Policy Server Guides › Policy Server Configuration Guide › Enterprise Policy Management › Use Cases for Defining Application Security Policies Using Application Objects

Use Cases for Defining Application Security Policies Using Application Objects

Learn how to define application security policies using application objects by reviewing the following use cases:

• Application Security Policy to Protect a Web Portal
• Application Security Policies Based on Roles
• Application Security Policies with User Mapping and Named Expressions
• Application Security Policy Based on CA DataMinder Content Classifications

Application Security Policy to Protect a Web Portal

In this use case, a software company, sample-software-company.com, has a web portal that provides information about the company and its products to the public.

Anyone can access the main home page and product information pages, such as promotional materials and white papers without restrictions. This area of the web portal does not require any security policy. Access to the software downloads area; however, is restricted to registered customers. Each customer is assigned a user name and password which is stored in an LDAP directory server.

The following use case shows how an application security policy protects the restricted software downloads area so that only registered customers have access.

Given:

• The SiteMinder environment contains a single LDAP directory server that stores the user names and passwords for all of the registered customers.
• Customers must authenticate with a user name and password before they can access the software downloads area.

Solution:

To solve this use case, use the following process:

1. Identify the web portal that needs protecting and select the directory containing the customer information.
2. Create separate resources for the software download area of the portal.
3. Create a registered customers role.
4. Associate the resources with the registered customers role to create an application security policy.