The Enter Regular Expression table displays the list of
configured query string names together with the white list of regular expressions
that restrict their values. For this filter to run successfully, all
required attributes must be present in the request, and all must
have the correct value.
The Name column shows the name of the query string attribute.
The Regular Expression column shows the name of the regular
expression that the Enterprise Gateway uses to restrict the value of the named query
string attribute. A number of common regular expressions are available from
the global White list library.
If the Allow unspecified names checkbox is selected,
additional unnamed query string attributes are not filtered by the Enterprise Gateway.
For example, this is useful if you are interested in filtering the content of
only a small number of query string attributes but the request may contain many
attributes. In such cases, you only need to filter those few attributes, and by
selecting this checkbox, the Enterprise Gateway ignores all other query string attributes.
Configuring a Regular Expression
You can configure regular expressions by selecting the Add,
Edit, and Delete buttons. The Configure
Regular Expression dialog enables you to add or edit regular expressions to
restrict the values request query string attributes. To configure a regular expression,
perform the following steps:
-
Enter the name of the query string attribute in the
Name field.
-
Select whether this request parameter is Optional
or Required using the appropriate radio button.
If it is Required, the parameter name
must be present in the request. If the parameter
is not present, the filter fails. If it is Optional,
the attribute does not need to be present for the filter to pass.
-
You can enter the regular expression to restrict the value of the query
string attribute manually or select it from the global White
list library of regular expressions in the Expression
Name drop-down list. A number of common regular expressions
are provided (for example, alphanumeric values, dates, and email addresses).
You can use properties representing the values of message attributes
to compare the value of the query string attribute with the value
contained in a message attribute. Enter the $ character in
the Regular Expression field to view a list of available
attributes. At runtime, the property is expanded to the corresponding
attribute value, and compared to the query string attribute value that you
want to check.
-
You can add a regular expression to the library by selecting
the Add/Edit button. Enter a Name for the
expression followed by the Regular Expression.
Advanced Settings
The Advanced section enables you to extract a portion of
the query string attribute value that is run against the regular expression.
The extracted substring can also be Base64 decoded if necessary. The following
is an example of a URL containing a query string. The value of the password
attribute is Base64 encoded, and must be extracted from the query string and
decoded before it is run against the regular expression.
| | |
|
http://oracle.com/services?username=user&password=dXNlcg0K&dept=eng
| |
| | |
|
You can extract the encoded value of the password= attribute value
by specifying the string that occurs directly before the substring you want
to extract, together with the string that occurs directly after the substring.
Enter password= in the Start substring field,
and & in the End substring field.
Important Note:
You must select the start and end substrings to ensure that the exact substring
is extracted. For example, in this example, password= (including
the equals sign) should be entered in the Start substring
field, and not password (without the equals sign).
By specifying the correct substrings, you are left with the Base64-encoded
attribute value (dXNlcg0K ). However, you still need to Base64 decode
it before you can run a regular expression on it. Make sure to select the
Base64 decode checkbox. The Base64-decoded password value is
simply user . This is the value that you want to run the regular
expression against.
By specifying the correct substrings, you are left with the Base64-encoded
attribute value (dXNlcg0K ). However, you still need to Base64 decode
it before you can run a regular expression on it. Make sure to select the
Base64 decode checkbox. The Base64-decoded password value is
user . This is the value that you need to run the regular expression
against.
Note:
If both Start substring and End substring
fields are blank, the regular expression is run against the entire attribute
value. Furthermore, if both fields are blank and the Base64 decode
checkbox is selected, the entire attribute value is Base64 encoded before the regular
expression is run against it.
|