Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 141

Using the URL of the Protected Resource
When you assign a Form Fill policy to a protected resource, we recommend that the URL specified
in the URL Path List contain the filename of the page. Usually, such a URL is enough to match the
HTML page for the form. However, when pages are dynamically generated, the same filename is
sometimes used to display different pages. Sometimes you can't specify the filename in the URL.
When this is the case, you need to use either the CGI Matching Criteria or the Page Matching
Criteria to create an accurate page matching rule.
Using CGI Matching Criteria
If the page for the URL changes with the CGI portion of the URL (the portion that follows the
question mark (?) and also called the query string), you can enter the CGI value. For example,
consider the following URL:
http://webaccess.novell.com/servlet/webacc?Action=User.logout
If this is your URL, you can enter
Matching Criteria option. If the page generated from this URL always contains the page you want to
match, you do not need to add any additional page matching criteria.
Using Page Matching Criteria
If your URL of your protected resource has the following characteristics, you need to use page
matching criteria:
The URL does not contain any CGI data.
The URL displays generated pages that vary in content. For example, if your form fill login
page and the login failure page share the same URL, you need to use page matching criteria.
Page matching criteria are the most processing-intense form of matching and should be avoided if
possible, but sometimes they are the only method available to identify the page with the correct
form. For example, suppose you have a login failure page and login page that use the same URL,
with no CGI data. You can use page matching criteria to ensure that the Access Gateway matches
the Form Fill policies for login and for login failure to the correct pages. You need to examine the
source code for each page, and identify a string at the top of the page that uniquely identifies the
page.
For example, the login page might contain a
logging in to. If the login failure page does not contain the same
element to identity the login page. Suppose that this is true and the login page contains the
<TITLE>
following string:
<TITLE>Novell WebAccess</TITLE>
You would add this string as the value in the text box for the Page Matching Criteria option.
Remember that white space is significant when white space is entered to the left of the value in the
text box. To have the Access Gateway ignore white space, left-justify the value in the text box, or to
ensure the correct amount of white space, copy and paste the HTML text directly from the source
code of the Web page.
Now you need to uniquely identify the login failure page. If this page does not have a
element, look at the strings near the top of the page. Suppose the page contains the following string:
"Please log in again. You might have typed your name or password incorrectly."
as the value in the text box for the CGI
Action=User.logout
element that names the application the user is
<TITLE>
element, you can use the
<TITLE>
<TITLE>
Creating Form Fill Policies 141