Authorization
The authorize REST interface will verify user authorization against created policies. Currently, the interface can check whether the user is authorized to perform a particular operation (GET or POST) on a particular HTTP resource. The URL needs to be populated with the following information.
-
uri defines the resource for which authorization is being requested.
-
action defines the operation for which authorization is being requested.
-
subjectid defines the tokenid of the user for which authorization is being requested.
The following URL defines a user that wants to POST to http://www.sun.com:90.
http://OpenSSO-host:OpenSSO-port/opensso/identity/authorize?uri= http://www.sun.com:90&action=POST&subjectid=AQIC5wM2LY4SfczeSHZ5cHJMmQYU3f5imB2fBBTpkCXADS0=@AAJTSQACMDE=# |
The operation returns a value of true or false. If the user is not authorized, an exception is thrown. Assuming a policy has been created to allow authenticated users to POST to the defined resource, the above URL would return true.
- © 2010, Oracle Corporation and/or its affiliates