The SOAP Authorization Policy is nearly identical to the Authorization Policy, with the exception that it accepts a SOAPAction in the HTTP header.
This policy will only accept a single SOAPAction header. It will not extract the operation name from the SOAP body.
Configuration Options
|
Option |
|
Type |
Description |
Possible Values |
Default |
|---|---|---|---|---|---|
|
Rule |
|
Array[<rules>] |
A list of rules that your policy will apply if each of the properties match. |
- |
- |
|
|
Rules Options |
||||
|
SOAP Action |
String |
Defines the SOAPAction the policy should be applicable to. |
- |
- |
|
|
Role |
String |
The role that must be assigned to the user if this pattern matches the request. |
- |
- |
|
|
Should the request pass when any or all of the authorization rules pass? |
|
Boolean |
Set to true if all rules must match, false if only one rule must match. |
all
|
all |
|
If the request does not match any of the authorization rules, should it pass or fail? |
|
Boolean |
Set to true if you want the policy to pass when no rules are matched. |
pass
|
pass |