Handling query parameters
For information about properties to configure query parameter handling, refer to Query parameters.
By default, Java Agent considers any query parameters to be part of the URL, and inserts the entire string into the policy decision cache. For example, the agent inserts each of the following URLs in the cache, even though the root URL is the same:
https://agent.example.com:443/protected/resource.jsp
https://agent.example.com:443/protected/resource.jsp?a=value1
https://agent.example.com:443/protected/resource.jsp?b=value2
Web applications that add new parameters to the URL on every request would fill the agent’s policy cache without actually using it, which in turn causes the agent to request policy decision to AM each time.
To prevent this behavior, configure agents to do one of the following:
-
Retain nominated URL parameters. For example, remove all except that are added as part of the policy evaluation.
Configure one of the following properties:
-
Discard nominated URL parameters. For example, to remove all parameters added by the
angular.js
framework.Configure one of the following properties:
The properties are mutually exclusive, and the agent checks them in the following order of precedence:
-
Remove Query Parameters
-
Regular Expression Remove Query Parameters
-
Retain Query Parameters
-
Regular Expression Retain Query Parameters
Java Agent strips nominated query parameters from the URL before taking the following actions:
Ensure the policies defined in AM, and the not-enforced rules configured for the agent, do not expect a parameter that has been removed. |