Resource
Resource allows to create and delete resources within the current domain context to create authorization rules for dynamically generated content. You can also use this page to manage static resources if a resource explorer is not available. You may create as many resources of each type as are required in your system. This configuration allows the creation of resource patterns to protect static and dynamic content delivered by HTTP GET and POST operations or contained in session parameters. Configuration can be divided into two main sections:
-
Controls that specify the network location of the resource. If your HTTP resource is static (that is, the base URL of the resource does not change depending on its content), you only need to configure this first section. For example, an application found at http://www.mycompany.com/root/intranet/relocation.html can be protected with a static resource.
-
Fields and regular expressions that allow you to protect dynamic HTTP resources, in which content is defined by fields in the query string of the URI. For each field you need to validate in order to determine the page content, create a row in this list and specify values for the controls provided. For example, to protect a resource found at http://www.mycompany.com/servetApplication?TARGET=drafts&METHOD=manage, you can create two entries in this list: one to check the TARGET field for the value drafts, and another to check the METHOD field for the value manage. Please note that the use of URL abstractions supported in the HTTP resources is limited to the URL path part without support for URL query parts. URL query parts of the HTTP resources are not evaluated during authentication and authorization processing. As the DirX Access itself is protected by a PEP, the Source-based fields provide the administrator with the options to create a resource tightly connected with the resources provided by the DirX Access Services container. The resources are two-fold:
-
REST-interface: The resources externally addressable via the REST interface.
-
Java-interface: The resources part of the internal request processing considering mainly: user attributes stored in the Shadow User Tree, configuration accessed via the AppRepoService (published externally by the Config RESTful Web Service). The granularity of this interface is at the attributes-level.
PEP identifier
The identifier of the PEP configuration object that makes decisions about the specified resource. If a PEP is not selected, the resource is treated as arbitrary. Arbitrary resources describe resource patterns to protect any definable object, including tables and fields in a database, printers and physical components of your security system such as doors, windows and access gates.
Source
The identifier of the source for chosen resource. You can choose from Configuration base, Entity base and the client web applications.
Source identifier
The identifier of the specific configuration object of the source type configured in specific web application.
URL Path
The path of the resource. Path to the URL, which must begin with a
forward-slash (/ character) for an HTTP resource URL or a simple name
that describes the resource (for example, user) for an arbitrary
resource URL.
Parameters
The set of all parameters of the resource.
Value (required)
The value or pattern that the specified field must contain when
evaluating a dynamic resource. If you specify a definite value (for
example, pricelist), clear the 'Do process value as regular
expression' checkbox described below. If you specify a regular
expression (for example, ^price?), check the 'Do process value as
regular expression' checkbox described below.
Context (required)
The type of field to search when evaluating a dynamic resource. Select Get to search the query string of an HTTP GET request. Select Post to search the content data fields in an HTTP POST operation. Select Session to search HTTP session parameters.
-
Allowed Values:
-
GET -
POST -
SESSION
-