Retrieve the Web Tier Policy
/__auth-mgmt-app/webtierpolicy
On Oracle Cloud Infrastructure Classic, this endpoint is applicable only to accounts that include Oracle Identity Cloud Service and Oracle Cloud Infrastructure Load Balancing Classic, and to Oracle Java Cloud Service instances that are created with Oracle Identity Cloud Service enabled, after release 18.4.2.
Returns the current CloudGate web tier policy for the specified WebLogic Server Admin host.
Note the following:
- You must use this endpoint to get the current policy before you update any resources in the policy. Copy the entire current policy into the update request payload, then edit only the objects within the
resourceFiltersarray. - You must have the WebLogic Server Admin global role to perform this operation.
- (On Oracle Cloud Infrastructure Classic) Because this endpoint API is deployed on the WebLogic Administration Server, the
ora_p2admin_ahttpsaccess rule for the WebLogic Server Administration Console must be enabled before you can use the endpoint. See Update an Access Rule.
Request
-
Authorization: string
Base64 encoded user name and password separated by a colon or OAuth access token obtained from Oracle Identity Cloud Service. See Authenticate.
-
X-ID-TENANT-NAME: string
Identity domain ID for the Oracle Java Cloud Service account.
Response
- application/json
- application/scim+json
200 Response
object-
cloudgatePolicy:
object cloudgatePolicy
Groups CloudGate webtier policy details.
object-
allowCors:
boolean
Flag that specifies whether Cross-Origin Resource Sharing across domains is allowed.
-
disableAuthorize:
boolean
Authorize flag. Whether to disable validation of the access token audience during authentication.
-
requireSecureCookies:
boolean
Flag that specifies whether to use HTTPS for all browser requests.
-
version:
string
CloudGate version.
-
webtierPolicy:
array webtierPolicy
Groups web tier policy details.
object-
policyName:
string
Name of the policy.
(When updating) The name must contain lowercase characters, such as
[a-z, 0-9_-+] -
resourceFilters:
array resourceFilters
Groups resource filters.
object-
authorize:
boolean
(When updating) Must be set to
false. -
comment(optional):
string
Optional free-form text to describe the filter.
-
filter:
string
The path of the URL for the resource that you want to protect.
(When updating) The path must begin with the
/character. For example:/store/departments/.* -
method:
string
Authentication method for the resource filter.
(When updating) Valid values are:
OauthOauth+logoutPublic(default)
-
type:
string
Resource filter type.
(When updating) Specify
regexto indicate that the resource URL is defined as a regular expression match (not an exact text match).
Examples
The following example shows how to retrieve the CloudGate web tier policy by submitting a GET request on the REST resource using cURL.
cURL Command
curl -i -X GET -u username:password -H "X-ID-TENANT-NAME:ExampleIdentityDomain" https://host:port/__auth-mgmt-app/webtierpolicy
Note: Use the option -ik if a secure connection cannot be established because of an SSL certificate problem.
host:port is the public IP address and port to the WebLogic Admin Server. See Get a Service Instance (publicIpAddress of the ADMIN_SERVER host). On Oracle Cloud Infrastructure Classic, see also View All Access Rules (ora_p2admin_ahttps port).
Example of Response Header
The following shows an example of the response header.
HTTP/1.1 200 OK
Date: Tue, 04 Sep 2018 17:50:44 GMT
Content-Length: 1567
Content-Type: application/jsonExample of Response Body
The following shows an example of the response returned in JSON format.
{
"cloudgatePolicy":{
"disableAuthorize":false,
"allowCors":false,
"requireSecureCookies":true,
"webtierPolicy":[
{
"policyName":"jcs_cg_policy",
"resourceFilters":[
{
"type":"regex",
"filter":"\/__protected\/.*",
"method":"oauth",
"authorize":false
},
{
"type":"regex",
"filter":"\/.*\/__protected\/.*",
"method":"oauth",
"authorize":false
},
{
"type":"regex",
"filter":"\/bea_wls_management_internal2.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/bea_wls_diagnostics.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/uddi.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/uddiexplorer.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/wsm-pm.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/console.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/console-help.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/wlstestclient.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/wls_utc.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/mejb.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/bea_wls_deployment_internal.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/bea_wls_internal.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/bea_wls9_async_response.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/bea_wls_async_response.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/wls-wsat.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/wls-cat.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":"\/wsil-wls.*",
"method":"unsupported"
},
{
"type":"regex",
"filter":".*",
"method":"public"
}
]
}
],
"version":"2.3"
}
}