- Preface
- Required Configuration
- Handlers
- Filters
- AllowOnlyFilter
- AssignmentFilter
- CapturedUserPasswordFilter
- CertificateThumbprintFilter
- ClientCredentialsOAuth2ClientFilter
- ConditionalFilter
- ConditionEnforcementFilter
- ChainOfFilters
- CookieFilter
- CorsFilter
- CrossDomainSingleSignOnFilter
- CryptoHeaderFilter
- CsrfFilter
- DateHeaderFilter
- EntityExtractFilter
- FapiInteractionIdFilter
- FileAttributesFilter
- ForwardedRequestFilter
- HeaderFilter
- HttpBasicAuthenticationClientFilter
- HttpBasicAuthFilter
- IdTokenValidationFilter
- JwtBuilderFilter
- JwtValidationFilter
- LocationHeaderFilter
- OAuth2ClientFilter
- OAuth2ResourceServerFilter
- PasswordReplayFilter
- PolicyEnforcementFilter
- ScriptableFilter
- SessionInfoFilter
- SetCookieUpdateFilter
- SingleSignOnFilter
- SqlAttributesFilter
- StaticRequestFilter
- SwitchFilter
- ThrottlingFilter
- TokenTransformationFilter
- UmaFilter
- UriPathRewriteFilter
- UserProfileFilter
- Decorators
- Audit Framework
- Monitoring
- Throttling Policies
- Miscellaneous Configuration Objects
- Property Value Substitution
- Expressions
- Expressions
- Functions
- array
- boolean
- contains
- decodeBase64
- decodeBase64url
- digestSha256
- encodeBase64
- encodeBase64url
- fileToUrl
- formDecodeParameterNameOrValue
- formEncodeParameterNameOrValue
- indexOf
- integer
- integerWithRadix
- ipMatch
- join
- keyMatch
- length
- matchingGroups
- matches
- pathToUrl
- pemCertificate
- read
- readProperties
- readWithCharset
- split
- toJson
- toLowerCase
- toString
- toUpperCase
- trim
- urlDecode
- urlEncode
- urlDecodeFragment
- urlDecodePathElement
- urlDecodeQueryParameterNameOrValue
- urlDecodeUserInfo
- urlEncodeFragment
- urlEncodePathElement
- urlEncodeQueryParameterNameOrValue
- urlEncodeUserInfo
- More Information
- Patterns
- Scripts
- Properties
- Requests, Responses, and Contexts
- AttributesContext
- CapturedUserPasswordContext
- ClientContext
- Contexts
- CdSsoContext
- CdSsoFailureContext
- JwtBuilderContext
- JwtValidationContext
- JwtValidationErrorContext
- OAuth2Context
- PolicyDecisionContext
- Request
- Response
- SessionContext
- SessionInfoContext
- SsoTokenContext
- Status
- StsContext
- TransactionIdContext
- URI
- UriRouterContext
- UserProfileContext
- Access Token Resolvers
- Secret Stores
- Supported Standards
ConditionEnforcementFilter
Verifies that a specified condition is met. If the condition is met, the request continues to be executed. Otherwise, the request is referred to a failure handler, or IG returns 403 Forbidden and the request is stopped.
Usage
{
"type": "ConditionEnforcementFilter",
"config": {
"condition": runtime expression<boolean>,
"failureHandler": handler reference
}
}Properties
"condition": runtime expression<boolean>, requiredIf the expression evaluates to
true, the request continues to be executed.See also Expressions.
"failureHandler": handler reference, optionalHandler to treat the request if the condition expression evaluates as
false.Provide an inline handler configuration object, or the name of a handler object declared in the heap. See also Handlers.
Default: HTTP 403 Forbidden, the request stops being executed.
Example
The following example tests whether a request contains a session username. If it does, the request continues to be executed. Otherwise, the request is dispatched to the ConditionFailedHandler failure handler.
{
"name": "UsernameEnforcementFilter",
"type": "ConditionEnforcementFilter",
"config": {
"condition": "${not empty (session.username)}",
"failureHandler": "ConditionFailedHandler"
}
}