Next: Authorization Manager configuration file
Up: Installation of Axis Authorization
Previous: Web service definition
Edit the file @WEBAPP.LOCATION@/WEB-INF/server-config.wsdd and insert
in the <requestFlow> section of the web service requiring
authorization protection the following:
<requestFlow>
<handler type="java:org.edg.security.authorization.SOAPOverHTTPAuthorizationHandler"/>
</requestFlow>
Generate a configuration file for the Axis Authorization Handler starting from
AxisAuthorizationHandlerConfig.txt.template.
Most of the parameters are optional and their default values are used. These
parameters are commented (preceded by a #) in the template. To assign a value
to an optional parameter uncomment the corresponding line and add the desired
value.
- authzManagerConfig: substitute the variable
@AUTHORIZATION.MANAGER.CONFIG.FILE@ with the pathname of the configuration
file for the Authorization Manager; three templates of this file are provided
and they are explained in the next section.
- authzManagerConfigElement: indicate the name of the XML element in the
Authorization Manager configuration file that contains the Authorization
Manager definition. Default value is `null', meaning the root element.
- log4jConfigFile: indicate the pathname of the configuration file to be
used by log4j. The value
`/opt/edg/etc/edg-java-security/log4j-authorization.properties' is provided
in this template.
- silent: indicate if the amount of log information must be very small.
Default value is `false'.
- defaultPolicy: indicate the name of the Policy defined in the
Authorization Manager to be used by default by the Authorization Handler.
Default value is `null'.
- shortcutOnError: indicate if any request that fail the authorization
must be blocked and terminated. Default value is `true'.
- authzAttributeNameSpace: indicate the name space of the SOAP header
containing the attribute requested by the client. Default value is
`http://soap.edg.org/security/authorization'.
- authzAttributeName: indicate the name of the SOAP header containing the
attribute requested by the client. Default value is `role'.
- authzPolicyNameSpace: indicate the name space of the SOAP header
containing the Policy requested by the client. Default value is
`http://soap.edg.org/security/authorization'.
- authzPolicyName: indicate the name of the SOAP header containing the
Policy requested by the client. Default value is `policy'.
- authzVomsNameSpace: indicate the name space of the SOAP header
containing the client VOMS header. Default value is
`http://soap.edg.org/security/authorization'.
- authzVomsName: indicate the name of the SOAP header containing the
client VOMS header. Default value is `voms'.
- authzContextName: indicate the name of the property of the
MessageContext in which the authorized attribute is stored. Default value is
`org.edg.security.authorization.value'.
- AuthorizedRole: indicate the role authorized to change the
configuration of the Authorization Manager. Default value is "Administrator".
- AuthorizedPolicy: indicate the policy used to authorize the user who
wants to change the configuration of the Authorization Manager. Default
value is "adminPolicy".
Subsections
Next: Authorization Manager configuration file
Up: Installation of Axis Authorization
Previous: Web service definition
2004-05-05