AnsweredAssumed Answered

Protect only POST method on resource

Question asked by JMCColorado on Aug 23, 2017
Latest reply on Aug 24, 2017 by Ujwol Shrestha

I should know the answer to this, but it has been a while since I have written SiteMinder policy.


We have an API (one URI) that needs to be accessible anonymously via get, and protected for POST operations.


I have an unprotected realm, and a rule of * with POST.


It appears that this basically protects all methods for *, but only the POST method will be authorized via the attached policy.


Is there any way in policy (without using webappclientresponse) to leave get unprotected, and protect POST only?

If not, I will start looking at webappclient response, it just seems like it should be doable in policy.