UmaFilter
This filter acts as a policy enforcement point, protecting access as a User-Managed Access (UMA) resource server. Specifically, this filter ensures that a request for protected resources includes a valid requesting party token with appropriate scopes before allowing the response to flow back to the requesting party.
Usage
{
"name": string,
"type": "UmaFilter",
"config": {
"protectionApiHandler": Handler reference,
"umaService": UmaService reference,
"realm": configuration expression<string>
}
}
Properties
"protectionApiHandler"
: Handler reference, required-
The handler to use when interacting with the UMA authorization server for token introspection and permission requests, such as a ClientHandler capable of making an HTTPS connection to the server.
For information, see Handlers.
"umaService"
: UmaService reference, required-
The UmaService to use when protecting resources.
For information, see UmaService.
"realm"
: configuration expression<string>, optional-
The UMA realm set in the response to a request for a protected resource that does not include a requesting party token enabling access to the resource.
Default:
uma