|Applies To||RSA ClearTrust 4.6.1|
|Issue||Why don't we have full regular expressions in URLs for protection?|
|Resolution||It is a common assumption that when you start the system, you should be able to make a protected URL like:|
and it will protect all of the pdf files in /something. This is incorrect.
The problem here is choosing which URL matches the given full URI string. If you had the above protection, and another url like:
when you receive a request in the auth server to check permissions on the file /something/abc.pdf, you don't know which of the two protected url strings it matches, and therefore, which policy rules to choose for allowing or denying access.
What the auth server actually supports is uri strings like:
Then, when a request comes in for /foo/index.html, we first look for the policy rule entries for urls strings in the following order:
If there are no entries for any of these, we give up and say "unprotected resource".
|Legacy Article ID||a6970|