Evaluate Expression Block

This block provides the ability to create multiple expressions and evaluate them. A business rule that can implemented via this block is as follows:

Allow money transfer from one account to another if ALL of the following conditions are met:

  • Transaction amount is less than 10,000$.
  • "From" account is a low risk account (Accounts starting with "100" are considered low risk accounts)
  • "To" account is a low risk account (Accounts starting with "100" are considered low risk accounts)

To implement the above scenario, following policy can be created:

  • Scope: create_transfer
  • Action: POST
  • Resource: /transfers
  • Constraint : A constraint chain which has an evaluate expression block as follows:


Name

Specify the name for the block.


Description

Provide a description for this block.


The final evaluation results in true if - *

  • All expressions evaluate to true - Select this option if you want all expressions to be evaluated in an AND operation.
  • At-least one expression evaluates to true - Select this option if you want all expressions to be evaluated in an OR operation.

Creating Expressions

Click on "Add New Expression" button to create an expression and fill in the following fields:

Left Hand Side (LHS)

Where is the LHS Attribute Location? *

Select the attribute location from one of the following options:

  • Headers - System will look for the attribute from Headers that are passed from resource server. The variable name that will be searched in headers for the value extraction is specified in field below.
  • Query Parameters - System will look for the attribute from Query Params that are passed from resource server. The variable name that will be searched in query paramteres for the value extraction is specified in field below.
  • Authorization Context - System will look for the attribute from the authorization Context that is passed from resource server. The variable name that will be searched in authorization context for the value extraction is specified in field below.
  • Message Context - System will look for the attribute from the current message context. The variable name that will be searched in message context for the value extraction is specified in field below.
  • AuthScope Data Services - System will look for the attribute from AuthScope Data Store. The variable name that will be searched in AuthScope Data Store for the value extraction is specified in field below.
  • Others - This option can be used to specify the attribute location in the format specified in next field.
  • Value - Use this option if you would like to specify a hard coded value for the variable. The following field can be used to specify the value.
What is the LHS attribute name?

Specify the attribute name that should be selected from the location above if you selected one of the following options:

  • Headers
  • Query Parameters
  • Authorization Context
  • Message Context

If you selected the "Other" option in above field then enter the attribute value as follows:

Example Inputs Value selected
messageContext.allowedGroups.name {"messageContext": {"allowedGroups": {"name" : "teller"}}} teller
authzContext.amount {"authzContext": {"amount": 10000}} 10000

if you selected the "Value" option above then specify the hard coded attribute value here. Example teller,manager etc.


Operator

Select the operation to be performed from one of the following options:

  • Equals - Check if the left hand side value is equal to right hand side value. System will use perform the equals operation as specified by the == JavaScript operation.
  • Not Equals - Check if the left hand side value is not equal to right hand side value. System will use perform the "not equals" operation via the inequality operation specified by the != JavaScript operation).
  • Less Than - Check if the left hand side value is less than right hand side value. System will try to covert left hand side and right hand side values to Float via JavaScript parseFloat API before performing this operation.
  • Greater Than - Check if the left hand side value is greater than right hand side value. System will try to covert left hand side and right hand side values to Float via JavaScript parseFloat API before performing this operation.
  • Contains - Check if left hand side contains the right hand side value. This operation is applicable ONLY if the left hand side is an Array.
  • Not Contains - Check if left hand side does not contain the right hand side value. This operation is applicable ONLY if the left hand side is an Array.
  • Starts with - Check if the left hand side starts with the right hand side value.
  • Ends with - Check if the left hand side ends with the right hand side value.
  • Matches Regex - Check if the left hand side value matches the pattern as in right hand side Regular expression.
  • Not Matches Regex - Check if the left hand side value does not match the pattern in right hand side Regular expression.

Right Hand Side (RHS)

Where is the RHS Attribute Location? *

Select the attribute location from one of the following options:

  • Headers - System will look for the attribute from Headers that are passed from resource server. The variable name that will be searched in headers for the value extraction is specified in field below.
  • Query Parameters - System will look for the attribute from Query Params that are passed from resource server. The variable name that will be searched in query paramteres for the value extraction is specified in field below.
  • Authorization Context - System will look for the attribute from the authorization Context that is passed from resource server. The variable name that will be searched in authorization context for the value extraction is specified in field below.
  • Message Context - System will look for the attribute from the current message context. The variable name that will be searched in message context for the value extraction is specified in field below.
  • AuthScope Data Services - System will look for the attribute from AuthScope Data Store. The variable name that will be searched in AuthScope Data Store for the value extraction is specified in field below.
  • Others - This option can be used to specify the attribute location in the format specified in next field.
  • Value - Use this option if you would like to specify a hard coded value for the variable. The following field can be used to specify the value.
What is the RHS attribute name?

Specify the attribute name that should be selected from the location above if you selected one of the following options:

  • Headers
  • Query Parameters
  • Authorization Context
  • Message Context

If you selected the "Other" option in above field then enter the attribute value as follows:

Example Inputs Value selected
messageContext.allowedGroups.name {"messageContext": {"allowedGroups": {"name" : "teller"}}} teller
authzContext.amount {"authzContext": {"amount": 10000}} 10000

if you selected the "Value" option above then specify the hard coded attribute value here. Example teller,manager etc.


results matching ""

    No results matching ""