next up previous
Next: Internal structure Up: Developer Guide for EDG Previous: Example of a complete

Axis Authorization Handler

The Axis Authorization Handler is a org.apache.axis.Handler that operates as a coarse-grained authorization module for the protection of any Axis web service. It is inserted in the request flow of a web application, in front of any resource that requires authorization protection.

The handler examines every incoming SOAP request. It extracts the client certificate and the optional policy and role parameters. It passes the subject DN of the certificate and any optional parameter to the Authorization Manager, and receives back the result of the authorization operation:

The handler also creates a SecurityContext, accessible through the SecurityInfo interface, where it stores the following information:

Figure: Axis Authorization Handler in the request flow
4#4



Subsections
next up previous
Next: Internal structure Up: Developer Guide for EDG Previous: Example of a complete
2004-05-05