The following examples illustrate the results of the several possible combinations of settings for the administrator parameters.
If use_admin_id = false, and require_sm_headers = true, the admin ID is in the session. The ID has been authorized for this request by CA SiteMinder or CA SOA Security Manager.
The previous settings are the default settings.
With these settings, CA IdentityMinder uses the ID in the session, even if an ID is specified in < admin_id>.
Code Example
<init-param>
<param-name>use_admin_id</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>require_sm_headers</param-name>
<param-value>true</param-value>
</init-param>
If use_admin_id = true, and require_sm_headers = false, the admin ID is specified in < admin_id>. CA IdentityMinder does not verify whether the administrator is authorized for the request.
With these settings, CA IdentityMinder does not check the session information for an ID.
Typically, these settings are used when SiteMinder or SOA Security Manager is not protecting the web service end point.
Code Example
<init-param>
<param-name>use_admin_id</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>require_sm_headers</param-name>
<param-value>false</param-value>
</init-param>
If use_admin_id = true, and require_sm_headers = true, the admin ID is specified in < admin_id>. CA IdentityMinder does not verify whether the administrator is authorized for the request.
With these settings, CA IdentityMinder validates that SiteMinder headers are present in the request.
Typically, these settings are used to provide impersonation functionality for the request.
Code Example
<init-param>
<param-name>use_admin_id</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>require_sm_headers</param-name>
<param-value>true</param-value>
</init-param>
|
Copyright © 2013 CA.
All rights reserved.
|
|