Enter a filter criteria in the Filter criteria field.
The filter criteria is the filtering parameter used by the Java class that is used by SPNEGO. It defines
arbitrary criteria that is meaningful to the implementation class
used. The com.ibm.ws.security.spnego.HTTPHeaderFilter default implementation
class uses this property to define a list of selection rules that
represent conditions that are matched against the HTTP request headers
to determine whether or not the HTTP request is selected for SPNEGO
authentication.
Each condition is specified with a key-value
pair, separated from each other by a semicolon. The conditions are
evaluated from left to right, as they display in the specified property.
If all conditions are met, the HTTP request is selected for SPNEGO
authentication.
The key and value in the key-value pair are
separated by an operator that defines which condition is checked.
The key identifies an HTTP request header to extract from the request
and its value is compared with the value that is specified in the
key-value pair according to the operator specification. If the header
that is identified by the key is not present in the HTTP request,
the condition is treated as not being met.
Any of the standard
HTTP request headers can be used as the key in the key-value pairs.
Refer to the HTTP specification for the list of valid headers. In
addition, two keys are defined to extract information from the request,
also useful as a selection criterion, which is not available through
standard HTTP request headers. The remote-address key is used as a
pseudo header to retrieve the remote TCP/IP address of the client
application that sent the HTTP request. The request-URL key is used
as a pseudo header to retrieve the URL that is used by the client
application to make the request. The interceptor uses the result of
the getRequestURL operation in the javax.servlet.http.HttpServletRequest
interface to construct the web address. If a query string is present,
the result of the getQueryString operation in the same interface is
also used. In this case, the complete URL is constructed as follows:
String url = request.getRequestURL() + ‘?' + request.getQueryString();
Table 1. Filter conditions and operations. This table describes the filter criteria conditions and operations.
Condition |
Operator |
Example |
Match exactly |
== ![[Updated in August 2011]](../../deltaend.gif) aug2011 Arguments are compared
as equal.
|
host==host.my.company.com ![[Updated in August 2011]](../../deltaend.gif) aug2011 |
Match partially (includes) |
%= Arguments are compared with a partial match
being valid.
|
user-agent%=IE 6 |
Match partially (includes one of many) |
^= Arguments are compared with a partial match
being valid for one of many arguments specified.
|
request-url^=webApp1|webApp2|webApp3 |
Does not match |
!= Arguments are compared as not equal.
|
request-url!=noSPNEGO |
Greater than |
> Arguments are compared lexogaphically
as greater than.
|
remote-address>192.168.255.130 |
Less than |
< Arguments are compared lexographically
as less than.
|
remote-address<192.168.255.135 |