Example: Retrieving ADI from the request header

Edit online

The following example authorization rule requires the name of the Internet host and port number of the resource being requested. (If port number is omitted, the default port for the requested service is used; for example, port 80 is used for an HTTP URL.) The client request is set up to include the host name value in the "host" header of the request. The use of the AMWS_hd_ prefix in the rule alerts the authorization evaluation process that the required ADI is available in the client request and that WebSEAL knows how to find, extract, and return this ADI.

<xsl:if test='AMWS_hd_host = "machineA"'>!TRUE!</xsl:if>

WebSEAL is designed to know how to handle the extraction of ADI information from the request:

[aznapi-configuration]
resource-manager-provided-adi = AMWS_hd_

WebSEAL looks for this information in the request header name "host." WebSEAL extracts the value contained in the "host" header and returns it to the authorization evaluation process.

The example authorization rule is evaluated to be true if the value provided in the request's "host" header is "machineA."

In a similar manner, information required to evaluate an authorization rule can come from the request POST body or the query string of the request.