...
Brand Access
In order to obtain an access token, the client has to have configured the proper authorization. That is, in the OAUTH_CLIENT_DETAILS table, a client has to have defined proper values in AUTHORITIES column. Those authorities must have the following prefix: ACCESS_BRAND_ .After the prefix there should be the brandKey (uppercase) that the respective client has access to. The brandKey parameter should be sent as QUERY parameter in the request for the token.
Example of registered client:CLIENT_ID RESOURCE_IDS CLIENT_SECRET SCOPE AUTHORIZED_GRANT_TYPES WEB_SERVRE_REDIRECT_URI AUTHORITIES ACCESS_TOKEN_VALIDITY ADDITIONAL_INFORMATION AUTOAPROVE swagger-ui swagger-ui-secret read,write password,operator_password,client_credentials ACCESS_BRAND_BRAND_X 600
Example: given a brand key with a value of RATOR_X , the authority tag should be ACCESS_BRAND_RATOR_X .
If a client has access to multiple brands, those should be separated by , (e.g ACCESS_BRAND_RATOR_X, ACCESS_BRAND_RATOR_Y)Code Block title CURL example CURL example: curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=operator_password&username=#myusername&password=mypassword&brandKey=RATOR_X"
Fine-grained access control is about limiting the access to specific resources, or even to limit the access to code blocks within a single resource. The current version of the REST app uses our own framework for this. The framework defines two abstract classes, whose implementations stand in a one-to-one relationship with a resource (an @Path annotated method). The two classes reflect the kind of questions/checks needed in the code.
...