ACL matching on URLs

From: Mallin, Eoin <emallin#revenue.ie>
Date: Fri, 12 Feb 2010 14:43:47 -0000

Hi all,
I'm looking for the best approach for matching the first part of a URL in ACLs. Some examples of the types of URLs include:

Backend 1 (application context-path = /web) http://hostname:port/web
http://hostname:port/web/form.html

Backend 2 (application context-path = /webservices) http://hostname:port/webservices/serviceA http://hostname:port/webservices/serviceB

The following approach for ACLs would only work if the ACL that matches /webservices comes before the one for /web. Ideally I don't want to have to enforce this type of constraint as we have 70+ URL patterns for one frontend and this type of restriction could be error-prone as more patterns are added over time.

Won't work
acl backend1_acl path_beg /web
acl backend2_acl path_beg /webservices

use_backend1 if backend1_acl
use_backend2 if backend2_acl

Will work
acl backend1_acl path_beg /web
acl backend2_acl path_beg /webservices

use_backend2 if backend2_acl
use_backend1 if backend1_acl

Is there some straight forward solution that I'm missing? Perhaps a regex is the only way to enforce a concrete rule? Any suggestions?

Many thanks for your help.

Regards,
Eoin


Please note that Revenue cannot guarantee that any personal and sensitive data, sent in plain text via standard email, is fully secure. Customers who choose to use this channel are deemed to have accepted any risk involved. The alternative communication methods offered by Revenue include standard post and the option to register for our (encrypted) secure email service. http://www.revenue.ie/en/practitioner/secure-email.html


Received on 2010/02/12 15:43

This archive was generated by hypermail 2.2.0 : 2010/02/12 16:00 CET