Query

1 Overview
2 Reference
- 2.1 Attributes
  - 2.1.1 Content Specifiers
  - 2.1.2 Content Settings
- 2.2 Child Elements
  - 2.2.1 Access Control
  - 2.2.2 Nested Content Specifiers
3 Example

Overview

The <Query> element is used to apply content settings to requests containing specific query string parameters.

Query string matching can be ill-advised, because the client totally dictates the information, and case matters. It should be used only when the case of the parameter name is significant to the application consuming it, because then the client can bypass your rule, but not actually get the application to run.

Reference

Attributes

Content Specifiers

Names	Type	Req?	Description

Names	Type	Req?	Description
name	string	Y	Required, the name of the parameter that must be present to match. Parameter names are case-sensitive.
regex	string		Optional, specifies a regular expression that must match one of the parameter's values. If omitted, the mere presence of a value for the named parameter is sufficient for a match.

Content Settings

The element supports a large number of XML attributes corresponding to the content settings supported by the SP:

Child Elements

Access Control

Nested Content Specifiers

Name	Cardinality	Description

Name	Cardinality	Description
<Query>	0 or more	Matches requests containing a query string parameter satisfying the element.

Unlike paths, query strings aren't nested, but nesting the element allows for a conjunction (AND) between the parent element and the child. Sibling elements, meanwhile, form a disjunction (OR).

For more details on how the request mapping process works, see the HowTo.

Example

This is a real-life example for a <Query> element that is used to protect specific pages in a Dokuwiki instance. This example enforces a Shibboleth session on https://www.example.org/doku.php and only users with the given affiliation will be able to access URLs like https://www.example.org/doku.php?id=internal or https://www.example.org/doku.php?id=internal:subdirectory. Note that the AccessControl rule only is enforced for a URL that starts with /doku.php

<RequestMap applicationId="default">
    <Host name="www.example.org">
        <Path name="doku.php" authType="shibboleth" requireSession="true"/>
            <Query name="id" regex="^internal.*">
                <AccessControl>
                    <Rule require="affiliation">faculty@osu.edu student@osu.edu</Rule>
                </AccessControl>
            </Query>
        </Path>
    </Host>
</RequestMap>