SOAP Authorization Policy


This policy is nearly identical to our Authorization Policy, with the exception that it accepts a SOAPAction in the HTTP header. Please note that this policy will only accept a single SOAPAction header, and will not extract the operation name from the SOAP body.


	"groupId": "io.apiman.plugins",
	"artifactId": "apiman-plugins-soap-authorization-policy",
	"version": "3.1.3.Final"


Just as with the Authorization policy, you can define any number of rules you’d like.

  • rules (array) : A single rule that your policy will apply if each of the following properties match:

    • action (string) : Defines the SOAPAction you’d like the policy to be applicable to.

    • role (string) : The role the user must have if this pattern matches the request.

  • multiMatch (boolean) : Should the request pass when any or all of the authorization rules pass? Set to true if all rules must match, false if only one rule must match.

  • requestUnmatched (boolean) : If the request does not match any of the authorization rules, should it pass or fail? Set to true if you want the policy to pass when no rules are matched.

Sample Configuration

   "rules" : [
   		"action": "hello",
   		"role": "admin"
   		"action": "goodbye",
   		"role": "user"
   "multiMatch": true,
   "requestUnmatched": false