A Policy is used by the BasicDecider class. A Policy defines whether to "allow" or "deny" a Request. The results of a Policy are returned as an "effect". The Policy can leverage information about the "environment", the End-User (Subject), the Resource being referenced and what Operation is being requested.
Syntax
<Policy id="NotEnforcedURIs" environment="SERVLET" mode="inbound" effect="allow">
<Properties>
<Property name="policy.description" value="Not Enforced URIs"/>
</Properties>
<Session>
...
</Session>
<Targets>
...
</Targets>
</Policy>
Arguments
| Name | Required | Description | Example | | id | yes | A unique identifier for a Policy | id="AnonAccess" | | environment | yes | Must be one of the environment types: SERVLET or ENGINE | environment="ENGINE" | | mode | yes | During the Request / Response process, should the Policy be evaluated either on the Request-side (inbound) or on the Response-side (outbound). NOTE: Currently only the "inbound" mode is used. | mode="inbound" | | effect | yes | If the Policy evaluates to TRUE, what should the returned effect be. The current options are:
| effect="allow" |
Properties| Name | Required | Description | Example | | policy.description | no | Description of the Policy | "Support anon access"
|
| 