org.edg.security.voms.service
Class InitSecurityContext

java.lang.Object
  |
  +--org.apache.axis.handlers.BasicHandler
        |
        +--org.edg.security.voms.service.InitSecurityContext
All Implemented Interfaces:
org.apache.axis.Handler, java.io.Serializable

public class InitSecurityContext
extends org.apache.axis.handlers.BasicHandler

The InitSecurityContext is and AXIS handler that can be put in a request flow in front of an actual SOAP endpoint that it initializes the SecurityContext.

Currently, only the case of SOAP over HTTPS with client authentication is supported.

Configuration (Tomcat)
The handler is invoked by first defining a handler in the .wsdd file:

 <handler name="initSC"
     type="java:org.edg.security.voms.service.InitSecurityContext">
 </handler>
 
For the servlet in question, a request flow is the defined:
 <service name="TestService" ...>
    <requestFlow>
        <handler type="initSC"/>
    </requestFlow>
    ...
 </service>
 

Author:
mulmo
See Also:
Serialized Form

Field Summary
protected static org.apache.log4j.Logger log
           
 
Fields inherited from class org.apache.axis.handlers.BasicHandler
makeLockable, name, options
 
Constructor Summary
InitSecurityContext()
           
 
Method Summary
static void initClearSC()
          Initialize a clear security context, which will fail on all security checks.
static void initLocalSC()
          Initialize and set local admin's security context.
static void initSC(javax.servlet.ServletRequest req)
          Sets up the client's credentials.
 void invoke(org.apache.axis.MessageContext mc)
          Initializes the SecurityContext from a MessageContext.
static void setDelegatedSC(java.lang.String delegatedDN, java.lang.String delegatedCA)
          Initialize and set delegated admin's security context.
 
Methods inherited from class org.apache.axis.handlers.BasicHandler
canHandleBlock, cleanup, generateWSDL, getDeploymentData, getName, getOption, getOptions, getUnderstoodHeaders, init, initHashtable, onFault, setName, setOption, setOptionDefault, setOptions, setOptionsLockable
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

protected static org.apache.log4j.Logger log
Constructor Detail

InitSecurityContext

public InitSecurityContext()
Method Detail

invoke

public void invoke(org.apache.axis.MessageContext mc)
            throws org.apache.axis.AxisFault
Initializes the SecurityContext from a MessageContext.

Specified by:
invoke in interface org.apache.axis.Handler
Specified by:
invoke in class org.apache.axis.handlers.BasicHandler
org.apache.axis.AxisFault
See Also:
Handler.invoke(MessageContext)

initSC

public static void initSC(javax.servlet.ServletRequest req)
Sets up the client's credentials. This method sets the current org.edg.java.security.info.SecurityContext to a new instance and initializes it from the client's certificate. It also sets the remote IP address property.

If the certificate is invalid, or there is some other problem with the client's credentials, then the distinguished name and CA will be set to null, unless the client is from localhost and the configuration option voms.localhost.defaults.to.local.admin is true. In this latter case, the credentials will be set to that of the Local Database Administrator.


setDelegatedSC

public static void setDelegatedSC(java.lang.String delegatedDN,
                                  java.lang.String delegatedCA)
                           throws VOMSSecurityException
Initialize and set delegated admin's security context. This method should only be used in restricted cases, because it effectively overrides the credentials with user supplied values!
To make it as safe as possible one has to configure the voms.fully.trusted.client.for.delegation.dn and voms.fully.trusted.client.for.delegation.ca values to enable this functionality for one trusted service.
Enabling this feature is the equivalent of giving the database password and link to the remote service. Use with care, and only if you really know what you are doing!

VOMSSecurityException

initLocalSC

public static void initLocalSC()
Initialize and set local admin's security context.


initClearSC

public static void initClearSC()
Initialize a clear security context, which will fail on all security checks. It is intended for non-authenticated requests.