org.edg.security.authorization
Class SOAPOverHTTPAuthorizationHandler

java.lang.Object
  |
  +--org.apache.axis.handlers.BasicHandler
        |
        +--org.edg.security.authorization.SOAPOverHTTPAuthorizationHandler
All Implemented Interfaces:
org.apache.axis.Handler, java.io.Serializable

public class SOAPOverHTTPAuthorizationHandler
extends org.apache.axis.handlers.BasicHandler

The SOAPOverHTTPAuthorizationHandler is and AXIS handler that can be put in a request flow in front of an actual SOAP endpoint that needs authorization protection.

The AuthorizationManager is used for the authorization operation. The authorization result (a string) is stored in the MessageContext which is passed on to the service. The SecurityContext is updated as well, so it contains the complete list of all authorized attributes.

Currently, only the case of SOAP over HTTPS with client authentication is supported.

Configuration (Tomcat)
The handler is invoked by first defining a handler in the .wsdd file:

 <handler name="authzHandler"
     type="java:org.edg.security.SOAPOverHTTPAuthorizationHandler"/>
 </handler>
 
For the servlet in question, a request flow is defined:
 <service name="TestService" ...>
    <requestFlow>
        <handler type="authzHandler"/>
    </requestFlow>
    ...
 </service>
 
Supported handler parameters:
The configuration parameters for the SOAPOverHTTPAuthorizationHandler are specified in a separate file, passed as a servlet context parameter to the Handler.
Parameter "name"Parameter "value"
contextPathID Name of the context path of the web application
Log4jConfigFile Pathname of the configuration file for logging.
authzManagerConfig File containing the AuthorizationManager configuration.
authzManagerConfigElement The XML element in the file that contains the Authorization Manager configuration. If not defined, the root element is assumed.
authzManagerDefaultPolicy The Policy of Authorization Manager to be used by default by the handler. If null, the default Policy of Authorization Manager is used. This parameter is overridden by the SOAP header element containing the Policy requested by the client.
shortcutOnError "true" or "false". If the client is not properly authorized (for any reason), the handler shortcuts the request flow and returns an error to the SOAP requestor.
authzAttributeName The name of the SOAP header element containing the requested authorization attribute. Default is role.
authzAttributeNameSpace The name space of the SOAP header element containing the requested authorization attribute. Default is http://soap.edg.org/security/authorization.
authzPolicyName The name of the SOAP header element containing the requested authorization policy to use. Default is policy.
authzPolicyNameSpace The name space of the SOAP header element containing the requested authorization policy. Default is http://soap.edg.org/security/authorization.
authzVomsName The name of the VOMS header element. Default is voms.
authzVomsNameSpace The name space of the VOMS header element. Default is http://soap.edg.org/security/authorization.
authzContextName The name of the value in which to store the authorization result. Default is org.edg.data.securty.authorization.value
silent true or false. Controls the logging behavior of the handler. Default is false.
(Log message level configuration is controlled by the standard Log4J procedure.)

Author:
mulmo
See Also:
AuthorizationManager, BasicHandler, Serialized Form

Field Summary
protected  java.lang.String myAttributeHeader
           
protected  java.lang.String myAttributeHeaderNameSpace
           
protected  java.lang.String myAuthorizedValue
           
protected  java.lang.String myDefaultPolicy
           
protected  boolean myIsInitialized
           
protected  boolean myIsSilent
           
protected  java.lang.String myPolicyHeader
           
protected  java.lang.String myPolicyHeaderNameSpace
           
protected  java.lang.String myVomsHeader
           
protected  java.lang.String myVomsHeaderNameSpace
           
protected  boolean myWillShortcut
           
static java.lang.String theAttributeHeaderName
           
static java.lang.String theAttributeHeaderNameSpace
           
static java.lang.String theAuthorizedValue
           
static java.lang.String theAuthzManagerConfigElementParameter
           
static java.lang.String theAuthzManagerConfigParameter
           
static java.lang.String theAuthzManagerDefaultPolicyParameter
           
protected static org.apache.log4j.Logger theLogger
           
static java.lang.String thePolicyHeaderName
           
static java.lang.String thePolicyHeaderNameSpace
           
static java.lang.String theSilentFlag
           
static java.lang.String theVomsHeaderName
           
static java.lang.String theVomsHeaderNameSpace
           
static java.lang.String theWillShortCutConfigParameter
           
 
Fields inherited from class org.apache.axis.handlers.BasicHandler
log, makeLockable, name, options
 
Constructor Summary
SOAPOverHTTPAuthorizationHandler()
          Constructor for SOAPOverHTTPAuthorizationHandler.
 
Method Summary
protected  java.lang.String getHeaderValue(org.apache.axis.MessageContext mc, java.lang.String ns, java.lang.String name, java.lang.String defaultValue)
          Convenience method to extract a value from an optional SOAP header or return default value if empty or non-existent.
 void init()
           
 void invoke(org.apache.axis.MessageContext mc)
          Authorizes the authenticated user by using the user's credential(s) along with any information specified in the 'policy' and 'role' SOAP headers.
 
Methods inherited from class org.apache.axis.handlers.BasicHandler
canHandleBlock, cleanup, generateWSDL, getDeploymentData, getName, getOption, getOptions, getUnderstoodHeaders, initHashtable, onFault, setName, setOption, setOptionDefault, setOptions, setOptionsLockable
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

theAuthzManagerConfigParameter

public static final java.lang.String theAuthzManagerConfigParameter
See Also:
Constant Field Values

theAuthzManagerConfigElementParameter

public static final java.lang.String theAuthzManagerConfigElementParameter
See Also:
Constant Field Values

theAuthzManagerDefaultPolicyParameter

public static final java.lang.String theAuthzManagerDefaultPolicyParameter
See Also:
Constant Field Values

theWillShortCutConfigParameter

public static final java.lang.String theWillShortCutConfigParameter
See Also:
Constant Field Values

theAttributeHeaderNameSpace

public static final java.lang.String theAttributeHeaderNameSpace
See Also:
Constant Field Values

theAttributeHeaderName

public static final java.lang.String theAttributeHeaderName
See Also:
Constant Field Values

thePolicyHeaderNameSpace

public static final java.lang.String thePolicyHeaderNameSpace
See Also:
Constant Field Values

thePolicyHeaderName

public static final java.lang.String thePolicyHeaderName
See Also:
Constant Field Values

theVomsHeaderNameSpace

public static final java.lang.String theVomsHeaderNameSpace
See Also:
Constant Field Values

theVomsHeaderName

public static final java.lang.String theVomsHeaderName
See Also:
Constant Field Values

theAuthorizedValue

public static final java.lang.String theAuthorizedValue
See Also:
Constant Field Values

theSilentFlag

public static final java.lang.String theSilentFlag
See Also:
Constant Field Values

theLogger

protected static org.apache.log4j.Logger theLogger

myIsInitialized

protected boolean myIsInitialized

myWillShortcut

protected boolean myWillShortcut

myIsSilent

protected boolean myIsSilent

myAttributeHeaderNameSpace

protected java.lang.String myAttributeHeaderNameSpace

myAttributeHeader

protected java.lang.String myAttributeHeader

myPolicyHeaderNameSpace

protected java.lang.String myPolicyHeaderNameSpace

myPolicyHeader

protected java.lang.String myPolicyHeader

myVomsHeaderNameSpace

protected java.lang.String myVomsHeaderNameSpace

myVomsHeader

protected java.lang.String myVomsHeader

myDefaultPolicy

protected java.lang.String myDefaultPolicy

myAuthorizedValue

protected java.lang.String myAuthorizedValue
Constructor Detail

SOAPOverHTTPAuthorizationHandler

public SOAPOverHTTPAuthorizationHandler()
Constructor for SOAPOverHTTPAuthorizationHandler. Does nothing.

See Also:
init()
Method Detail

init

public void init()
Specified by:
init in interface org.apache.axis.Handler
Overrides:
init in class org.apache.axis.handlers.BasicHandler
See Also:
Handler.init()

getHeaderValue

protected java.lang.String getHeaderValue(org.apache.axis.MessageContext mc,
                                          java.lang.String ns,
                                          java.lang.String name,
                                          java.lang.String defaultValue)
                                   throws org.apache.axis.AxisFault
Convenience method to extract a value from an optional SOAP header or return default value if empty or non-existent.

org.apache.axis.AxisFault

invoke

public void invoke(org.apache.axis.MessageContext mc)
            throws org.apache.axis.AxisFault
Authorizes the authenticated user by using the user's credential(s) along with any information specified in the 'policy' and 'role' SOAP headers.

If successful, sets the resulting authorization value (a string) in the MessageContext. Otherwise throws an error provided shortcutOnError is set to true,

Specified by:
invoke in interface org.apache.axis.Handler
Specified by:
invoke in class org.apache.axis.handlers.BasicHandler
org.apache.axis.AxisFault
See Also:
Handler.invoke(MessageContext)