A Web Authorization policy specifies conditions that a user must meet in order to access a resource on a J2EE server. The Web Authorization policy specifies the criteria a user must meet to either allow access or deny access. For example, if you create a Sales role and assign it to the users, the role can be used to allow access to the sales applications and to deny access to resource management applications. For information about designing a policy, see Section 3.1, Designing an Authorization Policy.
To create a Web Authorization policy:
In the Administration Console, click
> > .Specify a name for the policy, select
as the type, then click .Fill in the following fields:
Description: (Optional) Specify a description for the rule.
Priority: Specify the order in which a rule is applied in the policy, when the policy has multiple rules. The highest priority is 1 and 10 is the lowest. If two rules have the same priority, a Deny rule is applied before a Permit rule.
In the
section, click , then select one of the following:Client IP Address: Allows you to control access based on the IP address of the client making the request. For configuration information, see Section 3.5.2, Client IP Condition.
Credential Profile: Allows you to control access based on the credentials the user specified during authentication. For configuration information, see Section 3.5.3, Credential Profile Condition.
Current Date: Allows you to control access based on the date of the request. For more information, see Section 3.5.4, Current Date Condition.
Day of Week: Allows you to control access based on the day the request is made. For configuration information, see Section 3.5.5, Day of Week Condition.
Current Day of Month: Allows you to control access based on the month the request is made. For configuration information, see Section 3.5.6, Current Day of Month Condition.
Current Time of Day: Allows you to control access based on the time the request was made. For configuration information, see Section 3.5.7, Current Time of Day Condition.
HTTP Request Method: Allows you to control access based on the request method. For configuration information, see Section 3.5.8, HTTP Request Method Condition.
LDAP Attribute: Allows you to control access based on the value of an LDAP attribute. For configuration information, see Section 3.5.9, LDAP Attribute Condition.
Liberty User Profile: Allows you to control access based on the value of a profile attribute. For configuration information, see Section 3.5.11, Liberty User Profile Condition.
Roles: Allows you to control access based on the roles a user has been assigned. For configuration information, see Section 3.5.12, Roles Condition.
URL: Allows you to control access based on the URL in the request. For configuration information, see Section 3.5.13, URL Condition.
URL Scheme: Allows you to control access based on the scheme in the URL of the request (for example, HTTP or HTTPS). For configuration information, see Section 3.5.14, URL Scheme Condition.
URL Host: Allows you to control access based on the hostname in the URL of the request. For configuration information, see Section 3.5.15, URL Host Condition.
URL Path: Allows you to control access based on the path in the URL of the request. For configuration information, see Section 3.5.16, URL Path Condition.
URL File Name: Allows you to control access based on the filename in the URL of the request. For configuration information, see Section 3.5.17, URL File Name Condition.
URL File Extension: Allows you to control access based on the file extension in the URL of the request. For configuration information, see Section 3.5.18, URL File Extension Condition.
To add multiple conditions to the same rule, either add a condition to the same condition group or create a new condition group. For information on how conditions and condition groups interact with each other, see Section 3.1.4, Using Multiple Conditions.
In the
section, select either or .To save the rule, click
twice, then click .Assign the policy to a Web resource. See Assigning a Web Authorization Policy to the Resource
in the Novell Access Manager 3.1 SP1 Agent Guide.