resource is permitted

Description

To check if an operation is allowed for a specific session all three information are needed and encoded in the URL. If the operation is permitted because there are active roles in the session that permit the operation on the resource the status code 200 is returned. Otherwise the access is not permitted.


ValueDescription
URL/resources/{resource}/checkAccess?session={session}&operation={operation}Check if the operation on the resource is allowed for the session.
HTTP-MethodGET
Body

Return value200 / No dataIf the permission has been granted no data is returned, just the status code.

Result

CodeMessageDescription
200-The operation is permitted on the given resource for the specified session.
403-The id of the resource or one of the given roles have not been found in the system. Which one can be decided by reading the message. If this error occurs no changes are done to the set of permissions, especially no permission is aded.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -H 'Content-Type: application/json' -X GET -i https://example.org/pdp/resources/resource_1/checkAccess?operation=read&session=899cd8d1-72dc-4600-82c3-e91c21eb08ee

How to check if an operation on multiple resources is permitted

Description

To check if an operation is allowed for a specific session all three information are needed and encoded in the URL. If the operation is permitted because there are active roles in the session that permit the operation on the resource the status code 200 is returned. Otherwise the access is not permitted.


ValueDescription
URL/resources/{filter}/checkMultiAccess?session={session}&operation={operation}Check if the operation on the resources coresponding to the filter is allowed for the session.
URL2/resources/{filter}/checkMultiAccess/detailed/?session={session}&operation={operation}

Check if the operation on the resources coresponding to the filter is allowed for the session.

Returns all resources found by the filter together with their corresponding permission result.

HTTP-MethodGET
Body

Return value200 / No dataIf the permission has been granted no data is returned, just the status code.

Result

CodeMessageDescription
200-The operation is permitted on the given resource for the specified session.
403-The id of the resource or one of the given roles have not been found in the system. Which one can be decided by reading the message. If this error occurs no changes are done to the set of permissions, especially no permission is aded.
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -H 'Content-Type: application/json' -X GET -i https://example.org/pdp/resources/t*t/checkMultiAccess?operation=read&session=899cd8d1-72dc-4600-82c3-e91c21eb08ee

Tenants

How to create a new tenant

Description

Tenants are logically separated partitions of the system within the same instance. Every tenant has its own users, roles, sessions, resources and therefore its own permissions. If multitentancy is active then the tenant has to always be specified in the header of a request. Otherwise the system does not accept the request. To create such a new tenant only the name (ID) is needed that will be sent in the header in future operations.


ValueDescription
URL/tenants/{tenant}The tenant name may be any string from the asccii character set but must not already be present in the system.
HTTP-MethodPOST
Body
{"password": "secret"}

The password is optional. But if password protected tenancy is used, then of course accessing tenants without password is not possible

Return value200 / No dataIf the resource has been created no data is returned, just the status code.

Result

CodeMessageDescription
200-The tenant has been created.
406
  • The tenant already exists so you can not create it
The tenant is already present in the directory
500variousAnything else went wrong.

Example

The following example uses the hostname "example.org" and the default path to the PDP (/pdp/) as document root.

curl -H 'Content-Type: application/json' -X POST -d '{}' -i https://example.org/pdp/tenants/customer_X/

How to remove an existing tenant (not yet implemented)

How to deactivate an existing tenant (not yet implemented)

Example

If your system does not trust the certificate please add "–insecure" to the commandline call. To see how it all works the following commands can be used:

StepCallDescriptionReturn
1
curl -H 'Content-Type: application/json' -X POST -d '{"username": "joe", "password": "secret"}' -i https://example.org/pdp/users/
Create the user "joe"200
2
curl -i -X POST https://example.org/pdp/roles/BasicUser
curl -i -X POST https://example.org/pdp/roles/Admin
Create two roles "BasicUser" and "Admin"200
3
curl -H 'Content-Type: application/json' -X POST -d '{"operations": ["open", "close"]}' \
 -i https://example.org/pdp/resources/front_door
Create the resource "front_door" that knows the operations "open" and "close"200
4
curl -H 'Content-Type: application/json' -X PATCH -d '{"roles": ["BasicUser"]}' \
 -i https://example.org/pdp/users/9957a0a0-998b-11e8-895e-4ccc6a0a4596/assignRoles
Assign the user with the UUID "9957a0a0-998b-11e8-895e-4ccc6a0a4596" to the role "BasicUser"200
5
curl -H 'Content-Type: application/json' -X PATCH -d '{"permissions": [{"role": "Admin", "operation": "open"}, {"role": "BasicUser", "operation": "close"}]}' \
 -i https://example.org/pdp/resources/front_door/grantPermission
Permit the operation "open" on "front_door" for the "Admin" role and the operation "close" on "front_door" for the "BasicUser" role200
6
curl -H 'Content-Type: application/json' -X POST -d '{"userid": "9957a0a0-998b-11e8-895e-4ccc6a0a4596", "roles": ["BasicUser"]}' \
 -i https://example.org/pdp/sessions/899cd8d1-72dc-4600-82c3-e91c21eb08ee
Initialise a new session for the user with the UUID "9957a0a0-998b-11e8-895e-4ccc6a0a4596" and activate the role "BasicUser".200
7
curl --insecure -H 'Content-Type: application/json' -X GET \
 -i https://example.org/pdp/resources/front_door/checkAccess?session=899cd8d1-72dc-4600-82c3-e91c21eb08ee&operation=open
Check if the session "899cd8d1-72dc-4600-82c3-e91c21eb08ee" that belongs to the user with the UUID "9957a0a0-998b-11e8-895e-4ccc6a0a4596" is allowed to "open" the "front_door"403
8
curl --insecure -H 'Content-Type: application/json' -X GET \
 -i https://example.org/pdp/resources/front_door/checkAccess?session=899cd8d1-72dc-4600-82c3-e91c21eb08ee&operation=close
Check if the session "899cd8d1-72dc-4600-82c3-e91c21eb08ee" that belongs to the user with the UUID "9957a0a0-998b-11e8-895e-4ccc6a0a4596" is allowed to "close" the "front_door"200



  • No labels