Sun Access Manager authorization

Note   This feature has been deprecated and will be removed in a future release. See Oracle Access Manager filters.

Sun Access Manager is an identity management product that provides authentication, authorization, and single sign-on (SSO) capabilities. API Gateway uses an access manager policy agent embedded in the Authorization filter to authorize previously authenticated users for a particular resource.


Complete the following fields to authorize an authenticated user against Sun Access Manager:

Enter a descriptive name for this filter.

Service Name:
Enter the name of the configured access manager service to which the Resource specified below belongs.

Enter the name of the resource for which the request must be authorized. You can configure access rules for protected resources with Sun Access Manager. For more details, see the access manager documentation.

Note   The value entered here can include one or more message attribute selectors. At runtime, each selector is replaced by the value of the corresponding API Gateway message attribute.

For example, the ${http.request.uri} selector is replaced by the relative path on which the request was received, while the ${http.request.verb} selector is replaced by the HTTP verb used in the request to the API Gateway. To view a list of available message attribute selectors, enter the $ character in this field. You can then select one or more appropriate string-based selectors from the list to specify the resource name. For more details on selectors, see Select configuration values at runtime in the API Gateway Policy Developer Guide.

For example, the default configuration entry for this field is:${http.request.uri}

At runtime, each of the selectors is replaced by the corresponding value to produce a Resource such as the following:


HOST_MACHINE represents the IP address or host name of the machine running API Gateway.

Sun Access Manager can grant or restrict access to a protected resource based on the action in the request. For example, an administrator user can POST to a web page resource, but a normal user can only view the resource using GET requests. Therefore, for web page resources, the Action specified typically corresponds to an HTTP verb. However, other applications might have custom operations associated with them that can also be specified.

By default, the Action field is configured to use the ${http.request.verb} selector, which is replaced at runtime by the HTTP verb (for example, POST) used by the client to send the request to API Gateway.

Related Links