The platform supports two types of authentication:

• HTTP Basic Authentication
• Cookie-based Authentication

Permissions can be assigned to any user as well as to any role. A permission is defined by three attributes:

• tpye: the qualified class name, e.g., java.io.FilePermission
• name: the name of the permission, e.g., the path in case of java.io.FilePermission
• actions: the actions that the permission allows, e.g., read, write

The platform provides a web service to check whether the current user owns a certain permission. This service is invoked with a GET-request specifying the resource path /security/check and the query parameter permission. The parameter has the format:

'(' <permission class name> <double-quoted name> <double-quoted actions> ')'.

An example of a valid URL would be: http://localhost:8282/security/check?permission=(java.io.FilePermission "/tmp/*" "read")

As a result of this check the platform returns a response with the code 204, if the user has this permission.