Restrictions header-based (several header values)

A list of restrictions that can be used to extend the pure role-based authentication. HTTP-Header values are associated with internal keys.

Those keys, i.e. VALUE=RESTRICTION(KEY), can be used in User Management for the definition of attributive filters that are resolved by WebOffice at run-time with respect to the current user.



These header-based PVP restrictions (which are configured in the application configuration) differ from the restrictions that can be passed in a single header value/roles attribute. In this case, see chapter Restrictions in header value/roles attribute.


Authentifizierungstyp PVP Restriction headerbasiert - Konfiguration

Authentifizierungstyp PVP Restriction headerbasiert - Konfiguration




HTTP Header Name

HTTP header name

Restriction Key

Name of the key to be associated with the Header-Value. This key can be used in user management for the definition of dynamic attributive filters, i.e. VALUE=RESTRICTION(KEY)

Configuration PVP Restriction header-based


In the sample above it would be possible to configure the following attributive filter in  UserManagement Admin Web:


If the corresponding portal page sets the header attribute X-AUTHENTICATE-participantID with the value Austria to WebOffice 10.9 SP1, the attributive filter

Land_Name="Austria" would be effective.



Round parentheses in PVP roles header-based are supported.