142 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
If the environment results in client-side-generated links that point to resources
across multiple junctions, the Referer header method for modifying URLs will not
be reliable.
4.5.4 The challenges of URL filtering
WebSEAL acts as a single host Web server. To allow WebSEAL to protect many
back-end Web servers, and still act as a single host server, WebSEAL merges all
of the back-end server document spaces into a single document space. For
successful communication across junctions, WebSEAL must filter absolute and
server-relative URLs in HTML response documents returned from the protected
Web servers so that the URLs are correct when viewed as a part of WebSEALs
single host document space. The junction feature of WebSEAL changes the
server and path information that must be used to access resources on junctioned
back-end systems. A link to a resource on a back-end junctioned server can only
succeed if the URL contains the identity of the junction.
WebSEAL supports a number of solutions for filtering and processing URLs
returned in responses from back-end junctioned application servers. In all cases,
these solutions require WebSEAL to parse the HTML content in search of the
URLs. Because HTML is an evolving and complex specification, parsing HTML is
equally complex.
To overcome those and some other problems, Access Manager 6.0 introduced
two new type of junctions:
򐂰 Virtual host junction
򐂰 Transparent path junction
4.6 Virtual host junction
WebSEAL supports virtual hosting and, through virtual host junctions, can
eliminate the limitations of URL filtering. The term
virtual hosting refers to the
practice of maintaining more than one server on one machine, as differentiated
by their apparent hostnames. Virtual hosting allows you to run multiple Web
services, each with a different host name and URL, that appear to be completely
separate sites.
Virtual host junctions allow WebSEAL to communicate with local or remote
virtual hosts. WebSEAL uses the HTTP Host header in client requests to direct
those requests to the appropriate document spaces located on junctioned
servers or on the local machine. Access to resources using virtual hosting is
possible because the HTTP 1.1 specification requires client browsers to include,
in any request, the HTTP Host header. The Host header contains the host name

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.