Next: Internal structure
Up: Developer Guide for EDG
Previous: Example of a complete
The Axis Authorization Handler is a org.apache.axis.Handler that
operates as a coarse-grained authorization module for the protection of any
Axis web service. It is inserted in the request flow of a web application, in
front of any resource that requires authorization protection.
The handler examines every incoming SOAP request. It extracts the client
certificate and the optional policy and role parameters.
It passes the subject DN of the certificate and any optional parameter to the
Authorization Manager, and receives back the result of the authorization
operation:
- In case of positive reply it includes in the MessageContext a new
property that stores the value returned by the Authorization Manager.
Then it forwards the SOAP request to the next resource in the request flow.
- In case of negative reply it blocks and terminates the SOAP request
by throwing an AxisFault exception and returning an error to the SOAP
requester.
The handler also creates a SecurityContext, accessible through the
SecurityInfo interface, where it stores the following information:
- the client certificate chain
- the attribute requested by the client
- the Policy requested by the client
- the VOMS extension of the client proxy certificate
- the list of authorized attributes
Figure:
Axis Authorization Handler in the request flow
4#4
|
Subsections
Next: Internal structure
Up: Developer Guide for EDG
Previous: Example of a complete
2004-05-05