Next: Internal structure
Up: Developer Guide for EDG
Previous: Example of a complete
The Authorization Filter is a javax.servlet.Filter that operates as a
coarse-grained authorization module for the protection of any Java servlet.
It is inserted in the servlet chain of a web application, in front of any
resource that requires authorization protection.
The filter examines every incoming servlet request. It extracts the client
certificate and the optional policy and role parameters.
It passes the subject DN of the certificate and any optional parameter to the
Authorization Manager, and receives back the result of the authorization
operation:
- In case of positive reply it includes in the servlet request a new
parameter that stores the value returned by the Authorization Manager.
Then it forwards the request to the next resource in the servlet chain.
- In case of negative reply it blocks and terminates the servlet request
and optionally sends back to the client some information explaining the
reason of the failure.
The filter also creates a SecurityContext, accessible through the SecurityInfo
interface, where it stores the following information:
- the client certificate chain
- the attribute requested by the client
- the Policy requested by the client
- the list of authorized attributes
Figure:
Authorization Filter in the servlet chain
3#3
|
Subsections
Next: Internal structure
Up: Developer Guide for EDG
Previous: Example of a complete
2004-07-02