JSON filtering

Airlock Gateway parses JSON (JavaScript Object Notation) objects in requests and allows filtering of JSON attributes with allow rules and deny rules. Arguments in JSON structures are treated in exactly the same way as normal HTTP parameters.

Generation of Airlock Gateway parameters from JSON objects

For a detailed description of the JSON object syntax please refer to json.org. If parsing of a JSON object fails due to illegal syntax, a message of type WR-SG-BLOCK-109-01 (JSON syntax error message) is written to the log. The log message indicates the position of the character for which parsing failed.

Here is an example of a simple JSON object representing a user:

{
  "firstName": "Simon",
  "lastName": "Smith",
  "age": 25,
  "address":
    { "streetAddress": "21 2nd Street", "city": "New York", "state": "NY", "postalCode": "10021" },
  "phoneNumber": [
    { "type": "home", "number": "212 555-1234" },
    { "type": "fax", "number": "646 555-4567" }
  ],
  "newSubscription": false,
  "companyName": null
}

Airlock Gateway automatically generates flattened parameters from object attributes. Parameter names start with "#json" and attribute names are separated by hashes (#). Entries in arrays are enumerated. Parameter values are generated from the trimmed strings of the original JSON record values.

For example, the following parameters are generated from the above user object:

Parameter Name

Parameter Value

#json#firstName

Simon

#json#lastName

Smith

#json#age

25

#json#address#streetAddress

21 2nd Street

#json#address#city

New York

#json#address#state

NY

#json#address#postalCode

10021

#json#phoneNumber#0#type

home

#json#phoneNumber#0#number

212 555-1234

#json#phoneNumber#1#type

fax

#json#phoneNumber#1#number

646 555-4567

#json#address#newSubscription

false

#json#address#companyName

null

Filtering of JSON attributes

The parameters generated from JSON objects are treated the same way as parameters from GET or POST requests. That is, JSON parameters must comply with allow and deny rule limitations.

Also, parameters generated from JSON objects can be excluded from filters, just as ordinary parameters. For instance, to exclude all phone numbers in the above object from a deny rule, add this parameter exception: ^#json#phonenumber#[[:digit:]]+#number$.

In addition every flattened parameter is counted as one parameter. This means that in this JSON example Airlock Gateway counts 13 parameters. Please check if the 'Max parameters' value in the allow rule is sufficient.