Next: Authorization Manager configuration file
Up: Server side
Previous: Web service definition
Generate a configuration file for the Authorization Filter starting from
AuthorizationFilterConfig.txt.template.
Most of the parameters are optional and their default values are used. These
parameters are commented (preceded by a #) in the template.
To assign a value to an optional parameter uncomment the corresponding line
and add the desired value.
- authzManagerConfig: substitute the variable
@AUTHORIZATION.MANAGER.CONFIG.FILE@ with the pathname of the configuration
file for the Authorization Manager; three templates of this file are provided
and they are explained in the next section.
- authzManagerConfigElement: indicate the name of the XML element in the
Authorization Manager configuration file that contains the Authorization
Manager definition. Default value is `null', meaning the root element.
- log4jConfigFile: indicate the pathname of the configuration file to be
used by log4j. The value
`/opt/edg/etc/edg-java-security/log4j-authorization.properties' is provided
in this template.
- IsSilent: indicate if the amount of log information must be
very small. Default value is `no'.
- DefaultPolicy: indicate the name of the Policy defined in the
Authorization Manager to be used by default by the Authorization Filter.
Default value is `null'.
- RoleParameterName: indicate the name of the parameter of the
servlet request that contains the role requested by the client.
Default value is `user_role'.
- PolicyParameterName: indicate the name of the parameter of the
servlet request that contains the Policy requested by the client.
Default value is `auth_policy'.
- DeniedURLParameter: indicate the name of the parameter of the
servlet request that is reserved for the Authorization Filter to
store the result of the authorization decision. If such a
parameter is already used in the servlet request the Authorization
Filter blocks and terminates the request.
Default value is `connection'.
- FailureFormat: indicate the syntax of the response to
send back to the client in case of failed authorization.
Default value is `HTTP'. The only other acceptable value is `XML'.
- RequestWrapperClass: indicate the name of the Java class to be used for
the manipulation of the servlet request, specifically to insert the parameter
containing the result of the authorization decision. Default value is
`org.edg.security.authorization.ServletRequestWrapper'.
- AuthorizedRole: indicate the role authorized to change the
configuration of the Authorization Manager. Default value is "Administrator".
- AuthorizedPolicy: indicate the policy used to authorize the user who
wants to change the configuration of the Authorization Manager. Default
value is "adminPolicy".
Next: Authorization Manager configuration file
Up: Server side
Previous: Web service definition
2004-05-05