The security functionality for ATG Platform REST Web Services allows security to be placed on multiple levels of granularity for Nucleus components.
Before you read this chapter, you should have a thorough understanding of ATG user account security. For more information, see Managing Access Control in the ATG Programming Guide.
The default configuration for ATG Platform REST Web Services is to not allow access to any components. This means that you will need to configure security to be able to call methods or access properties on Nucleus components.
Security on Nucleus components can be configured globally for all components, at the component level for all properties and methods, at the property level, at the method level, and for entire Nucleus subtrees. The REST security subsystem depends on the ATG security system and therefore uses ACLs which are similar to those used to configure security in other parts of an ATG server. The personas can be users, organizations, or roles. The valid rights which can be assigned to a personas are read, write, and execute. Read and write refer to Nucleus properties and execute refers to Nucleus methods. To configure multiple personas, use a semicolon (;) character to separate each access control entry (persona/rights).
The REST security configuration file is located at /atg/rest/security/restSecurityConfiguration.xml. To add your own security configuration create a file at that location in the config directory of your module.
Note: The ATG Platform REST Web Services module does not provide functionality for securing repository items All ATG repository security is handled by the ATG secured repository system, which works in conjunction with the ATG Security System to provide fine-grained access control to repository item descriptors, individual repository items, and even individual properties. For more information, see the ATG Repository Guide.
