Java Policy Agents 5.10

Handling query parameters

For information about properties to configure query parameter handling, see Query parameters.

By default, Java Agent considers any query parameters to be part of the URL, and inserts the entire string into the policy decision cache. For example, the agent inserts each of the following URLs in the cache, even though the root URL is the same:

http://agent.example.com:8080/protected/resource.jsp
http://agent.example.com:8080/protected/resource.jsp?a=value1
http://agent.example.com:8080/protected/resource.jsp?b=value2

Web applications that add new parameters to the URL on every request would fill the agent’s policy cache without actually using it, which in turn causes the agent to request policy decision to AM each time.

To prevent this behavior, configure agents to do one of the following:

The properties are mutually exclusive, and the agent checks them in the following order of precedence:

  1. Remove Query Parameters

  2. Regular Expression Remove Query Parameters

  3. Retain Query Parameters

  4. Regular Expression Retain Query Parameters

Java Agent strips nominated query parameters from the URL before taking the following actions:

  • Asking AM for policy evaluation

  • Checking the not-enforced lists

Ensure the policies defined in AM, and the not-enforced rules configured for the agent, do not expect a parameter that has been removed.

Copyright © 2010-2022 ForgeRock, all rights reserved.