Layer7 Access Management

Expand all | Collapse all

Protect only POST method on resource

Jump to Best Answer
  • 1.  Protect only POST method on resource

    Posted 08-23-2017 02:02 PM

    I should know the answer to this, but it has been a while since I have written SiteMinder policy.

     

    We have an API (one URI) that needs to be accessible anonymously via get, and protected for POST operations.

     

    I have an unprotected realm, and a rule of * with POST.

     

    It appears that this basically protects all methods for *, but only the POST method will be authorized via the attached policy.

     

    Is there any way in policy (without using webappclientresponse) to leave get unprotected, and protect POST only?


    If not, I will start looking at webappclient response, it just seems like it should be doable in policy.

     

    Thanks,

     

    Josh



  • 2.  Re: Protect only POST method on resource
    Best Answer

    Posted 08-23-2017 11:50 PM

    Hi Josh,

     

    To check if the resource is protected, it sufficient to just have a rule matching the resource. The web agent action type (GET/POST/PUT etc.) is not checked during IsProtected checking.

     

    So , based on this it doesn't seems possible to protect only POST action for the same resource and unprotect GET.

     

    Regards,

    Ujwol