<Path> element is used to apply content rules to requests containing a specific path segment.
Path matching can be nested, and embedding multiple path segments in a single element is also allowed to simplify authoring rules. However, segments between matching portions cannot be skipped, except by using the
<PathRegex> element instead.
Path matching is also greedy. As much of the request's path as possible is consumed during each comparison, and only the remaining portion is used in any subequent nested comparison.
Finally, do not attempt to use a
<Path> element with only a "/" character to indicate the root of a virtual host. It will be ignored, and your log will contain a warning. Put any settings that apply to a virtual host in the parent
XML attributes corresponding to request mapper properties are used.
<RequestMapper type="Native"> <RequestMap applicationId="default"> <Host name="sp.example.org"> <!-- Example of a single nested path segment --> <Path name="secure"> <!-- Example of a multiple path segments separated by slashes --> <Path name="/create/new/class" authType="shibboleth" requireSession="true"> <AccessControl><NOT><Rule require="affiliation">student</Rule></NOT></AccessControl> </Path> </Path> </Host> </RequestMap> </RequestMapper>
Zero or more of these "overrides" to match specific content deeper inside the matched path can be included.
Matching is done as follows:
1. First, by examining
<Path> elements in order.
2. Then, by checking any
<PathRegex> elements in order against the part of the path that was not matched in the first step.
3. Finally, by examining any
<Query> elements in order.
Once a match on the
name attribute is found, the process steps "into" that element and no other siblings will be applied. Thus, siblings cannot overlap.
For more details on how the request mapping process works, see the request mapper HOWTO.