Wildcard Matches in Policy Agents

A comment was left in yesterday's entry on policy logic concerning the lack of consistency in how the different policy agents treat the wildcard. Now I am not an agent expert but I did manage to gather some information for Mr. Robinson that, I hope, helps to shed some light on how the wildcard is used by agents.

The Policy Service in OpenSSO supports policy definitions using an asterisk (\*) as the wildcard. Only \* is supported as a wildcard and it can not be escaped as in \\\*.

A \* :

  • matches zero or more occurrences of any character.
  • spans across multiple levels in a URL.

The following matching rules assume (rightfully so) the wildcard character is \* and the delimiter character is /.

  1. \* matches zero or more characters, including /, in the resource name.
  2. \* matches one or more characters, including /, if the \* appears at the end of the resource name and it is immediately preceded by a /. For example, abc/\* doesn't match abc.
  3. Multiple consecutive / characters don't match with a single /. For example, abc/\*/xyz doesn't match abc/xyz.
  4. For purposes of comparison, trailing / characters will not be considered as part of the resource name. For example, abc/ or abc// will be treated the same as abc.

Here are some examples:

Pattern Matches Doesn't Match
http://xyz.sun.com:80/\* http://xyz.sun.com:80/
http://xyz.sun.com:80/index.html
http://xyz.sun.com:80/x.gif
http://abc.sun.com:80/
http://xyz.sun.com/index.html
http://xyz.sun.com:8080/index.html
http://xyz.sun.com:80/\*.html http://xyz.sun.com:80/index.html
http://xyz.sun.com:80/public/abc.html
http://xyz.sun.com:80/private/xyz.html
http://xyz.sun.com/index.html
http://xyz.sun.com:80/x.gif
http://abc.sun.com/index.html
http://xyz.sun.com:80/\*/abc http://xyz.sun.com:80/private/xyz/abc/xyz/abc
http://xyz.sun.com:80/xyz/abc
http://xyz.sun.com/abc
http://xyz.sun.com/abc.html
http://abc.sun.com:80/abc
http://xyz.sun.com:80/abc/\*/def http://xyz.sun.com:80/abc/123/def
http://xyz.sun.com:80/abc/abc/def
http://xyz.sun.com:80/abc/def/abc/def
http://xyz.sun.com:80/abc/def
http://xyz.sun.com:80/abc//def

And while we're on the subject of wild things, think of X, the seminal punk band of all time. The song in this video isn't one they wrote (for that you'd have to check out Johnny Hit and Run Paulene, Nausea or Los Angeles) but it does segue nicely. Here's X covering The Trogg's (not Tone-Loc's) Wild Thing. And that's Chuck Berry on stage at the video's end - a wild thing in his own right.

UPDATE: For more information on policy logic and wildcards see the following entries:

Comments:

Please take a look at my email (Policy Evaluation and agents) to the dev list. Both Mike Robinson and I replied. Its a gap in the documentation that its unclear how policies should be created, because its unclear what constitutes the URL.

For example: Normally people don't type http://xyz.sun.com:80/index.html as there URL its normally has URL params such as http://xyz.sun.com:80/index.html?arg=1.

So it no longer matches http://xyz.sun.com:80/\*.html in the policy engine.

It seems to only match http://xyz.sun.com:80/\*.html?\* which is confusing. So that causes most of your examples above do not work as described when URL parameters are used.

Posted by Christopher Nebergall on April 07, 2008 at 02:36 AM PDT #

Thanks, Christopher; I missed that thread. Here is a link to the email response for those interested: https://opensso.dev.java.net/servlets/ReadMsg?listName=dev&msgNo=1040
I'll take a look at it myself and update as warranted.

Posted by DocTeger on April 07, 2008 at 03:24 AM PDT #

I sent out another request/response on the same thread today asking developers to respond, but that probably won't show up in the search for the mailing lists till tomorrow.

Posted by Christopher Nebergall on April 07, 2008 at 03:52 AM PDT #

I'll keep my eye out for any more responses. Thanks.

Posted by DocTeger on April 07, 2008 at 04:00 AM PDT #

Post a Comment:
Comments are closed for this entry.
About

docteger

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today