Skip to content

Latest commit

 

History

History
132 lines (94 loc) · 3.38 KB

README.adoc

File metadata and controls

132 lines (94 loc) · 3.38 KB
Raw

Resource filtering policy

Gravitee.io License Releases CircleCI

Phase

onRequest onResponse

X

Description

You can use the resource-filtering policy to filter REST resources. By applying this filter, you can restrict or allow access to a specific resource determined by a path and a method (or an array of methods).

This policy is mainly used in plan configuration, to limit subscriber access to specific resources only.

A typical usage would be to allow access to all paths (/**) but in read-only mode (GET method).

Warning
 You can’t apply whitelisting and blacklisting to the same resource. Whitelisting takes precedence over blacklisting.

Compatibility with APIM

Plugin version

APIM version

1.x

All supported versions

Configuration

Property Required Description Type Default

whitelist

-

List of allowed resources

array of resources

-

blacklist

-

List of restricted resources

array of resources

-

A resource is defined as follows:

Property Required Description Type Default

pattern

X

An Ant-style path patterns (Apache Ant).

string

-

methods

-

List of HTTP methods for which filter is applied.

array of HTTP methods

All HTTP methods

Configuration example

"resource-filtering" : {
    "whitelist":[
        {
            "pattern":"/**",
            "methods": ["GET"]
        }
    ]
}

Ant style path pattern

URL mapping matches URLs using the following rules:

  • ? matches one character

  • * matches zero or more characters

  • ** matches zero or more directories in a path

Errors

HTTP status codes

Code Message

403

Access to the resource is forbidden according to resource-filtering rules

405

Method not allowed while accessing this resource

Default response override

You can use the response template feature to override the default responses provided by the policy. These templates must be defined at the API level (see the API Console Response Templates option in the API Proxy menu).

Error keys

The error keys sent by this policy are as follows:

Key Parameters

RESOURCE_FILTERING_FORBIDDEN

path - method

RESOURCE_FILTERING_METHOD_NOT_ALLOWED

path - method