This feature was added to give the administrator more flexibility in integrating off the shelf apps into Access Manager, as well as modifying application behavior. In most cases you shouldn’t need this feature. But if you do, you will be glad its there.
You can also select CGI or Page matching criteria, this work exactly the same as on the standard form fill policy configurations. Also keep in mind that this policy will have to be deployed as part of a protected resource. You should try to use the matching criteria and protected resource path definitions both to limit the scope of your injection policy as much as possible. The more narrow the scope of the policy, the less overhead the form fill engine will need to consume to detect and inject on the pages in scope.
Hello World Examples
Idle Timeout Handler Examples
A common request from security auditors is to automatically logout a user when an idle timeout period is reached. NAM has built in idle timeout handling, but it simply destroys the user’s HTTP session. The potentially sensitive contents of the application screen are left in a users browser for other people to see. And worst yet,l the user may return to the page to continue editing a form or other data, only to lose that data when they proceed to the next page and are redirected to a login screen.
This first example shows a very basic handler that will redirect the user to NAM’s logout page after an idle period. The script isn’t capable of reading the actual NAM idle timeout setting value, so you will need to specify the desired timeout (in milliseconds) in the script.
Analytics Injection Examples
A simpler case involves injecting a script to allow analytics. A common example is using Google Analytics to track application usage. The example value UA-11111111-1 would need to be replaced with the appropriate Google Analytics site identifier.
There are a few things to keep in mind when using these scripts.
- Since you can define your own <script> tag, you can reference external scripts as well as inject your own script blocks by including a src attribute.
- You can inject <style>, <link> and other tags besides just <script> tags.