The One-Level Wildcard for Policy Logic
By docteger on Mar 06, 2008
UPDATE-3/21/08: The one-level wildcard is currently only available to the J2EE agents - not the web agents. After putting together the couplet entries on policy logic in OpenSSO and wildcard matches in policy agents, I received an email from Bhavna, one of Sun's Federated Access Manager engineering gurus, who wrote - and I cut and paste:
good addition. You might want to add some information on one level wild card too which, by default, is "-\*-"NOTE: I'm thankful for that last sentence myself. Well here is the scoop that turns our couplet into a triplet. The one-level wildcard was introduced in Sun Java System Access Manager 7.1. The wildcard itself is
unfortunately we don't have much documentation on it.
-\*-and it matches only the level for which it stands without crossing delimiter boundaries. A policy can include the one-level wildcard in resource names to allow and deny access. For example, if you allow access to
http://www.sun.com/b/-\*-/din a policy definition then access to
http://www.sun.com/b/c/dwill be allowed but access to
http://www.sun.com/b/c/e/dwill be denied.
-\*-would match any character but only at the defined level. And, in honor of all the gurus at Sun, here's a music clip from a very funny and sweet movie called The Guru. It's American-financed but filmed in the Bollywood-style. (Any suggestions on some Bollywood movies I should see would be appreciated.) The song is called Chori Chori which from my perusal on the internet means "secretly". Once you've met The Guru, love will never sound the same.