REST Security API

The REST Security API provides access to securities of the Product Manager.

List all Security ACL APIs

Returns the list of all available REST APIs for acl security.

URL Pattern

/security/acl/info

Method

GET

Parameters

-

Media type

text/html, application/json, application/xml

Result

A list of all available REST APIs for acl security

Result

A list of all available REST APIs for acl security.

Description

URL Pattern

Method

Parameters

Result

Content

Read ACL Object

/security/acl/{aclId}

GET

-

The ACL object in JSON or XML format

-

Create ACL Object

/security/acl

POST

-

The ACL object, that was created or already existed, in JSON or XML format.

ACL object in JSON or XML format

Read ACL object

Returns the ACL object of the specified acl id.

URL Pattern

/security/acl/{acl-id}

Method

GET

Parameters

-

Media type

text/html, application/json, application/xml

Result

The ACL object

Content

The content as returned ACL object has to be a JSON/XML object which includes the properties listed below.

ACL properties

Field

Data type

Description

id

Long

id of the ACL

entries

List of AclEntry

all AclEntries of the ACL

Each AclEntry has following properties:

Properties of a member of AclEntry

Field

Data type

Description

principal

PrincipalItemReference

An EntityItemReference to principal (user, user group or party)

fullPermission

boolean

A boolean value indicates whether the principal has the Full permission object right, default value is false

deletePermission

boolean

A boolean value indicates whether the principal has the Delete permission object right, default value is false

writePermission

boolean

A boolean value indicates whether the principal has the Write permission object right, default value is false

readPermission

boolean

A boolean value indicates whether the principal has the Read permission object right, default value is false

Principal properties

Field

Data type

Description

id

String

External identifier of the principal (user, user group or party)

entityId

Short

Entity id of the principal (user, user group or party)

deleted

boolean

A flag indicating whether the principal is deleted on the system, default value is false

Create ACL object

Creates a new ACL object if it does not exist for the desired AclEntries, otherwise returns the existing ACL object.

URL Pattern

/security/acl

Method

POST

Parameters

-

Media type

text/html, application/json, application/xml

Result

The created or existing ACL object

  • Handling for deleted principal: following table indicates the different responses according to the provided content (which contains the deleted flag for principal) and the fact whether the corresponding principal is actually deleted or not.

    Flag "deleted" of principal in content

    Principal is deleted on the system

    Result

    false/true

    false (principal existing)

    AclEntry with that principal is considered for the created Acl on the system.
    The returned ACL contains the principal with "false" value for the "deleted" flag.

    false

    true (principal deleted)

    An Exception is returned that the specified principal EntityItemReference does not exist.

    true

    true (principal deleted)

    AclEntry with that principal is NOT considered for the created Acl on the system.
    The created and returned ACL does not contain the principal. If no existing principal is available an exception (HTTP 400) is thrown.

  • The given permission combination of each AclEntry might be adjusted according to the ACL object right rule: all implicit permissions of the given ones will be also granted.

    fullPermission

    deletePermission

    writePermission

    readPermission

    adjusted permissions of created object

    true

    true/false

    true/false

    true/false

    		 
    "fullPermission": true,
    "deletePermission": true,
    "writePermission": true,
    "readPermission": true

    false

    true

    true/false

    true/false

    		 
    "fullPermission": false,
    "deletePermission": true,
    "writePermission": true,
    "readPermission": true

    false

    false

    true

    true/false

    		 
    "fullPermission": false,
    "deletePermission": false,
    "writePermission": true,
    "readPermission": true

    false

    false

    false

    true

    		 
    "fullPermission": false,
    "deletePermission": false,
    "writePermission": false,
    "readPermission": true

    false

    false

    false

    false

    		 
    "fullPermission": false,
    "deletePermission": false,
    "writePermission": false,
    "readPermission": false

  • When a principal of the type Party is used in the AclEntry, only a PrincipalItemReference with the id 'Heiler Product Manager' is allowed.
    If other id values are used, this will result in a not found principal in the system.

Examples

Read ACL object for an id

REST call for JSON

Rest Call for JSON
curl -u rest:heiler -H "Accept: application/json" -X GET http://localhost:1501/rest/V1.0/security/acl/3

The following JSON object is returned:

Returned JSON object
{
"id": 3,
"entries": [
{
"principal": {
"id": "'Heiler Product Manager'",
"entityId": 2800
"deleted": false
 },
"fullPermission": false,
"deletePermission": false,
"writePermission": false,
"readPermission": true
},
{
"principal": {
"id": "'userGroup1'",
"entityId": 2700,
"deleted": false
},
"fullPermission": false,
"deletePermission": true,
"writePermission": true,
"readPermission": true
},
{
"principal": {
"id": "'user1'",
"entityId": 2600,
"deleted": false
},
"fullPermission": true,
"deletePermission": true,
"writePermission": true,
"readPermission": true
},
{
"principal": {
"id": "'deletedUser'",
"entityId": 2600,
"deleted": true
},
"fullPermission": false,
"deletePermission": true,
"writePermission": true,
"readPermission": true
}
  ]
}

REST call for XML

Rest Call for XML
curl -u rest:heiler -H "Accept: application/xml" -X GET http://localhost:1501/rest/V1.0/security/acl/3

The following XML object is returned:

Returned XML object
<acl>
<id>3</id>
<entries>
<entry>
<principal>
<id>'Heiler Product Manager'</id>
<entityId>2800</entityId>
<deleted>false</deleted>
</principal>
<fullPermission>false</fullPermission>
<deletePermission>false</deletePermission>
<writePermission>false</writePermission>
<readPermission>true</readPermission>
</entry>
<entry>
<principal>
<id>'userGroup1'</id>
<entityId>2700</entityId>
<deleted>false</deleted>
</principal>
<fullPermission>false</fullPermission>
<deletePermission>true</deletePermission>
<writePermission>true</writePermission>
<readPermission>true</readPermission>
</entry>
<entry>
<principal>
<id>'user1'</id>
<entityId>2600</entityId>
<deleted>false</deleted>
</principal>
<fullPermission>true</fullPermission>
<deletePermission>true</deletePermission>
<writePermission>true</writePermission>
<readPermission>true</readPermission>
</entry>
<entry>
<principal>
<id>'deletedUser'</id>
<entityId>2600</entityId>
<deleted>true</deleted>
</principal>
<fullPermission>false</fullPermission>
<deletePermission>true</deletePermission>
<writePermission>true</writePermission>
<readPermission>true</readPermission>
</entry>
  </entries>
</acl>

REST Client Java

Rest Client Java Code
SecurityRequest securityRequest = getRestClient().createSecurityRequest();
Long actualAclId = 3L;
ACL actualAcl = securityRequest.getAcl( actualAclId );

Create ACL object

REST call for JSON

Rest Call for JSON
curl -u rest:heiler -H "Accept: application/json" -X POST http://localhost:1501/rest/V1.0/security/acl

The following JSON object is provided as content:

JSON object as content
{
"entries": [
{
"principal": {
"id": "'user1'",
"entityId": 2600
},
"fullPermission": true,
"deletePermission": false,
"writePermission": true,
"readPermission": false
}
]
}

The returned protocol looks like:

Returned JSON object
{
"id": 4,
"entries": [
{
"principal": {
"id": "'user1'",
"entityId": 2600,
"deleted": false
},
"fullPermission": true,
"deletePermission": true,
"writePermission": true,
"readPermission": true
}
]
}

REST call for XML

Rest Call for XML
curl -u rest:heiler -H "Accept: application/xml" -X POST http://localhost:1501/rest/V1.0/security/acl

The following JSON object is provided as content:

XML object as content
<acl>
<entries>
<entry>
<principal>
<id>'userGroup1'</id>
<entityId>2700</entityId>
</principal>
<fullPermission>false</fullPermission>
<deletePermission>true</deletePermission>
<writePermission>false</writePermission>
<readPermission>false</readPermission>
</entry>
</entries>
</acl>

The returned protocol looks like:

Returned XML object
<acl>
<id>5</id>
<entries>
<entry>
<principal>
<id>'userGroup1'</id>
<entityId>2700</entityId>
<deleted>false</deleted>
</principal>
<fullPermission>false</fullPermission>
<deletePermission>true</deletePermission>
<writePermission>true</writePermission>
<readPermission>true</readPermission>
</entry>
</entries>
</acl>

REST Client Java

Rest Client Java Code
SecurityRequest securityRequest = getRestClient().createSecurityRequest();
//prepares ACL parameter for addAcl method
ACL aclToPersist = new ACL();
List< AclEntry > aclEntriesToPersist = new ArrayList< AclEntry >();
aclToPersist.setEntries( aclEntriesToPersist );
 
AclEntry aclEntryUser = new AclEntry();
PrincipalItemReference user1 = new PrincipalItemReference( EntityItemReferenceFactory.createByIdentifier( "User1" ));
user1.setEntityId( ( short ) 2600 );
user1.setDeleted( false );
aclEntryUser.setPrincipal( user1 );
aclEntryUser.setReadPermission( true );
aclEntriesToPersist.add( aclEntryUser );
 
//calls the method
ACL createdAcl = securityRequest.addAcl( aclToPersist );
 
//gets result
Long actualAclId = createdAcl.getId();
List< AclEntry > createdAclEntries = createdAcl.getEntries()