A Web Authorization policy specifies conditions that a user must meet in order to access a resource on a J2EE server. The Web Authorization policy specifies the criteria a user must meet to either allow access or deny access. For example, if you create a Sales role and assign it to the users, the role can be used to allow access to the sales applications and to deny access to resource management applications. For information about designing a policy, see Section 28.1, Designing an Authorization Policy.
To create a Web Authorization policy:
In the Administration Console, click
> > .Specify a name for the policy, select
as the type, then click .Fill in the following fields:
Description: (Optional) Specify a description for the rule.
Priority: Specify the order in which a rule is applied in the policy, when the policy has multiple rules. The highest priority is 1 and 10 is the lowest. If two rules have the same priority, a Deny rule is applied before a Permit rule.
In the
section, click , then select one of the following:Client IP Address: Allows you to control access based on the IP address of the client making the request. For configuration information, see Section 28.5.2, Client IP Condition.
Credential Profile: Allows you to control access based on the credentials the user specified during authentication. For configuration information, see Section 28.5.3, Credential Profile Condition.
Current Date: Allows you to control access based on the date of the request. For more information, see Section 28.5.4, Current Date Condition.
Current Day of Week: Allows you to control access based on the day the request is made. For configuration information, see Section 28.5.5, Current Day of Week Condition.
Current Day of Month: Allows you to control access based on the month the request is made. For configuration information, see Section 28.5.6, Current Day of Month Condition.
Current Time of Day: Allows you to control access based on the time the request was made. For configuration information, see Section 28.5.7, Current Time of Day Condition.
HTTP Request Method: Allows you to control access based on the request method. For configuration information, see Section 28.5.8, HTTP Request Method Condition.
LDAP Attribute: Allows you to control access based on the value of an LDAP attribute. For configuration information, see Section 28.5.9, LDAP Attribute Condition.
Liberty User Profile: Allows you to control access based on the value of a profile attribute. For configuration information, see Section 28.5.11, Liberty User Profile Condition.
Roles for Current User: Allows you to control access based on the roles a user has been assigned. For configuration information, see Section 28.5.12, Roles for Current User Condition.
URL: Allows you to control access based on the URL in the request. For configuration information, see Section 28.5.13, URL Condition.
URL Scheme: Allows you to control access based on the scheme in the URL of the request (for example, http or https). For configuration information, see Section 28.5.14, URL Scheme Condition.
URL Host: Allows you to control access based on the hostname in the URL of the request. For configuration information, see Section 28.5.15, URL Host Condition.
URL Path: Allows you to control access based on the path in the URL of the request. For configuration information, see Section 28.5.16, URL Path Condition.
URL File Name: Allows you to control access based on the filename in the URL of the request. For configuration information, see Section 28.5.17, URL File Name Condition.
URL File Extension: Allows you to control access based on the file extension in the URL of the request. For configuration information, see Section 28.5.18, URL File Extension Condition.
X-Forwarded-For IP: Allows you to control access based on the value in the X-Forwarded-For IP header of the HTTP request. For configuration information, see Section 28.5.19, X-Forward-For IP Condition.
To add multiple conditions to the same rule, either add a condition to the same condition group or create a new condition group. For information on how conditions and condition groups interact with each other, see Section 28.7, Using Multiple Conditions.
In the
section, select either or .To save the rule, click
twice, then click .Assign the policy to a Web resource. See Assigning a Web Authorization Policy to the Resource
in the Novell Access Manager 3.0 SP4 Agent Guide