Previous Topic: Configure a Rule for Impersonation Event ActionsNext Topic: Enable and Disable Rules

Policy Server GuidesPolicy Server Configuration GuideRulesResource Matching and Regular Expressions

Resource Matching and Regular Expressions

Rules may use resource matching and regular expression matching to specify resources in a realm.

Standard Resource Matching

By default, resource matching for a rule is done with wildcards.

The following table describes the characters that are supported for resource matching.

Character

Use

*

The wildcard (*) is used to match all characters in the string. The expression *.html will match all files with a .html file extension, such as index.html, out.html, and so forth.

?

The question mark (?) will match a single character of the string. The expression lmn?p will match the sub-string lmnop, lmnep, and so forth.

Regular Expressions for Resource Matching

Regular expressions allow for greater flexibility in resource matching. To enable regular expression matching, in the CA SiteMinder® Rule dialog, select the Regular Expression check box.

Regular expressions are text patterns used for string matching. Examples of the syntax used in regular expressions are shown in the following table:

Characters

Results

\

Used to quote a meta-character (like ’*’)

\\

Matches a single ’\’ character

(A)

Groups subexpressions (affects order of pattern evaluation)

[abc]

Simple character class (any character within brackets matches the target character)

[a-zA-Z]

Character class with ranges (any character range within the brackets matches the target character)

[^abc]

Negated character class

.

Matches any character other than newline

^

Matches only at the beginning of a line

$

Matches only at the end of a line

A*

Matches A 0 or more times (greedy)

A+

Matches A 1 or more times (greedy)

A?

Matches A 1 or 0 times (greedy)

A{n}

Matches A exactly n times (greedy)

A{n,}

Matches A at least n times (greedy)

A{n,m}

Matches A at least n but not more than m times (greedy)

A*?

Matches A 0 or more times (reluctant)

A+?

Matches A 1 or more times (reluctant)

A??

Matches A 0 or 1 times (reluctant)

AB

Matches A followed by B

A|B

Matches either A or B

\1

Backreference to 1st parenthesized subexpression

\n

Backreference to nth parenthesized subexpression

Limit: Each regular expression can contain no more than 10 subexpressions, including the expression itself. The number of subexpressions equals the number of left or opening parentheses in the regular expression plus one more left parenthesis for the expression itself.