General: Policies
A policy consists of three main items:
- A policy name. This name can be freely chosen.
- A default action. This default action is used to determine what to do with parameters that do not match any policy rules.
- Policy parameters. For every parameter, a single default value and multiple rules can be specified (where applicable).
On invocation of a service, every request parameter which is connected to a policy parameter, is matched against the policy rules in the order they are defined. The last match determines if the specific value for the parameter is allowed or denied. In case there are no matches, the default action for the policy will be used.
Known Policy Parameters
| Name | Description |
|---|---|
| location-id, location-urlid | These parameters are used to limit the services to only retrieve data for specific locations. The first form of the parameter allows to specify the locations as numeric ids (and ranges), the second form of the parameter allows to specify the locations as textual ids (including wildcards). Type: Affected services: converttime, dstlist, places, timeservice Note: Service parameters have to match both the location-id and the location-urlid policy parameters. If the policy default action is set to deny, this means that you have to add both parameters to the policy and configure both (it's enough to set the unused one to allow everything) – otherwise all values would be denied. |
| param-geo | This policy parameter is used to constrain the request parameter Type: Affected services: places, timeservice |
| param-sun | This policy parameter is used to constrain the request parameter Type: Affected services: timeservice |
| param-time | This policy parameter is used to constrain the request parameter Type: Affected services: timeservice |
| param-timechanges | This policy parameter is used to constrain the request parameter Type: Affected services: timeservice |
| param-tz | This policy parameter is used to constrain the request parameter Type: Affected services: converttime, timeservice |
| service | This policy parameter actually does not constrain a request parameter, but it constrains the called service itself: services not allowed by this policy parameter cannot be called at all. Type: Affected services: all |
Policy Parameter Types
| Type | Possible Values |
|---|---|
| Boolean | Boolean parameters have only limited policy support: it is possible to allow to enable and disable a request parameter (and specify an optional default value), or to set a Boolean request parameter to be enabled or disabled all time (this automatically includes the specified value as default value). It is not possible to specify a contradiction, i.e. to neither allow the enabled nor the disabled state for a request parameter. In case of a contradiction (i.e. by setting the policy default action to deny, and not include the parameter in the rule set), the request parameter will default to disabled. |
| Integer | For Integer parameters, allowed (or denied) values can be specified as exhaustive listing, as ranges or as a combination of both. Additionally it is possible to specify a default value which is used in case the parameter is not specified for the request. |
| String | String parameters essentially behave like Integer parameters, the difference is that instead of ranges the have to be specified by using wildcards. The |