Contents
This filter enables you to authorize an authenticated user for a particular resource against Oracle Entitlements Server (OES) 10g. The user must first have been authenticated to OES 10g (for example, using the HTTP Basic Authentication or HTTP Digest Authentication filter).
This filter enables you to configure the API Gateway to delegate authorization to OES 10g. You can configure the API Gateway to authorize an authenticated user for a particular resource against OES 10g. Credentials used for authentication can be extracted from the HTTP Basic header, WS-Security username token, or the message payload. After successful authentication, the API Gateway can authorize the user to access a resource using OES 10g.
Configure the following general field:
Name:
Enter an appropriate descriptive name for this filter.
Configure the following fields on the Settings tab:
Resource:
Enter the URL for the target resource (for example, Web Service). Alternatively, if this policy is reused for multiple services, enter a URL using message attribute selectors, which are expanded at runtime to the value of the specified attribute. For example:
${http.destination.protocol}://${http.destination.host}:${http.destination.port} ${http.request.uri}
Resource Naming Authority:
Enter apigatewayResource
to match the Naming Authority Definition
loaded in the OES 10g settings. For more details, see
Oracle Security Service Module Settings (10g).
Action:
Enter the HTTP verb (for example, POST
, GET
,
DELETE
, and so on). Alternatively, if this policy is reused
for multiple services, enter a message attribute selector, which is expanded
at runtime to the value of the specified attribute (for example,
${http.request.verb
}) For more details on selectors, see
Selecting Configuration Values at Runtime.
Action Naming Authority:
Enter apigatewayAction
to match the Naming Authority Definition
loaded in the OES 10g settings. For more details, see
Oracle Security Service Module Settings (10g).
How access request is processed:
Select one of the following options:
ONCE |
Specifies that the authorization query is only asked once for a resource and action. |
POST |
Specifies that the authorization query is asked after a resource is acquired, but before it has been processed or presented. |
PRIOR |
Specifies that the authorization query is asked before a resource is acquired. |