Sun OpenSSO Enterprise Policy Agent 3.0 User's Guide for J2EE Agents

Inverting the Not-Enforced URI List

In situations where only a small portion of the deployed application needs protection, you can configure the agent to do just that by inverting the not-enforced list. This results in the agent enforcing access control over the entries that are specified in the not-enforced list and allowing access to all other resources on the system. This feature is controlled by the property labeled Invert Not Enforced URIs (Tab: Application, Name: com.sun.identity.agents.config.notenforced.uri.invert).

When you enable this property, it changes the entries specified in the not-enforced list to enforced and the rest of the application resources are treated as not-enforced.

Caution – Caution –

When the not-enforced list is inverted, the number of resources for which the agent will not enforce access control is potentially very large. The use of this feature should therefore be used with extreme caution and only after extensive evaluation of the security requirements of the deployed applications.

Note –