Whitelist Addresses

The web proxy component of the CMIS sample can connect only to those destinations that are specified in the cmisproxyconfig.properties file. These permitted addresses are referred to as "whitelist" addresses.

In the file you can specify both whitelist URLs and whitelist domains. Either may be HTTP or HTTPS addresses. A destination address must match a whitelist URL exactly, including any query string or other parameters that form part of it, in order to be accepted. If it does not match, the destination is then compared to the defined whitelist domains to see if it matches any of those.

For example, if the configuration file contains the following:

whiteListUrls=http://targetdomain:80/docsite/repo1/report2012?id=B2734, http://targetdomain:80/docsite/repo1/report2012?id=D19

whiteListDomains=http://anotherdomain:80/docsite

then:

  • A call to http://targetdomain:80/docsite/repo1/report2012?id=D19 succeeds.
  • A call to http://targetdomain:80/docsite/repo1/report2012 fails, because it does not exactly match any defined whiteListUrl. It is then checked against the whiteListDomains list, and fails there as well.
  • A call to http://anotherdomain:8080/docsite/repo1/report2012?id=D19 is checked against whiteListUrls and fails. It is then checked against whiteListDomains, and accepted.