Access control for dynamic URLs: dynurl.conf

WebSEAL uses the protected object space model, access control lists (ACL), and protected object policies (POP) to secure dynamically generated URLs, such as those generated by database requests.

Each request to WebSEAL is resolved to a specific object as the first step in the authorization process. An ACL or POP applied to the object dictates the required protection on any dynamic URL mapped to that object.

Because dynamic URLs exist only temporarily, it is not possible to have entries for them in a pre-configured authorization policy database. Security Verify Access solves this problem by providing a mechanism where many dynamic URLs can be mapped to a single static protected object.

Maps from objects to patterns are kept in a plain text configuration file called dynurl.conf.

We can use the LMI to manage the dynamic URL configuration file. Go to Web > Global Settings > URL mapping.

The name of this file is defined by the dynurl-map stanza entry in the [server] stanza of the WebSEAL configuration file:

[server]
dynurl-map = dynurl.conf

We must create this file; the file does not exist by default.

The existence of this file (with entries) during WebSEAL startup enables the dynamic URL capability.

Parent topic: Access control for dynamic URLs