A serious error was discovered in the implementation of this feature, as disclosed in an advisory. The
<PathRegex> element is used to apply content rules to requests whose path matches a regular expression. The query string, if any, is NOT included in the comparison.
Regular expressions apply to the remainder of the path that is being compared and do not "nest", so if you care what's after the part you're matching, then choose your expression to check for that.
<RequestMapper type="Native"> <RequestMap applicationId="default"> <Host name="sp.example.org"> <Path name="secure"> <!-- Note the reversed ignoreCase setting, see the warning above. --> <PathRegex regex="(en|de|it|fr)/create/new/class" ignoreCase="false" authType="shibboleth" requireSession="true"> <AccessControl><NOT><Rule require="affiliation">student</Rule></NOT></AccessControl> </PathRegex> </Path> </Host> </RequestMap> </RequestMapper>
Version 2.6 and Above
caseSensitive(boolean) (defaults to false)
XML attributes corresponding to request mapper properties are used.
<Query>(zero or more)
For more details on how the request mapping process works, see the request mapper HOWTO.