The authorize REST interface will verify user authorization against created policies. Currently, the interface can check whether the user is authorized to perform a particular operation (GET or POST) on a particular HTTP resource. The URL needs to be populated with the following information.
uri defines the resource for which authorization is being requested.
action defines the operation for which authorization is being requested.
subjectid defines the tokenid of the user for which authorization is being requested.
The following URL defines a user that wants to POST to http://www.sun.com:90.
http://OpenSSO-host:OpenSSO-port/opensso/identity/authorize?uri= http://www.sun.com:90&action=POST&subjectid=AQIC5wM2LY4SfczeSHZ5cHJMmQYU3f5imB2fBBTpkCXADS0=@AAJTSQACMDE=# |
The operation returns a value of true or false. If the user is not authorized, an exception is thrown. Assuming a policy has been created to allow authenticated users to POST to the defined resource, the above URL would return true.