Message Image

Skip main navigation (Press Enter).

Symantec Access Management

Back to discussions

Expand all | Collapse all

Protect only POST method on resource

Jump to Best Answer

Josh CoffmanAug 23, 2017 02:02 PM

I should know the answer to this, but it has been a while since I have written SiteMinder policy. ...

UjwolAug 23, 2017 11:50 PMBest Answer

Hi Josh, To check if the resource is protected, it sufficient to just have a rule matching the resource. ...

1. Protect only POST method on resource

0 Recommend
Josh Coffman
Posted Aug 23, 2017 02:02 PM

Reply Reply Privately
I should know the answer to this, but it has been a while since I have written SiteMinder policy.

We have an API (one URI) that needs to be accessible anonymously via get, and protected for POST operations.

I have an unprotected realm, and a rule of * with POST.

It appears that this basically protects all methods for *, but only the POST method will be authorized via the attached policy.

Is there any way in policy (without using webappclientresponse) to leave get unprotected, and protect POST only?

If not, I will start looking at webappclient response, it just seems like it should be doable in policy.

Thanks,

Josh
2. Re: Protect only POST method on resource
Best Answer

0 Recommend
Ujwol
Posted Aug 23, 2017 11:50 PM

Reply Reply Privately
Hi Josh,

To check if the resource is protected, it sufficient to just have a rule matching the resource. The web agent action type (GET/POST/PUT etc.) is not checked during IsProtected checking.

So , based on this it doesn't seems possible to protect only POST action for the same resource and unprotect GET.

Regards,
Ujwol

Copyright 2023. All rights reserved.

Powered by Higher Logic