Red Hat Summit第29章 Security Management REST API for Business Central groups, roles, and users
Red Hat Decision Manager provides a Security Management REST API that you can use to manage the groups, roles, and users in Red Hat Decision Manager without using the Business Central user interface. This API support enables you to facilitate and automate management of Business Central groups, roles, users, and granted permissions.
With the Security Management REST API, you can perform the following actions:
- Retrieve information about all groups, roles, users, and their granted permissions
- Create, update, or delete groups and users
- Update granted permissions for groups, roles, and users
- Retrieve information about groups and roles assigned to the users
Security Management REST API requests require the following components:
- Authentication
The Security Management REST API requires HTTP Basic authentication or token-based authentication for the user role
admin. To view configured user roles for your Red Hat Decision Manager distribution, navigate to~/$SERVER_HOME/standalone/configuration/application-roles.propertiesand~/application-users.properties.To add a user with the
adminrole, navigate to~/$SERVER_HOME/binand run the following command:$ ./add-user.sh -a --user <USERNAME> --password <PASSWORD> --role adminFor more information about user roles and Red Hat Decision Manager installation options, see Planning a Red Hat Decision Manager installation.
- HTTP headers
The Security Management REST API requires the following HTTP headers for API requests:
Accept: Data format accepted by your requesting client:-
application/json(JSON)
-
Content-Type: Data format of yourPOSTorPUTAPI request data:-
application/json(JSON)
-
- HTTP methods
The Security Management REST API supports the following HTTP methods for API requests:
-
GET: Retrieves specified information from a specified resource endpoint -
POST: Creates or updates a resource -
PUT: Updates a resource -
DELETE: Deletes a resource
-
- Base URL
The base URL for Security Management REST API requests is
http://SERVER:PORT/decision-central/rest/, such ashttp://localhost:8080/decision-central/rest/.注記The REST API base URL for the Security Management, Knowledge Store, and Decision Manager controller built into Business Central are the same because all are considered part of Business Central REST services.
- Endpoints
Security Management REST API endpoints, such as
/users/{userName}for a specified user, are the URIs that you append to the Security Management REST API base URL to access the corresponding resource or type of resource in Red Hat Decision Manager.Example request URL for
/users/{userName}endpointhttp://localhost:8080/decision-central/rest/users/newUser- Request data
HTTP
POSTrequests in the Security Management REST API may require a JSON request body with data to accompany the request.Example POST request URL and JSON request body data
http://localhost:8080/decision-central/rest/users/newUser/groups[ "newGroup" ]
29.1. Sending requests with the Security Management REST API using a REST client or curl utility
The Security Management REST API enables you to manage the groups, roles, and users in Red Hat Decision Manager without using the Business Central user interface. You can send Security Management REST API requests using any REST client or curl utility.
Prerequisites
- Business Central is installed and running.
-
You have
adminuser role access to Business Central.
Procedure
-
Identify the relevant API endpoint to which you want to send a request, such as
[GET] /groupsto retrieve groups in Business Central. In a REST client or curl utility, enter the following components for a
GETrequest to/groups. Adjust any request details according to your use case.For REST client:
-
Authentication: Enter the user name and password of the Business Central user with the
adminrole. HTTP Headers: Set the following header:
-
Accept:application/json
-
-
HTTP method: Set to
GET. -
URL: Enter the Security Management REST API base URL and endpoint, such as
http://localhost:8080/decision-central/rest/groups.
For curl utility:
-
-u: Enter the user name and password of the Business Central user with theadminrole. -H: Set the following header:-
Accept:application/json
-
-
-X: Set toGET. -
URL: Enter the Security Management REST API base URL and endpoint, such as
http://localhost:8080/decision-central/rest/groups.
curl -u 'baAdmin:password@1' -H "Accept: application/json" -X GET "http://localhost:8080/decision-central/rest/groups"-
Authentication: Enter the user name and password of the Business Central user with the
Execute the request and review the KIE Server response.
Example server response (JSON):
[ { "group1" }, { "group2" } ]In your REST client or curl utility, send another API request with the following components for a
POSTrequest to/users/{userName}/groupsto update the groups assigned to a user. Adjust any request details according to your use case.For REST client:
-
Authentication: Enter the user name and password of the Business Central user with the
adminrole. HTTP Headers: Set the following header:
-
Accept:application/json -
Content-Type:application/json
-
-
HTTP method: Set to
POST. -
URL: Enter the Security Management REST API base URL and endpoint, such as
http://localhost:8080/decision-central/rest/users/newUser/groups. - Request body: Add a JSON request body with the identification data for the new group:
[ "newGroup" ]For curl utility:
-
-u: Enter the user name and password of the Business Central user with theadminrole. -H: Set the following headers:-
Accept:application/json -
Content-Type:application/json
-
-
-X: Set toPOST. -
URL: Enter the Security Management REST API base URL and endpoint, such as
http://localhost:8080/decision-central/rest/users/newUser/groups. -
-d: Add a JSON request body or file (@file.json) with the identification data for the new group:
curl -u 'baAdmin:password@1' -H "Accept: application/json" -H "Content-Type: application/json" -X POST "http://localhost:8080/decision-central/rest/users/newUser/groups" -d "["newGroup"]"curl -u 'baAdmin:password@1' -H "Accept: application/json" -H "Content-Type: application/json" -X POST "http://localhost:8080/decision-central/rest/users/newUser/groups" -d @user-groups.json-
Authentication: Enter the user name and password of the Business Central user with the
Execute the request and review the KIE Server response.
Example server response (JSON):
{ "status": "OK", "message": "Groups [newGroup] are assigned successfully to user wbadmin" }If you encounter request errors, review the returned error code messages and adjust your request accordingly.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}