Filter Objects
The required filters array defines a list of filters to be processed on each router request. Filters are processed in the order in which they are specified in this array.
Filter objects are defined as follows.
{ "pattern": string, "methods": [ string, ... ], "condition": script object, "onRequest": script object, "onResponse": script object, "onFailure": script object }
- pattern
string, optional
Specifies a regular expression pattern matching the JSON pointer of the object to trigger scripts. If not specified, all identifiers (including
null
) match. Pattern matching is done on the resource name, rather than on individual objects.- methods
array of strings, optional
One or more methods for which the script(s) should be triggered. Supported methods are:
"create"
,"read"
,"update"
,"delete"
,"patch"
,"query"
,"action"
. If not specified, all methods are matched.- condition
script object, optional
Specifies a script that is called first to determine if the script should be triggered. If the condition yields
"true"
, the other script(s) are executed. If no condition is specified, the script(s) are called unconditionally.- onRequest
script object, optional
Specifies a script to execute before the request is dispatched to the resource. If the script throws an exception, the method is not performed, and a client error response is provided.
- onResponse
script object, optional
Specifies a script to execute after the request is successfully dispatched to the resource and a response is returned. Throwing an exception from this script does not undo the method already performed.
- onFailure
script object, optional
Specifies a script to execute if the request resulted in an exception being thrown. Throwing an exception from this script does not undo the method already performed.
Pattern Matching in the router.json
File
Pattern matching can minimize overhead in the router service. For example, the default router.json
file includes instances of the pattern
filter object, which limits script requests to specified methods and endpoints.
Based on the following code snippet, the router service would trigger the policyFilter.js
script for CREATE
and UPDATE
calls to managed, system, and internal objects:
{ "pattern" : "^(managed|system|internal)($|(/.+))", "onRequest" : { "type" : "text/javascript", "source" : "require('policyFilter').runFilter()" }, "methods" : [ "create", "update" ] }
Without this pattern
, IDM would apply the policy filter to additional objects such as the audit service, which may affect performance.