Once the server is running with the REST module, your platform is now able to accept and process REST requests. Before you begin coding, you must configure the Web Services security component. By default:
The security components in the Legacy REST Web Services require you to be logged into the server in order to make calls.
No users have access to any components, so even a logged-in user will not be able to successfully make any REST requests.
In a development environment, you can set a default ACL in the security configuration file. This allows all the specified users to have access to all Nucleus components.
Important: This functionality is provided for convenience and should not be used in a production environment unless that is the specified intent.
To set a default ACL in the security configuration layer, create a file in your localconfig directory at atg/rest/security named restSecurityConfiguration.xml. Add the following lines to the file, replacing #username# with the name of a valid profile for logging onto your Oracle ATG Web Commerce system.
<rest-security>
<default-acl value="Profile$login$#username#:read,write,execute"/>
</rest-security>
